Ecosystem/serai
Ecosystem/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-01-18 16:55:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
serai/coins/monero/tests/clsag.rs
Luke Parker 7c0886a113
Support signing Monero TXs with multiple inputs 
Remove's CLSAG's msg Rc for the msg available through AlgorithmMachine. 
Potentially slightly more inefficient, as it needs to be converted from 
a slice to a [u8; 32], yet removes a re-impl.

Also removes a match for an if.
2022-05-18 00:53:13 -04:00

132 lines
3.9 KiB
Rust
Raw Blame History

#[cfg(feature = "multisig")]
use std::{rc::Rc, cell::RefCell};
use rand::{RngCore, rngs::OsRng};
use curve25519_dalek::{constants::ED25519_BASEPOINT_TABLE, scalar::Scalar};
use monero::VarInt;
use monero_serai::{Commitment, random_scalar, generate_key_image, transaction::decoys::Decoys, clsag};
#[cfg(feature = "multisig")]
use monero_serai::frost::{MultisigError, Transcript};
#[cfg(feature = "multisig")]
mod frost;
#[cfg(feature = "multisig")]
use crate::frost::{THRESHOLD, generate_keys, sign};
const RING_LEN: u64 = 11;
const AMOUNT: u64 = 1337;
#[cfg(feature = "multisig")]
const RING_INDEX: u8 = 3;
#[test]
fn clsag() {
for real in 0 .. RING_LEN {
let msg = [1; 32];
let mut secrets = [Scalar::zero(), Scalar::zero()];
let mut ring = vec![];
for i in 0 .. RING_LEN {
let dest = random_scalar(&mut OsRng);
let mask = random_scalar(&mut OsRng);
let amount;
if i == u64::from(real) {
secrets = [dest, mask];
amount = AMOUNT;
} else {
amount = OsRng.next_u64();
}
ring.push([&dest * &ED25519_BASEPOINT_TABLE, Commitment::new(mask, amount).calculate()]);
}
let image = generate_key_image(&secrets[0]);
let (clsag, pseudo_out) = clsag::sign(
&mut OsRng,
&vec![(
secrets[0],
image,
clsag::Input::new(
Commitment::new(secrets[1], AMOUNT),
Decoys {
i: u8::try_from(real).unwrap(),
offsets: (1 ..= RING_LEN).into_iter().map(|o| VarInt(o)).collect(),
ring: ring.clone()
}
).unwrap()
)],
random_scalar(&mut OsRng),
msg
).unwrap().swap_remove(0);
clsag::verify(&clsag, &ring, &image, &pseudo_out, &msg).unwrap();
#[cfg(feature = "experimental")]
clsag::rust_verify(&clsag, &ring, &image, &pseudo_out, &msg).unwrap();
}
}
#[cfg(feature = "multisig")]
#[test]
fn clsag_multisig() -> Result<(), MultisigError> {
let (keys, group_private) = generate_keys();
let t = keys[0].params().t();
let randomness = random_scalar(&mut OsRng);
let mut ring = vec![];
for i in 0 .. RING_LEN {
let dest;
let mask;
let amount;
if i != u64::from(RING_INDEX) {
dest = random_scalar(&mut OsRng);
mask = random_scalar(&mut OsRng);
amount = OsRng.next_u64();
} else {
dest = group_private.0;
mask = randomness;
amount = AMOUNT;
}
ring.push([&dest * &ED25519_BASEPOINT_TABLE, Commitment::new(mask, amount).calculate()]);
}
let mask_sum = random_scalar(&mut OsRng);
let mut machines = Vec::with_capacity(t);
for i in 1 ..= t {
machines.push(
sign::AlgorithmMachine::new(
clsag::Multisig::new(
Transcript::new(b"Monero Serai CLSAG Test".to_vec()),
Rc::new(RefCell::new(Some(
clsag::Details::new(
clsag::Input::new(
Commitment::new(randomness, AMOUNT),
Decoys {
i: RING_INDEX,
offsets: (1 ..= RING_LEN).into_iter().map(|o| VarInt(o)).collect(),
ring: ring.clone()
}
).unwrap(),
mask_sum
)
)))
).unwrap(),
Rc::new(keys[i - 1].clone()),
&(1 ..= THRESHOLD).collect::<Vec<usize>>()
).unwrap()
);
}
let mut signatures = sign(&mut machines, &[1; 32]);
let signature = signatures.swap_remove(0);
for s in 0 .. (t - 1) {
// Verify the commitments and the non-decoy s scalar are identical to every other signature
// FROST will already have called verify on the produced signature, before checking individual
// key shares. For FROST Schnorr, it's cheaper. For CLSAG, it may be more expensive? Yet it
// ensures we have usable signatures, not just signatures we think are usable
assert_eq!(signatures[s].1, signature.1);
assert_eq!(signatures[s].0.s[RING_INDEX as usize], signature.0.s[RING_INDEX as usize]);
}
Ok(())
}
Reference in a new issue View git blame Copy permalink