mirror of https://github.com/oxen-io/oxen-core.git
Remove Borromean generation
Like MLSAG, this code is no longer used (or usable) since HF16.
This commit is contained in:
parent
34c9e203de
commit
165d753e87
|
@ -104,38 +104,6 @@ namespace rct {
|
|||
}
|
||||
|
||||
//Borromean (c.f. gmax/andytoshi's paper)
|
||||
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices) {
|
||||
key64 L[2], alpha;
|
||||
LOKI_DEFER { memwipe(alpha, sizeof(alpha)); };
|
||||
key c;
|
||||
int naught = 0, prime = 0, ii = 0, jj=0;
|
||||
boroSig bb;
|
||||
for (ii = 0 ; ii < 64 ; ii++) {
|
||||
naught = indices[ii]; prime = (indices[ii] + 1) % 2;
|
||||
skGen(alpha[ii]);
|
||||
scalarmultBase(L[naught][ii], alpha[ii]);
|
||||
if (naught == 0) {
|
||||
skGen(bb.s1[ii]);
|
||||
c = hash_to_scalar(L[naught][ii]);
|
||||
addKeys2(L[prime][ii], bb.s1[ii], c, P2[ii]);
|
||||
}
|
||||
}
|
||||
bb.ee = hash_to_scalar(L[1]); //or L[1]..
|
||||
key LL, cc;
|
||||
for (jj = 0 ; jj < 64 ; jj++) {
|
||||
if (!indices[jj]) {
|
||||
sc_mulsub(bb.s0[jj].bytes, x[jj].bytes, bb.ee.bytes, alpha[jj].bytes);
|
||||
} else {
|
||||
skGen(bb.s0[jj]);
|
||||
addKeys2(LL, bb.s0[jj], bb.ee, P1[jj]); //different L0
|
||||
cc = hash_to_scalar(LL);
|
||||
sc_mulsub(bb.s1[jj].bytes, x[jj].bytes, cc.bytes, alpha[jj].bytes);
|
||||
}
|
||||
}
|
||||
return bb;
|
||||
}
|
||||
|
||||
//see above.
|
||||
bool verifyBorromean(const boroSig &bb, const ge_p3 P1[64], const ge_p3 P2[64]) {
|
||||
key64 Lv1; key chash, LL;
|
||||
int ii = 0;
|
||||
|
@ -394,38 +362,6 @@ namespace rct {
|
|||
|
||||
|
||||
|
||||
//proveRange and verRange
|
||||
//proveRange gives C, and mask such that \sumCi = C
|
||||
// c.f. https://eprint.iacr.org/2015/1098 section 5.1
|
||||
// and Ci is a commitment to either 0 or 2^i, i=0,...,63
|
||||
// thus this proves that "amount" is in [0, 2^64]
|
||||
// mask is a such that C = aG + bH, and b = amount
|
||||
//verRange verifies that \sum Ci = C and that each Ci is a commitment to 0 or 2^i
|
||||
rangeSig proveRange(key & C, key & mask, const xmr_amount & amount) {
|
||||
sc_0(mask.bytes);
|
||||
identity(C);
|
||||
bits b;
|
||||
d2b(b, amount);
|
||||
rangeSig sig;
|
||||
key64 ai;
|
||||
key64 CiH;
|
||||
int i = 0;
|
||||
for (i = 0; i < ATOMS; i++) {
|
||||
skGen(ai[i]);
|
||||
if (b[i] == 0) {
|
||||
scalarmultBase(sig.Ci[i], ai[i]);
|
||||
}
|
||||
if (b[i] == 1) {
|
||||
addKeys1(sig.Ci[i], ai[i], H2[i]);
|
||||
}
|
||||
subKeys(CiH[i], sig.Ci[i], H2[i]);
|
||||
sc_add(mask.bytes, mask.bytes, ai[i].bytes);
|
||||
addKeys(C, C, sig.Ci[i]);
|
||||
}
|
||||
sig.asig = genBorromean(ai, sig.Ci, CiH, b);
|
||||
return sig;
|
||||
}
|
||||
|
||||
//proveRange and verRange
|
||||
//proveRange gives C, and mask such that \sumCi = C
|
||||
// c.f. https://eprint.iacr.org/2015/1098 section 5.1
|
||||
|
|
|
@ -62,7 +62,6 @@ namespace hw {
|
|||
|
||||
namespace rct {
|
||||
|
||||
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices);
|
||||
bool verifyBorromean(const boroSig &bb, const key64 P1, const key64 P2);
|
||||
|
||||
//Multilayered Spontaneous Anonymous Group Signatures (MLSAG signatures)
|
||||
|
@ -71,7 +70,6 @@ namespace rct {
|
|||
// Gen creates a signature which proves that for some column in the keymatrix "pk"
|
||||
// the signer knows a secret key for each row in that column
|
||||
// Ver verifies that the MG sig was created correctly
|
||||
mgSig MLSAG_Gen(const key &message, const keyM & pk, const keyV & xx, const multisig_kLRki *kLRki, key *mscout, const unsigned int index, size_t dsRows, hw::device &hwdev);
|
||||
bool MLSAG_Ver(const key &message, const keyM &pk, const mgSig &sig, size_t dsRows);
|
||||
|
||||
clsag CLSAG_Gen(const key &message, const keyV & P, const key & p, const keyV & C, const key & z, const keyV & C_nonzero, const key & C_offset, const unsigned int l, const multisig_kLRki *kLRki, key *mscout, key *mspout, hw::device &hwdev);
|
||||
|
@ -86,7 +84,6 @@ namespace rct {
|
|||
// thus this proves that "amount" is in [0, 2^64]
|
||||
// mask is a such that C = aG + bH, and b = amount
|
||||
//verRange verifies that \sum Ci = C and that each Ci is a commitment to 0 or 2^i
|
||||
rangeSig proveRange(key & C, key & mask, const xmr_amount & amount);
|
||||
bool verRange(const key & C, const rangeSig & as);
|
||||
|
||||
//Ring-ct MG sigs
|
||||
|
|
|
@ -54,7 +54,6 @@
|
|||
#include "sc_check.h"
|
||||
#include "cn_fast_hash.h"
|
||||
#include "equality.h"
|
||||
#include "range_proof.h"
|
||||
#include "bulletproof.h"
|
||||
#include "crypto_ops.h"
|
||||
#include "multiexp.h"
|
||||
|
@ -213,9 +212,6 @@ int main(int argc, char** argv)
|
|||
TEST_PERFORMANCE2(filter, p, test_equality, verify32, false);
|
||||
TEST_PERFORMANCE2(filter, p, test_equality, verify32, false);
|
||||
|
||||
TEST_PERFORMANCE1(filter, p, test_range_proof, true);
|
||||
TEST_PERFORMANCE1(filter, p, test_range_proof, false);
|
||||
|
||||
TEST_PERFORMANCE2(filter, p, test_bulletproof, true, 1); // 1 bulletproof with 1 amount
|
||||
TEST_PERFORMANCE2(filter, p, test_bulletproof, false, 1);
|
||||
|
||||
|
|
|
@ -1,63 +0,0 @@
|
|||
// Copyright (c) 2014-2017, The Monero Project
|
||||
//
|
||||
// All rights reserved.
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without modification, are
|
||||
// permitted provided that the following conditions are met:
|
||||
//
|
||||
// 1. Redistributions of source code must retain the above copyright notice, this list of
|
||||
// conditions and the following disclaimer.
|
||||
//
|
||||
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
|
||||
// of conditions and the following disclaimer in the documentation and/or other
|
||||
// materials provided with the distribution.
|
||||
//
|
||||
// 3. Neither the name of the copyright holder nor the names of its contributors may be
|
||||
// used to endorse or promote products derived from this software without specific
|
||||
// prior written permission.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
|
||||
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
|
||||
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
|
||||
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
//
|
||||
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
|
||||
|
||||
#pragma once
|
||||
|
||||
#include "ringct/rctSigs.h"
|
||||
|
||||
template<bool a_verify>
|
||||
class test_range_proof
|
||||
{
|
||||
public:
|
||||
static const size_t loop_count = 50;
|
||||
static const bool verify = a_verify;
|
||||
|
||||
bool init()
|
||||
{
|
||||
rct::key mask;
|
||||
sig = rct::proveRange(C, mask, 84932483243793);
|
||||
return true;
|
||||
}
|
||||
|
||||
bool test()
|
||||
{
|
||||
bool ret = true;
|
||||
rct::key mask;
|
||||
if (verify)
|
||||
ret = rct::verRange(C, sig);
|
||||
else
|
||||
rct::proveRange(C, mask, 84932483243793);
|
||||
return ret;
|
||||
}
|
||||
|
||||
private:
|
||||
rct::key C;
|
||||
rct::rangeSig sig;
|
||||
};
|
|
@ -43,49 +43,6 @@
|
|||
using namespace crypto;
|
||||
using namespace rct;
|
||||
|
||||
TEST(ringct, Borromean)
|
||||
{
|
||||
int j = 0;
|
||||
|
||||
//Tests for Borromean signatures
|
||||
//#boro true one, false one, C != sum Ci, and one out of the range..
|
||||
int N = 64;
|
||||
key64 xv;
|
||||
key64 P1v;
|
||||
key64 P2v;
|
||||
bits indi;
|
||||
|
||||
for (j = 0 ; j < N ; j++) {
|
||||
indi[j] = (int)randXmrAmount(2);
|
||||
|
||||
xv[j] = skGen();
|
||||
if ( (int)indi[j] == 0 ) {
|
||||
scalarmultBase(P1v[j], xv[j]);
|
||||
} else {
|
||||
addKeys1(P1v[j], xv[j], H2[j]);
|
||||
}
|
||||
subKeys(P2v[j], P1v[j], H2[j]);
|
||||
}
|
||||
|
||||
//#true one
|
||||
boroSig bb = genBorromean(xv, P1v, P2v, indi);
|
||||
ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
|
||||
|
||||
//#false one
|
||||
indi[3] = (indi[3] + 1) % 2;
|
||||
bb = genBorromean(xv, P1v, P2v, indi);
|
||||
ASSERT_FALSE(verifyBorromean(bb, P1v, P2v));
|
||||
|
||||
//#true one again
|
||||
indi[3] = (indi[3] + 1) % 2;
|
||||
bb = genBorromean(xv, P1v, P2v, indi);
|
||||
ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
|
||||
|
||||
//#false one
|
||||
bb = genBorromean(xv, P2v, P1v, indi);
|
||||
ASSERT_FALSE(verifyBorromean(bb, P1v, P2v));
|
||||
}
|
||||
|
||||
TEST(ringct, CLSAG)
|
||||
{
|
||||
const size_t N = 11;
|
||||
|
@ -731,15 +688,6 @@ TEST(ringct, d2b)
|
|||
}
|
||||
}
|
||||
|
||||
TEST(ringct, prooveRange_is_non_deterministic)
|
||||
{
|
||||
key C[2], mask[2];
|
||||
for (int n = 0; n < 2; ++n)
|
||||
proveRange(C[n], mask[n], 80);
|
||||
ASSERT_TRUE(memcmp(C[0].bytes, C[1].bytes, sizeof(C[0].bytes)));
|
||||
ASSERT_TRUE(memcmp(mask[0].bytes, mask[1].bytes, sizeof(mask[0].bytes)));
|
||||
}
|
||||
|
||||
TEST(ringct, fee_0_valid_simple)
|
||||
{
|
||||
const uint64_t inputs[] = {1000, 1000};
|
||||
|
|
Loading…
Reference in New Issue