oxen-io
/
oxen-core
mirror of https://github.com/oxen-io/oxen-core.git
2
1
Fork 0
Code Issues Projects Releases Wiki Activity

Remove Borromean generation 

Like MLSAG, this code is no longer used (or usable) since HF16.
This commit is contained in:
Jason Rhinelander 2020-11-25 14:10:49 -04:00
parent 34c9e203de
commit 165d753e87
5 changed files with 0 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/ringct/rctSigs.cpp
View File

@ -104,38 +104,6 @@ namespace rct {
}
//Borromean (c.f. gmax/andytoshi's paper)
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices) {
key64 L[2], alpha;
LOKI_DEFER { memwipe(alpha, sizeof(alpha)); };
key c;
int naught = 0, prime = 0, ii = 0, jj=0;
boroSig bb;
for (ii = 0 ; ii < 64 ; ii++) {
naught = indices[ii]; prime = (indices[ii] + 1) % 2;
skGen(alpha[ii]);
scalarmultBase(L[naught][ii], alpha[ii]);
if (naught == 0) {
skGen(bb.s1[ii]);
c = hash_to_scalar(L[naught][ii]);
addKeys2(L[prime][ii], bb.s1[ii], c, P2[ii]);
}
}
bb.ee = hash_to_scalar(L[1]); //or L[1]..
key LL, cc;
for (jj = 0 ; jj < 64 ; jj++) {
if (!indices[jj]) {
sc_mulsub(bb.s0[jj].bytes, x[jj].bytes, bb.ee.bytes, alpha[jj].bytes);
} else {
skGen(bb.s0[jj]);
addKeys2(LL, bb.s0[jj], bb.ee, P1[jj]); //different L0
cc = hash_to_scalar(LL);
sc_mulsub(bb.s1[jj].bytes, x[jj].bytes, cc.bytes, alpha[jj].bytes);
}
}
return bb;
}
//see above.
bool verifyBorromean(const boroSig &bb, const ge_p3 P1[64], const ge_p3 P2[64]) {
key64 Lv1; key chash, LL;
int ii = 0;
@ -394,38 +362,6 @@ namespace rct {
//proveRange and verRange
//proveRange gives C, and mask such that \sumCi = C
// c.f. https://eprint.iacr.org/2015/1098 section 5.1
// and Ci is a commitment to either 0 or 2^i, i=0,...,63
// thus this proves that "amount" is in [0, 2^64]
// mask is a such that C = aG + bH, and b = amount
//verRange verifies that \sum Ci = C and that each Ci is a commitment to 0 or 2^i
rangeSig proveRange(key & C, key & mask, const xmr_amount & amount) {
sc_0(mask.bytes);
identity(C);
bits b;
d2b(b, amount);
rangeSig sig;
key64 ai;
key64 CiH;
int i = 0;
for (i = 0; i < ATOMS; i++) {
skGen(ai[i]);
if (b[i] == 0) {
scalarmultBase(sig.Ci[i], ai[i]);
}
if (b[i] == 1) {
addKeys1(sig.Ci[i], ai[i], H2[i]);
}
subKeys(CiH[i], sig.Ci[i], H2[i]);
sc_add(mask.bytes, mask.bytes, ai[i].bytes);
addKeys(C, C, sig.Ci[i]);
}
sig.asig = genBorromean(ai, sig.Ci, CiH, b);
return sig;
}
//proveRange and verRange
//proveRange gives C, and mask such that \sumCi = C
// c.f. https://eprint.iacr.org/2015/1098 section 5.1

3
src/ringct/rctSigs.h
View File

@ -62,7 +62,6 @@ namespace hw {
namespace rct {
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices);
bool verifyBorromean(const boroSig &bb, const key64 P1, const key64 P2);
//Multilayered Spontaneous Anonymous Group Signatures (MLSAG signatures)
@ -71,7 +70,6 @@ namespace rct {
// Gen creates a signature which proves that for some column in the keymatrix "pk"
// the signer knows a secret key for each row in that column
// Ver verifies that the MG sig was created correctly
mgSig MLSAG_Gen(const key &message, const keyM & pk, const keyV & xx, const multisig_kLRki *kLRki, key *mscout, const unsigned int index, size_t dsRows, hw::device &hwdev);
bool MLSAG_Ver(const key &message, const keyM &pk, const mgSig &sig, size_t dsRows);
clsag CLSAG_Gen(const key &message, const keyV & P, const key & p, const keyV & C, const key & z, const keyV & C_nonzero, const key & C_offset, const unsigned int l, const multisig_kLRki *kLRki, key *mscout, key *mspout, hw::device &hwdev);
@ -86,7 +84,6 @@ namespace rct {
// thus this proves that "amount" is in [0, 2^64]
// mask is a such that C = aG + bH, and b = amount
//verRange verifies that \sum Ci = C and that each Ci is a commitment to 0 or 2^i
rangeSig proveRange(key & C, key & mask, const xmr_amount & amount);
bool verRange(const key & C, const rangeSig & as);
//Ring-ct MG sigs

4
tests/performance_tests/main.cpp
View File

@ -54,7 +54,6 @@
#include "sc_check.h"
#include "cn_fast_hash.h"
#include "equality.h"
#include "range_proof.h"
#include "bulletproof.h"
#include "crypto_ops.h"
#include "multiexp.h"
@ -213,9 +212,6 @@ int main(int argc, char** argv)
TEST_PERFORMANCE2(filter, p, test_equality, verify32, false);
TEST_PERFORMANCE2(filter, p, test_equality, verify32, false);
TEST_PERFORMANCE1(filter, p, test_range_proof, true);
TEST_PERFORMANCE1(filter, p, test_range_proof, false);
TEST_PERFORMANCE2(filter, p, test_bulletproof, true, 1); // 1 bulletproof with 1 amount
TEST_PERFORMANCE2(filter, p, test_bulletproof, false, 1);

63
tests/performance_tests/range_proof.h
View File

@ -1,63 +0,0 @@
// Copyright (c) 2014-2017, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without modification, are
// permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this list of
// conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
// of conditions and the following disclaimer in the documentation and/or other
// materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors may be
// used to endorse or promote products derived from this software without specific
// prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
#pragma once
#include "ringct/rctSigs.h"
template<bool a_verify>
class test_range_proof
{
public:
static const size_t loop_count = 50;
static const bool verify = a_verify;
bool init()
{
rct::key mask;
sig = rct::proveRange(C, mask, 84932483243793);
return true;
}
bool test()
{
bool ret = true;
rct::key mask;
if (verify)
ret = rct::verRange(C, sig);
else
rct::proveRange(C, mask, 84932483243793);
return ret;
}
private:
rct::key C;
rct::rangeSig sig;
};

52
tests/unit_tests/ringct.cpp
View File

@ -43,49 +43,6 @@
using namespace crypto;
using namespace rct;
TEST(ringct, Borromean)
{
int j = 0;
//Tests for Borromean signatures
//#boro true one, false one, C != sum Ci, and one out of the range..
int N = 64;
key64 xv;
key64 P1v;
key64 P2v;
bits indi;
for (j = 0 ; j < N ; j++) {
indi[j] = (int)randXmrAmount(2);
xv[j] = skGen();
if ( (int)indi[j] == 0 ) {
scalarmultBase(P1v[j], xv[j]);
} else {
addKeys1(P1v[j], xv[j], H2[j]);
}
subKeys(P2v[j], P1v[j], H2[j]);
}
//#true one
boroSig bb = genBorromean(xv, P1v, P2v, indi);
ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
//#false one
indi[3] = (indi[3] + 1) % 2;
bb = genBorromean(xv, P1v, P2v, indi);
ASSERT_FALSE(verifyBorromean(bb, P1v, P2v));
//#true one again
indi[3] = (indi[3] + 1) % 2;
bb = genBorromean(xv, P1v, P2v, indi);
ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
//#false one
bb = genBorromean(xv, P2v, P1v, indi);
ASSERT_FALSE(verifyBorromean(bb, P1v, P2v));
}
TEST(ringct, CLSAG)
{
const size_t N = 11;
@ -731,15 +688,6 @@ TEST(ringct, d2b)
}
}
TEST(ringct, prooveRange_is_non_deterministic)
{
key C[2], mask[2];
for (int n = 0; n < 2; ++n)
proveRange(C[n], mask[n], 80);
ASSERT_TRUE(memcmp(C[0].bytes, C[1].bytes, sizeof(C[0].bytes)));
ASSERT_TRUE(memcmp(mask[0].bytes, mask[1].bytes, sizeof(mask[0].bytes)));
}
TEST(ringct, fee_0_valid_simple)
{
const uint64_t inputs[] = {1000, 1000};