mirror of
https://github.com/comit-network/xmr-btc-swap.git
synced 2025-01-25 06:36:44 -05:00
Pass z and H_p_pk back in because we need z inside for a signature
This commit is contained in:
parent
cfb05994a6
commit
f4b9f11fef
@ -183,18 +183,19 @@ fn clsag_round_hash_prefix(
|
|||||||
prefix
|
prefix
|
||||||
}
|
}
|
||||||
|
|
||||||
fn final_challenge(
|
fn sign(
|
||||||
fake_responses: [Scalar; RING_SIZE - 1],
|
fake_responses: [Scalar; RING_SIZE - 1],
|
||||||
ring: Ring,
|
ring: Ring,
|
||||||
commitment_ring: Ring,
|
commitment_ring: Ring,
|
||||||
D: EdwardsPoint,
|
z: Scalar,
|
||||||
|
H_p_pk: EdwardsPoint,
|
||||||
pseudo_output_commitment: EdwardsPoint,
|
pseudo_output_commitment: EdwardsPoint,
|
||||||
L: EdwardsPoint,
|
L: EdwardsPoint,
|
||||||
R: EdwardsPoint,
|
R: EdwardsPoint,
|
||||||
I: EdwardsPoint,
|
I: EdwardsPoint,
|
||||||
msg: &[u8],
|
msg: &[u8],
|
||||||
) -> Result<(Scalar, Scalar)> {
|
) -> Result<(Scalar, Scalar)> {
|
||||||
let D_inv_8 = D * Scalar::from(8u8).invert();
|
let D_inv_8 = (z * H_p_pk) * Scalar::from(8u8).invert();
|
||||||
|
|
||||||
let prefix = clsag_round_hash_prefix(
|
let prefix = clsag_round_hash_prefix(
|
||||||
ring.as_ref(),
|
ring.as_ref(),
|
||||||
@ -213,7 +214,7 @@ fn final_challenge(
|
|||||||
Scalar::from_bytes_mod_order_wide(&output)
|
Scalar::from_bytes_mod_order_wide(&output)
|
||||||
};
|
};
|
||||||
|
|
||||||
let mus = AggregationHashes::new(&ring, &commitment_ring, I, pseudo_output_commitment, D);
|
let mus = AggregationHashes::new(&ring, &commitment_ring, I, pseudo_output_commitment, H_p_pk);
|
||||||
|
|
||||||
let h_last = fake_responses
|
let h_last = fake_responses
|
||||||
.iter()
|
.iter()
|
||||||
@ -223,7 +224,17 @@ fn final_challenge(
|
|||||||
let adjusted_commitment_i = commitment_ring[i] - pseudo_output_commitment;
|
let adjusted_commitment_i = commitment_ring[i] - pseudo_output_commitment;
|
||||||
|
|
||||||
// TODO: Do not unwrap here
|
// TODO: Do not unwrap here
|
||||||
challenge(&prefix, *s_i, pk_i, adjusted_commitment_i, D_inv_8, h_prev, I, &mus, ).unwrap()
|
challenge(
|
||||||
|
&prefix,
|
||||||
|
*s_i,
|
||||||
|
pk_i,
|
||||||
|
adjusted_commitment_i,
|
||||||
|
D_inv_8,
|
||||||
|
h_prev,
|
||||||
|
I,
|
||||||
|
&mus,
|
||||||
|
)
|
||||||
|
.unwrap()
|
||||||
});
|
});
|
||||||
|
|
||||||
Ok((h_last, h_0))
|
Ok((h_last, h_0))
|
||||||
@ -400,13 +411,12 @@ impl Alice0 {
|
|||||||
msg.pi_b
|
msg.pi_b
|
||||||
.verify(ED25519_BASEPOINT_POINT, msg.T_b, self.H_p_pk, msg.I_hat_b)?;
|
.verify(ED25519_BASEPOINT_POINT, msg.T_b, self.H_p_pk, msg.I_hat_b)?;
|
||||||
|
|
||||||
let D = z * self.H_p_pk;
|
let (h_last, h_0) = sign(
|
||||||
|
|
||||||
let (h_last, h_0) = final_challenge(
|
|
||||||
self.fake_responses,
|
self.fake_responses,
|
||||||
self.ring,
|
self.ring,
|
||||||
self.commitment_ring,
|
self.commitment_ring,
|
||||||
D,
|
z,
|
||||||
|
self.H_p_pk,
|
||||||
self.pseudo_output_commitment,
|
self.pseudo_output_commitment,
|
||||||
self.T_a + msg.T_b + self.R_a,
|
self.T_a + msg.T_b + self.R_a,
|
||||||
self.I_hat_a + msg.I_hat_b + self.R_prime_a,
|
self.I_hat_a + msg.I_hat_b + self.R_prime_a,
|
||||||
@ -425,7 +435,7 @@ impl Alice0 {
|
|||||||
h_0,
|
h_0,
|
||||||
I_b: msg.I_b,
|
I_b: msg.I_b,
|
||||||
s_0_a,
|
s_0_a,
|
||||||
D,
|
D: z * self.H_p_pk,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -582,13 +592,12 @@ impl Bob1 {
|
|||||||
self.pi_a
|
self.pi_a
|
||||||
.verify(ED25519_BASEPOINT_POINT, T_a, self.H_p_pk, I_hat_a)?;
|
.verify(ED25519_BASEPOINT_POINT, T_a, self.H_p_pk, I_hat_a)?;
|
||||||
|
|
||||||
let D = z * self.H_p_pk;
|
let (h_last, h_0) = sign(
|
||||||
|
|
||||||
let (h_last, h_0) = final_challenge(
|
|
||||||
fake_responses,
|
fake_responses,
|
||||||
self.ring,
|
self.ring,
|
||||||
self.commitment_ring,
|
self.commitment_ring,
|
||||||
D,
|
z,
|
||||||
|
self.H_p_pk,
|
||||||
self.pseudo_output_commitment,
|
self.pseudo_output_commitment,
|
||||||
T_a + self.T_b + self.R_a,
|
T_a + self.T_b + self.R_a,
|
||||||
I_hat_a + self.I_hat_b + self.R_prime_a,
|
I_hat_a + self.I_hat_b + self.R_prime_a,
|
||||||
@ -605,7 +614,7 @@ impl Bob1 {
|
|||||||
fake_responses,
|
fake_responses,
|
||||||
h_0,
|
h_0,
|
||||||
I: I_a + self.I_b,
|
I: I_a + self.I_b,
|
||||||
D,
|
D: z * self.H_p_pk,
|
||||||
};
|
};
|
||||||
|
|
||||||
Ok(Bob2 { s_0_b, adaptor_sig })
|
Ok(Bob2 { s_0_b, adaptor_sig })
|
||||||
|
Loading…
Reference in New Issue
Block a user