Git-Mirrors/xmr-btc-swap
1
0
Fork 0
mirror of https://github.com/comit-network/xmr-btc-swap.git synced 2025-01-07 05:38:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Document differences with Monero CLSAG

Browse Source
This commit is contained in:
Lucas Soriano del Pino 2021-05-10 15:34:19 +10:00
parent 64cd618aea
commit cbdda9b9c4
No known key found for this signature in database
GPG Key ID: EE611E973A1530E7
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
monero-adaptor/src/lib.rs
View File

@ -14,6 +14,23 @@ use tiny_keccak::{Hasher, Keccak};
pub const RING_SIZE: usize = 11;
const DOMAIN_TAG: &str = "CSLAG_c";
#[rustfmt::skip]
// aggregation hashes:
// mu_{P, C} =
// keccak256("CLSAG_agg_{0, 1}" ||
// ring || ring of commitments || I || z * hash_to_point(signing pk) || pseudooutput commitment)
//
// where z = blinding of real commitment - blinding of pseudooutput commitment.
// for every iteration we compute:
// c_p = h_prev * mu_P; and
// c_c = h_prev * mu_C.
//
// L_i = s_i * G + c_p * pk_i + c_c * (commitment_i - pseudoutcommitment)
// R_i = s_i * H_p_pk_i + c_p * I + c_c * (z * hash_to_point(signing pk))
//
// h = keccak256("CLSAG_round" || ring
// ring of commitments || pseudooutput commitment || msg || L_i || R_i)
fn challenge(
s_i: Scalar,
pk_i: EdwardsPoint,
@ -36,6 +53,12 @@ fn challenge(
Ok(Scalar::from_bytes_mod_order_wide(&output))
}
#[rustfmt::skip]
// h_0 = keccak256("CLSAG_round" || ring
// ring of commitments || pseudooutput commitment || msg || alpha * G || alpha * hash_to_point(signing pk))
//
// where alpha is random
#[allow(clippy::too_many_arguments)]
fn final_challenge(
fake_responses: [Scalar; RING_SIZE - 1],
@ -256,6 +279,8 @@ impl Alice0 {
self.msg,
)?;
// TODO: Final scalar is computed slightly differentley for Monero (involves
// mu_P and mu_C constants)
let s_0_a = self.alpha_a - h_last * self.s_prime_a;
Ok(Alice1 {