mirror of
https://github.com/monero-project/monero.git
synced 2025-01-12 13:55:08 +00:00
ringct: luigi1111's changes to fix and speedup Borromean sigs
This commit is contained in:
parent
76958fc75a
commit
46a0dcc1d2
2 changed files with 19 additions and 24 deletions
|
@ -58,29 +58,28 @@ namespace rct {
|
||||||
|
|
||||||
//Borromean (c.f. gmax/andytoshi's paper)
|
//Borromean (c.f. gmax/andytoshi's paper)
|
||||||
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices) {
|
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices) {
|
||||||
key64 L[2], c[2], s[2], alpha, P[2];
|
key64 L[2], alpha;
|
||||||
|
key c;
|
||||||
int naught = 0, prime = 0, ii = 0, jj=0;
|
int naught = 0, prime = 0, ii = 0, jj=0;
|
||||||
|
boroSig bb;
|
||||||
for (ii = 0 ; ii < 64 ; ii++) {
|
for (ii = 0 ; ii < 64 ; ii++) {
|
||||||
naught = indices[ii]; prime = (indices[ii] + 1) % 2;
|
naught = indices[ii]; prime = (indices[ii] + 1) % 2;
|
||||||
copy(P[0][ii], P1[ii]); //could probably user pointers
|
|
||||||
copy(P[1][ii], P2[ii]);
|
|
||||||
skGen(alpha[ii]);
|
skGen(alpha[ii]);
|
||||||
scalarmultBase(L[naught][ii], alpha[ii]);
|
scalarmultBase(L[naught][ii], alpha[ii]);
|
||||||
c[prime][ii] = hash_to_scalar(L[naught][ii]);
|
if (naught == 0) {
|
||||||
skGen(s[prime][ii]);
|
skGen(bb.s1[ii]);
|
||||||
addKeys2(L[prime][ii], s[prime][ii], c[prime][ii], P[prime][ii]);
|
c = hash_to_scalar(L[naught][ii]);
|
||||||
|
addKeys2(L[prime][ii], bb.s1[ii], c, P2[ii]);
|
||||||
}
|
}
|
||||||
boroSig bb;
|
}
|
||||||
bb.ee = cn_fast_hash(L[1]); //or L[1]..
|
bb.ee = hash_to_scalar(L[1]); //or L[1]..
|
||||||
key LL, cc;
|
key LL, cc;
|
||||||
for (jj = 0 ; jj < 64 ; jj++) {
|
for (jj = 0 ; jj < 64 ; jj++) {
|
||||||
naught = indices[jj]; prime = (indices[jj] + 1) % 2;
|
|
||||||
if (!indices[jj]) {
|
if (!indices[jj]) {
|
||||||
sc_mulsub(bb.s0[jj].bytes, x[jj].bytes, bb.ee.bytes, alpha[jj].bytes);
|
sc_mulsub(bb.s0[jj].bytes, x[jj].bytes, bb.ee.bytes, alpha[jj].bytes);
|
||||||
copy(bb.s1[jj], s[1][jj]);
|
|
||||||
} else {
|
} else {
|
||||||
copy(bb.s0[jj], s[0][jj]);
|
skGen(bb.s0[jj]);
|
||||||
addKeys2(LL, bb.s0[jj], bb.ee, P[0][jj]); //different L0
|
addKeys2(LL, bb.s0[jj], bb.ee, P1[jj]); //different L0
|
||||||
cc = hash_to_scalar(LL);
|
cc = hash_to_scalar(LL);
|
||||||
sc_mulsub(bb.s1[jj].bytes, x[jj].bytes, cc.bytes, alpha[jj].bytes);
|
sc_mulsub(bb.s1[jj].bytes, x[jj].bytes, cc.bytes, alpha[jj].bytes);
|
||||||
}
|
}
|
||||||
|
@ -90,14 +89,14 @@ namespace rct {
|
||||||
|
|
||||||
//see above.
|
//see above.
|
||||||
bool verifyBorromean(const boroSig &bb, const key64 P1, const key64 P2) {
|
bool verifyBorromean(const boroSig &bb, const key64 P1, const key64 P2) {
|
||||||
key64 Lv1, chash; key LL;
|
key64 Lv1; key chash, LL;
|
||||||
int ii = 0;
|
int ii = 0;
|
||||||
for (ii = 0 ; ii < 64 ; ii++) {
|
for (ii = 0 ; ii < 64 ; ii++) {
|
||||||
addKeys2(LL, bb.s0[ii], bb.ee, P1[ii]);
|
addKeys2(LL, bb.s0[ii], bb.ee, P1[ii]);
|
||||||
chash[ii] = hash_to_scalar(LL);
|
chash = hash_to_scalar(LL);
|
||||||
addKeys2(Lv1[ii], bb.s1[ii], chash[ii], P2[ii]);
|
addKeys2(Lv1[ii], bb.s1[ii], chash, P2[ii]);
|
||||||
}
|
}
|
||||||
key eeComputed = cn_fast_hash(Lv1); //hash function fine
|
key eeComputed = hash_to_scalar(Lv1); //hash function fine
|
||||||
return equalKeys(eeComputed, bb.ee);
|
return equalKeys(eeComputed, bb.ee);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -57,19 +57,15 @@ TEST(ringct, Borromean)
|
||||||
|
|
||||||
xv[j] = skGen();
|
xv[j] = skGen();
|
||||||
if ( (int)indi[j] == 0 ) {
|
if ( (int)indi[j] == 0 ) {
|
||||||
P1v[j] = scalarmultBase(xv[j]);
|
scalarmultBase(P1v[j], xv[j]);
|
||||||
P2v[j] = pkGen();
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
addKeys1(P1v[j], xv[j], H2[j]);
|
||||||
P2v[j] = scalarmultBase(xv[j]);
|
|
||||||
P1v[j] = pkGen();
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
subKeys(P2v[j], P1v[j], H2[j]);
|
||||||
}
|
}
|
||||||
|
|
||||||
//#true one
|
//#true one
|
||||||
boro bb = genBorromean(xv, P1v, P2v, indi);
|
boroSig bb = genBorromean(xv, P1v, P2v, indi);
|
||||||
ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
|
ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
|
||||||
|
|
||||||
//#false one
|
//#false one
|
||||||
|
|
Loading…
Reference in a new issue