mirror of
https://github.com/comit-network/xmr-btc-swap.git
synced 2025-01-25 06:36:44 -05:00
Use Cow to compress EdwardsPoint on the fly in hash function
This allows us to pass EdwardsPoint to hash_to_scalar without compressing them a priori. As a result, we can remove a bunch of intermediary variables.
This commit is contained in:
parent
06f1ada2b1
commit
87ca636ddb
@ -29,37 +29,16 @@ pub fn sign(
|
|||||||
let D_inv_8 = D * INV_EIGHT;
|
let D_inv_8 = D * INV_EIGHT;
|
||||||
let ring = Ring::new(ring);
|
let ring = Ring::new(ring);
|
||||||
let commitment_ring = Ring::new(commitment_ring);
|
let commitment_ring = Ring::new(commitment_ring);
|
||||||
let compressed_pseudo_output_commitment = pseudo_output_commitment.compress();
|
|
||||||
let L_0 = L_0.compress();
|
|
||||||
let R_0 = R_0.compress();
|
|
||||||
let compressed_I = I.compress();
|
|
||||||
let H_p_pk = H_p_pk.compress();
|
|
||||||
|
|
||||||
let mu_P = hash_to_scalar!(
|
let mu_P = hash_to_scalar!(
|
||||||
b"CLSAG_agg_0"
|
b"CLSAG_agg_0" || ring || commitment_ring || I || H_p_pk || pseudo_output_commitment
|
||||||
|| ring
|
|
||||||
|| commitment_ring
|
|
||||||
|| compressed_I
|
|
||||||
|| H_p_pk
|
|
||||||
|| compressed_pseudo_output_commitment
|
|
||||||
);
|
);
|
||||||
let mu_C = hash_to_scalar!(
|
let mu_C = hash_to_scalar!(
|
||||||
b"CLSAG_agg_1"
|
b"CLSAG_agg_1" || ring || commitment_ring || I || H_p_pk || pseudo_output_commitment
|
||||||
|| ring
|
|
||||||
|| commitment_ring
|
|
||||||
|| compressed_I
|
|
||||||
|| H_p_pk
|
|
||||||
|| compressed_pseudo_output_commitment
|
|
||||||
);
|
);
|
||||||
|
|
||||||
let h_0 = hash_to_scalar!(
|
let h_0 = hash_to_scalar!(
|
||||||
b"CLSAG_round"
|
b"CLSAG_round" || ring || commitment_ring || pseudo_output_commitment || msg || L_0 || R_0
|
||||||
|| ring
|
|
||||||
|| commitment_ring
|
|
||||||
|| compressed_pseudo_output_commitment
|
|
||||||
|| msg
|
|
||||||
|| L_0
|
|
||||||
|| R_0
|
|
||||||
);
|
);
|
||||||
|
|
||||||
let h_last = fake_responses
|
let h_last = fake_responses
|
||||||
@ -69,14 +48,14 @@ pub fn sign(
|
|||||||
let pk_i = ring[i + 1];
|
let pk_i = ring[i + 1];
|
||||||
let adjusted_commitment_i = commitment_ring[i] - pseudo_output_commitment;
|
let adjusted_commitment_i = commitment_ring[i] - pseudo_output_commitment;
|
||||||
|
|
||||||
let L_i = compute_L(h_prev, mu_P, mu_C, *s_i, pk_i, adjusted_commitment_i).compress();
|
let L_i = compute_L(h_prev, mu_P, mu_C, *s_i, pk_i, adjusted_commitment_i);
|
||||||
let R_i = compute_R(h_prev, mu_P, mu_C, pk_i, *s_i, I, D_inv_8).compress();
|
let R_i = compute_R(h_prev, mu_P, mu_C, pk_i, *s_i, I, D_inv_8);
|
||||||
|
|
||||||
hash_to_scalar!(
|
hash_to_scalar!(
|
||||||
b"CLSAG_round"
|
b"CLSAG_round"
|
||||||
|| ring
|
|| ring
|
||||||
|| commitment_ring
|
|| commitment_ring
|
||||||
|| compressed_pseudo_output_commitment
|
|| pseudo_output_commitment
|
||||||
|| msg
|
|| msg
|
||||||
|| L_i
|
|| L_i
|
||||||
|| R_i
|
|| R_i
|
||||||
@ -116,25 +95,13 @@ pub fn verify(
|
|||||||
) -> bool {
|
) -> bool {
|
||||||
let ring = Ring::new(ring);
|
let ring = Ring::new(ring);
|
||||||
let commitment_ring = Ring::new(commitment_ring);
|
let commitment_ring = Ring::new(commitment_ring);
|
||||||
let compressed_pseudo_output_commitment = pseudo_output_commitment.compress();
|
let I = sig.I;
|
||||||
let I = sig.I.compress();
|
|
||||||
let H_p_pk = H_p_pk.compress();
|
|
||||||
|
|
||||||
let mu_P = hash_to_scalar!(
|
let mu_P = hash_to_scalar!(
|
||||||
b"CLSAG_agg_0"
|
b"CLSAG_agg_0" || ring || commitment_ring || I || H_p_pk || pseudo_output_commitment
|
||||||
|| ring
|
|
||||||
|| commitment_ring
|
|
||||||
|| I
|
|
||||||
|| H_p_pk
|
|
||||||
|| compressed_pseudo_output_commitment
|
|
||||||
);
|
);
|
||||||
let mu_C = hash_to_scalar!(
|
let mu_C = hash_to_scalar!(
|
||||||
b"CLSAG_agg_1"
|
b"CLSAG_agg_1" || ring || commitment_ring || I || H_p_pk || pseudo_output_commitment
|
||||||
|| ring
|
|
||||||
|| commitment_ring
|
|
||||||
|| I
|
|
||||||
|| H_p_pk
|
|
||||||
|| compressed_pseudo_output_commitment
|
|
||||||
);
|
);
|
||||||
|
|
||||||
let mut h = sig.h_0;
|
let mut h = sig.h_0;
|
||||||
@ -143,14 +110,14 @@ pub fn verify(
|
|||||||
let pk_i = ring[(i + 1) % RING_SIZE];
|
let pk_i = ring[(i + 1) % RING_SIZE];
|
||||||
let adjusted_commitment_i = commitment_ring[i] - pseudo_output_commitment;
|
let adjusted_commitment_i = commitment_ring[i] - pseudo_output_commitment;
|
||||||
|
|
||||||
let L_i = compute_L(h, mu_P, mu_C, *s_i, pk_i, adjusted_commitment_i).compress();
|
let L_i = compute_L(h, mu_P, mu_C, *s_i, pk_i, adjusted_commitment_i);
|
||||||
let R_i = compute_R(h, mu_P, mu_C, pk_i, *s_i, sig.I, sig.D).compress();
|
let R_i = compute_R(h, mu_P, mu_C, pk_i, *s_i, sig.I, sig.D);
|
||||||
|
|
||||||
h = hash_to_scalar!(
|
h = hash_to_scalar!(
|
||||||
b"CLSAG_round"
|
b"CLSAG_round"
|
||||||
|| ring
|
|| ring
|
||||||
|| commitment_ring
|
|| commitment_ring
|
||||||
|| compressed_pseudo_output_commitment
|
|| pseudo_output_commitment
|
||||||
|| msg
|
|| msg
|
||||||
|| L_i
|
|| L_i
|
||||||
|| R_i
|
|| R_i
|
||||||
|
@ -1,16 +1,17 @@
|
|||||||
use crate::ring::Ring;
|
use crate::ring::Ring;
|
||||||
use curve25519_dalek::edwards::CompressedEdwardsY;
|
use curve25519_dalek::edwards::{CompressedEdwardsY, EdwardsPoint};
|
||||||
|
use std::borrow::Cow;
|
||||||
|
|
||||||
macro_rules! hash_to_scalar {
|
macro_rules! hash_to_scalar {
|
||||||
($($e:tt) || +) => {
|
($($e:tt) || +) => {
|
||||||
{
|
{
|
||||||
use crate::macros::AsByteSlice as _;
|
use crate::macros::ToCowBytes as _;
|
||||||
use tiny_keccak::Hasher as _;
|
use tiny_keccak::Hasher as _;
|
||||||
|
|
||||||
let mut hasher = tiny_keccak::Keccak::v256();
|
let mut hasher = tiny_keccak::Keccak::v256();
|
||||||
|
|
||||||
$(
|
$(
|
||||||
hasher.update($e.as_byte_slice());
|
hasher.update($e.to_cow_bytes().as_ref());
|
||||||
)+
|
)+
|
||||||
|
|
||||||
let mut hash = [0u8; 32];
|
let mut hash = [0u8; 32];
|
||||||
@ -21,36 +22,44 @@ macro_rules! hash_to_scalar {
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(crate) trait AsByteSlice {
|
type CowBytes<'a> = Cow<'a, [u8]>;
|
||||||
fn as_byte_slice(&self) -> &[u8];
|
|
||||||
|
pub(crate) trait ToCowBytes {
|
||||||
|
fn to_cow_bytes(&self) -> CowBytes<'_>;
|
||||||
}
|
}
|
||||||
|
|
||||||
impl AsByteSlice for CompressedEdwardsY {
|
impl ToCowBytes for CompressedEdwardsY {
|
||||||
fn as_byte_slice(&self) -> &[u8] {
|
fn to_cow_bytes(&self) -> CowBytes<'_> {
|
||||||
self.0.as_ref()
|
CowBytes::Borrowed(self.0.as_ref())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl AsByteSlice for Vec<u8> {
|
impl ToCowBytes for EdwardsPoint {
|
||||||
fn as_byte_slice(&self) -> &[u8] {
|
fn to_cow_bytes(&self) -> CowBytes<'_> {
|
||||||
self.as_ref()
|
CowBytes::Owned(self.compress().0.to_vec())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<const N: usize> AsByteSlice for [u8; N] {
|
impl ToCowBytes for Vec<u8> {
|
||||||
fn as_byte_slice(&self) -> &[u8] {
|
fn to_cow_bytes(&self) -> CowBytes<'_> {
|
||||||
self.as_ref()
|
CowBytes::Borrowed(self.as_ref())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl AsByteSlice for &[u8] {
|
impl<const N: usize> ToCowBytes for [u8; N] {
|
||||||
fn as_byte_slice(&self) -> &[u8] {
|
fn to_cow_bytes(&self) -> CowBytes<'_> {
|
||||||
self
|
CowBytes::Borrowed(self.as_ref())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'a> AsByteSlice for Ring<'a> {
|
impl ToCowBytes for &[u8] {
|
||||||
fn as_byte_slice(&self) -> &[u8] {
|
fn to_cow_bytes(&self) -> CowBytes<'_> {
|
||||||
self.as_ref()
|
CowBytes::Borrowed(self)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'a> ToCowBytes for Ring<'a> {
|
||||||
|
fn to_cow_bytes(&self) -> CowBytes<'_> {
|
||||||
|
CowBytes::Borrowed(self.as_ref())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user