mirror of
https://github.com/serai-dex/serai.git
synced 2025-01-12 13:55:28 +00:00
995734c960
* Add v1 ring sig verifying * allow calculating signature hash for v1 txs * add unreduced scalar type with recovery I have added this type for borromen sigs, the ee field can be a normal scalar as in the verify function the ee field is checked against a reduced scalar mean for it to verify as correct ee must be reduced * change block major/ minor versions to u8 this matches Monero I have also changed a couple varint functions to accept the `VarInt` trait * expose `serialize_hashable` on `Block` * add back MLSAG verifying functions I still need to revert the commit removing support for >1 input MLSAG FULL This adds a new rct type to separate Full and simple rct * add back support for multiple inputs for RCT FULL * comment `non_adjacent_form` function also added `#[allow(clippy::needless_range_loop)]` around a loop as without a re-write satisfying clippy without it will make the function worse. * Improve Mlsag verifying API * fix rebase errors * revert the changes on `reserialize_chain` plus other misc changes * fix no-std * Reduce the amount of rpc calls needed for `get_block_by_number`. This function was causing me problems, every now and then a node would return a block with a different number than requested. * change `serialize_hashable` to give the POW hashing blob. Monero calculates the POW hash and the block hash using *slightly* different blobs :/ * make ring_signatures public and add length check when verifying. * Misc improvements and bug fixes --------- Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
72 lines
1.8 KiB
Rust
72 lines
1.8 KiB
Rust
use std_shims::{
|
|
io::{self, *},
|
|
vec::Vec,
|
|
};
|
|
|
|
use zeroize::Zeroize;
|
|
|
|
use curve25519_dalek::{EdwardsPoint, Scalar};
|
|
|
|
use monero_generators::hash_to_point;
|
|
|
|
use crate::{serialize::*, hash_to_scalar};
|
|
|
|
#[derive(Clone, PartialEq, Eq, Debug, Zeroize)]
|
|
pub struct Signature {
|
|
c: Scalar,
|
|
r: Scalar,
|
|
}
|
|
|
|
impl Signature {
|
|
pub fn write<W: Write>(&self, w: &mut W) -> io::Result<()> {
|
|
write_scalar(&self.c, w)?;
|
|
write_scalar(&self.r, w)?;
|
|
Ok(())
|
|
}
|
|
|
|
pub fn read<R: Read>(r: &mut R) -> io::Result<Signature> {
|
|
Ok(Signature { c: read_scalar(r)?, r: read_scalar(r)? })
|
|
}
|
|
}
|
|
|
|
#[derive(Clone, PartialEq, Eq, Debug, Zeroize)]
|
|
pub struct RingSignature {
|
|
sigs: Vec<Signature>,
|
|
}
|
|
|
|
impl RingSignature {
|
|
pub fn write<W: Write>(&self, w: &mut W) -> io::Result<()> {
|
|
for sig in &self.sigs {
|
|
sig.write(w)?;
|
|
}
|
|
Ok(())
|
|
}
|
|
|
|
pub fn read<R: Read>(members: usize, r: &mut R) -> io::Result<RingSignature> {
|
|
Ok(RingSignature { sigs: read_raw_vec(Signature::read, members, r)? })
|
|
}
|
|
|
|
pub fn verify(&self, msg: &[u8; 32], ring: &[EdwardsPoint], key_image: &EdwardsPoint) -> bool {
|
|
if ring.len() != self.sigs.len() {
|
|
return false;
|
|
}
|
|
|
|
let mut buf = Vec::with_capacity(32 + (32 * 2 * ring.len()));
|
|
buf.extend_from_slice(msg);
|
|
|
|
let mut sum = Scalar::ZERO;
|
|
|
|
for (ring_member, sig) in ring.iter().zip(&self.sigs) {
|
|
#[allow(non_snake_case)]
|
|
let Li = EdwardsPoint::vartime_double_scalar_mul_basepoint(&sig.c, ring_member, &sig.r);
|
|
buf.extend_from_slice(Li.compress().as_bytes());
|
|
#[allow(non_snake_case)]
|
|
let Ri = (sig.r * hash_to_point(ring_member.compress().to_bytes())) + (sig.c * key_image);
|
|
buf.extend_from_slice(Ri.compress().as_bytes());
|
|
|
|
sum += sig.c;
|
|
}
|
|
|
|
sum == hash_to_scalar(&buf)
|
|
}
|
|
}
|