diff --git a/Cargo.lock b/Cargo.lock index b33db98a..14d9b3c3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2305,7 +2305,7 @@ dependencies = [ [[package]] name = "monero" version = "0.12.0" -source = "git+https://github.com/comit-network/monero-rs?rev=fee1f7054a4b8500dcf7867ebd1b9e7f693cd566#fee1f7054a4b8500dcf7867ebd1b9e7f693cd566" +source = "git+https://github.com/comit-network/monero-rs?rev=2fe0280c5c8a6fadcd8fed780875e1a9e830e57e#2fe0280c5c8a6fadcd8fed780875e1a9e830e57e" dependencies = [ "base58-monero", "clear_on_drop", diff --git a/Cargo.toml b/Cargo.toml index c44f3aaf..2ed758a6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,6 +3,6 @@ members = ["monero-adaptor", "monero-harness", "monero-rpc", "swap", "monero-wal [patch.crates-io] torut = { git = "https://github.com/bonomat/torut/", branch = "feature-flag-tor-secret-keys", default-features = false, features = [ "v3", "control" ] } -monero = { git = "https://github.com/comit-network/monero-rs", rev = "fee1f7054a4b8500dcf7867ebd1b9e7f693cd566" } +monero = { git = "https://github.com/comit-network/monero-rs", rev = "2fe0280c5c8a6fadcd8fed780875e1a9e830e57e" } monero-epee-bin-serde = { git = "https://github.com/comit-network/monero-epee-bin-serde" } curve25519-dalek = { git = "https://github.com/thomaseizinger/curve25519-dalek", rev = "8cc9ad36bd30ceab6073ff64655473c6b5aa4aab" } diff --git a/monero-adaptor/src/alice.rs b/monero-adaptor/src/alice.rs index 9d4a5dc3..e31042b7 100644 --- a/monero-adaptor/src/alice.rs +++ b/monero-adaptor/src/alice.rs @@ -43,9 +43,7 @@ impl Alice0 { rng: &mut (impl Rng + CryptoRng), ) -> anyhow::Result { let mut fake_responses = [Scalar::zero(); 10]; - for response in fake_responses.iter_mut().take(10) { - *response = Scalar::random(rng); - } + fake_responses.fill_with(|| Scalar::random(rng)); let alpha_a = Scalar::random(rng); let p_k = ring[0]; @@ -92,7 +90,7 @@ impl Alice0 { .verify(ED25519_BASEPOINT_POINT, msg.T_b, self.H_p_pk, msg.I_hat_b)?; let I = self.I_a + msg.I_b; - let sig = monero::clsag::sign( + let (sig, stupid_constant) = monero::clsag::sign( &self.msg, self.s_prime_a, 0, @@ -109,10 +107,9 @@ impl Alice0 { ); let sig = HalfAdaptorSignature { - s_0_half: sig.s[0], - fake_responses: self.fake_responses, - h_0: sig.c1, - D: sig.D, + inner: sig, + signing_kex_index: 0, + stupid_constant, }; Ok(Alice1 { @@ -139,7 +136,7 @@ impl Alice1 { pub fn next_message(&self) -> Message2 { Message2 { d_a: Opening::new(self.fake_responses, self.I_a, self.I_hat_a, self.T_a), - s_0_a: self.sig.s_0_half, + s_0_a: self.sig.s_half(), } } diff --git a/monero-adaptor/src/bob.rs b/monero-adaptor/src/bob.rs index c0b4c6b5..a7f4d84f 100644 --- a/monero-adaptor/src/bob.rs +++ b/monero-adaptor/src/bob.rs @@ -126,7 +126,7 @@ impl Bob1 { .verify(ED25519_BASEPOINT_POINT, T_a, self.H_p_pk, I_hat_a)?; let I = I_a + self.I_b; - let sig = monero::clsag::sign( + let (sig, stupid_constant) = monero::clsag::sign( &self.msg, self.s_b, 0, @@ -142,13 +142,12 @@ impl Bob1 { I, ); - let s_0_b = sig.s[0]; let sig = HalfAdaptorSignature { - s_0_half: s_0_b, - fake_responses, - h_0: sig.c1, - D: sig.D, + inner: sig, + signing_kex_index: 0, + stupid_constant, }; + let s_0_b = sig.s_half(); let adaptor_sig = sig.complete(msg.s_0_a); Ok(Bob2 { s_0_b, adaptor_sig }) diff --git a/monero-adaptor/src/lib.rs b/monero-adaptor/src/lib.rs index 1de22d45..3bf370f2 100644 --- a/monero-adaptor/src/lib.rs +++ b/monero-adaptor/src/lib.rs @@ -14,47 +14,44 @@ pub use self::bob::*; pub use self::commitment::*; pub use self::messages::*; -use curve25519_dalek::edwards::EdwardsPoint; use curve25519_dalek::scalar::Scalar; use monero::util::ringct::Clsag; pub struct AdaptorSignature { - s_0: Scalar, - fake_responses: [Scalar; 10], - h_0: Scalar, - /// Commitment key image `D = z * hash_to_p3(signing_public_key)` - D: EdwardsPoint, + inner: Clsag, + signing_kex_index: usize, } pub struct HalfAdaptorSignature { - s_0_half: Scalar, - fake_responses: [Scalar; 10], - h_0: Scalar, - /// Commitment key image `D = z * hash_to_p3(signing_public_key)` - D: EdwardsPoint, + inner: Clsag, + signing_kex_index: usize, + stupid_constant: Scalar, } impl HalfAdaptorSignature { fn complete(self, s_other_half: Scalar) -> AdaptorSignature { + let mut sig = self.inner; + let signing_kex_index = self.signing_kex_index; + + sig.s[signing_kex_index] += s_other_half; + sig.s[signing_kex_index] += self.stupid_constant; + AdaptorSignature { - s_0: self.s_0_half + s_other_half, - fake_responses: self.fake_responses, - h_0: self.h_0, - D: self.D, + inner: sig, + signing_kex_index, } } + + fn s_half(&self) -> Scalar { + self.inner.s[self.signing_kex_index] + } } impl AdaptorSignature { pub fn adapt(self, y: Scalar) -> Clsag { - let r_last = self.s_0 + y; + let mut sig = self.inner; + sig.s[self.signing_kex_index] += y; - Clsag { - s: std::iter::once(r_last) - .chain(self.fake_responses.iter().copied()) - .collect(), - D: self.D, - c1: self.h_0, - } + sig } } diff --git a/monero-adaptor/tests/protocol.rs b/monero-adaptor/tests/protocol.rs index eaac3ea1..e83b9f0f 100644 --- a/monero-adaptor/tests/protocol.rs +++ b/monero-adaptor/tests/protocol.rs @@ -1,3 +1,5 @@ +#![allow(non_snake_case)] + use curve25519_dalek::constants::ED25519_BASEPOINT_POINT; use curve25519_dalek::scalar::Scalar; use hash_edwards_to_edwards::hash_point_to_point;