Git-Mirrors/xmr-btc-swap
1
0
Fork 0
mirror of https://github.com/comit-network/xmr-btc-swap.git synced 2025-01-26 07:16:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

Inline clsag_round_hash_prefix fn

Browse Source
This commit is contained in:
Thomas Eizinger 2021-05-11 14:30:35 +10:00
parent 52939ad217
commit e62c67753a
No known key found for this signature in database
GPG Key ID: 651AC83A6C6C8B96
2 changed files with 38 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
monero-adaptor/src/clsag.rs
View File

@ -30,25 +30,27 @@ pub fn sign(
let D_inv_8 = D * INV_EIGHT; let D_inv_8 = D * INV_EIGHT;
let ring = Ring::new(ring); let ring = Ring::new(ring);
let commitment_ring = Ring::new(commitment_ring); let commitment_ring = Ring::new(commitment_ring);
let compressed_pseudo_output_commitment = pseudo_output_commitment.compress();
let L_0 = L_0.compress();
let R_0 = R_0.compress();
let mus = AggregationHashes::new( let mus = AggregationHashes::new(
&ring, &ring,
&commitment_ring, &commitment_ring,
I.compress(), I.compress(),
pseudo_output_commitment.compress(), compressed_pseudo_output_commitment,
H_p_pk.compress(), H_p_pk.compress(),
); );
let prefix = clsag_round_hash_prefix( let h_0 = hash_to_scalar!(
ring.as_ref(), b"CLSAG_round"
commitment_ring.as_ref(), || ring
pseudo_output_commitment, || commitment_ring
msg, || compressed_pseudo_output_commitment
|| msg
|| L_0
|| R_0
); );
let L_0 = L_0.compress();
let R_0 = R_0.compress();
let h_0 = hash_to_scalar!(prefix || L_0 || R_0);
let h_last = fake_responses let h_last = fake_responses
.iter() .iter()
@ -60,7 +62,15 @@ pub fn sign(
let L_i = compute_L(h_prev, &mus, *s_i, pk_i, adjusted_commitment_i).compress(); let L_i = compute_L(h_prev, &mus, *s_i, pk_i, adjusted_commitment_i).compress();
let R_i = compute_R(h_prev, &mus, pk_i, *s_i, I, D_inv_8).compress(); let R_i = compute_R(h_prev, &mus, pk_i, *s_i, I, D_inv_8).compress();
hash_to_scalar!(prefix || L_i || R_i) hash_to_scalar!(
b"CLSAG_round"
|| ring
|| commitment_ring
|| compressed_pseudo_output_commitment
|| msg
|| L_i
|| R_i
)
}); });
let s_last = alpha - h_last * ((mus.mu_P * signing_key) + (mus.mu_C * z)); let s_last = alpha - h_last * ((mus.mu_P * signing_key) + (mus.mu_C * z));
@ -97,11 +107,12 @@ pub fn verify(
let ring = Ring::new(ring); let ring = Ring::new(ring);
let commitment_ring = Ring::new(commitment_ring); let commitment_ring = Ring::new(commitment_ring);
let compressed_pseudo_output_commitment = pseudo_output_commitment.compress();
let mus = AggregationHashes::new( let mus = AggregationHashes::new(
&ring, &ring,
&commitment_ring, &commitment_ring,
sig.I.compress(), sig.I.compress(),
pseudo_output_commitment.compress(), compressed_pseudo_output_commitment,
H_p_pk.compress(), H_p_pk.compress(),
); );
@ -109,18 +120,20 @@ pub fn verify(
for (i, s_i) in sig.responses.iter().enumerate() { for (i, s_i) in sig.responses.iter().enumerate() {
let pk_i = ring[(i + 1) % RING_SIZE]; let pk_i = ring[(i + 1) % RING_SIZE];
let prefix = clsag_round_hash_prefix(
ring.as_ref(),
commitment_ring.as_ref(),
pseudo_output_commitment,
msg,
);
let adjusted_commitment_i = commitment_ring[i] - pseudo_output_commitment; let adjusted_commitment_i = commitment_ring[i] - pseudo_output_commitment;
let L_i = compute_L(h, &mus, *s_i, pk_i, adjusted_commitment_i).compress(); let L_i = compute_L(h, &mus, *s_i, pk_i, adjusted_commitment_i).compress();
let R_i = compute_R(h, &mus, pk_i, *s_i, sig.I, sig.D).compress(); let R_i = compute_R(h, &mus, pk_i, *s_i, sig.I, sig.D).compress();
h = hash_to_scalar!(prefix || L_i || R_i) h = hash_to_scalar!(
b"CLSAG_round"
|| ring
|| commitment_ring
|| compressed_pseudo_output_commitment
|| msg
|| L_i
|| R_i
);
} }
h == sig.h_0 h == sig.h_0
@ -134,38 +147,6 @@ pub struct Signature {
pub D: EdwardsPoint, pub D: EdwardsPoint,
} }
/// Compute the prefix for the hash common to every iteration of the ring
/// signature algorithm.
///
/// "CLSAG_round" || ring || ring of commitments || pseudooutput commitment ||
/// msg || alpha * G
fn clsag_round_hash_prefix(
ring: &[u8],
commitment_ring: &[u8],
pseudo_output_commitment: EdwardsPoint,
msg: &[u8],
) -> Vec<u8> {
let domain_prefix = b"CLSAG_round";
let pseudo_output_commitment = pseudo_output_commitment.compress();
let pseudo_output_commitment = pseudo_output_commitment.as_bytes();
let mut prefix = Vec::with_capacity(
domain_prefix.len()
+ ring.len()
+ commitment_ring.len()
+ pseudo_output_commitment.len()
+ msg.len(),
);
prefix.extend(domain_prefix);
prefix.extend(ring);
prefix.extend(commitment_ring);
prefix.extend(pseudo_output_commitment);
prefix.extend(msg);
prefix
}
// L_i = s_i * G + c_p * pk_i + c_c * (commitment_i - pseudoutcommitment) // L_i = s_i * G + c_p * pk_i + c_c * (commitment_i - pseudoutcommitment)
fn compute_L( fn compute_L(
h_prev: Scalar, h_prev: Scalar,

6
monero-adaptor/src/macros.rs
View File

@ -42,6 +42,12 @@ impl<const N: usize> AsByteSlice for [u8; N] {
} }
} }
impl AsByteSlice for &[u8] {
fn as_byte_slice(&self) -> &[u8] {
self
}
}
impl<'a> AsByteSlice for Ring<'a> { impl<'a> AsByteSlice for Ring<'a> {
fn as_byte_slice(&self) -> &[u8] { fn as_byte_slice(&self) -> &[u8] {
self.as_ref() self.as_ref()