mirror of
https://github.com/monero-project/monero.git
synced 2024-12-23 12:09:54 +00:00
CLSAG device support
This commit is contained in:
parent
aff87b5f6a
commit
703944c4d4
5 changed files with 47 additions and 21 deletions
|
@ -231,6 +231,10 @@ namespace hw {
|
||||||
virtual bool mlsag_hash(const rct::keyV &long_message, rct::key &c) = 0;
|
virtual bool mlsag_hash(const rct::keyV &long_message, rct::key &c) = 0;
|
||||||
virtual bool mlsag_sign(const rct::key &c, const rct::keyV &xx, const rct::keyV &alpha, const size_t rows, const size_t dsRows, rct::keyV &ss) = 0;
|
virtual bool mlsag_sign(const rct::key &c, const rct::keyV &xx, const rct::keyV &alpha, const size_t rows, const size_t dsRows, rct::keyV &ss) = 0;
|
||||||
|
|
||||||
|
virtual bool clsag_prepare(const rct::key &p, const rct::key &z, rct::key &I, rct::key &D, const rct::key &H, rct::key &a, rct::key &aG, rct::key &aH) = 0;
|
||||||
|
virtual bool clsag_hash(const rct::keyV &data, rct::key &hash) = 0;
|
||||||
|
virtual bool clsag_sign(const rct::key &c, const rct::key &a, const rct::key &p, const rct::key &z, const rct::key &mu_P, const rct::key &mu_C, rct::key &s) = 0;
|
||||||
|
|
||||||
virtual bool close_tx(void) = 0;
|
virtual bool close_tx(void) = 0;
|
||||||
|
|
||||||
virtual bool has_ki_cold_sync(void) const { return false; }
|
virtual bool has_ki_cold_sync(void) const { return false; }
|
||||||
|
|
|
@ -402,6 +402,29 @@ namespace hw {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool device_default::clsag_prepare(const rct::key &p, const rct::key &z, rct::key &I, rct::key &D, const rct::key &H, rct::key &a, rct::key &aG, rct::key &aH) {
|
||||||
|
rct::skpkGen(a,aG); // aG = a*G
|
||||||
|
rct::scalarmultKey(aH,H,a); // aH = a*H
|
||||||
|
rct::scalarmultKey(I,H,p); // I = p*H
|
||||||
|
rct::scalarmultKey(D,H,z); // D = z*H
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool device_default::clsag_hash(const rct::keyV &data, rct::key &hash) {
|
||||||
|
hash = rct::hash_to_scalar(data);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool device_default::clsag_sign(const rct::key &c, const rct::key &a, const rct::key &p, const rct::key &z, const rct::key &mu_P, const rct::key &mu_C, rct::key &s) {
|
||||||
|
rct::key s0_p_mu_P;
|
||||||
|
sc_mul(s0_p_mu_P.bytes,mu_P.bytes,p.bytes);
|
||||||
|
rct::key s0_add_z_mu_C;
|
||||||
|
sc_muladd(s0_add_z_mu_C.bytes,mu_C.bytes,z.bytes,s0_p_mu_P.bytes);
|
||||||
|
sc_mulsub(s.bytes,c.bytes,s0_add_z_mu_C.bytes,a.bytes);
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
bool device_default::close_tx() {
|
bool device_default::close_tx() {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -134,6 +134,10 @@ namespace hw {
|
||||||
bool mlsag_hash(const rct::keyV &long_message, rct::key &c) override;
|
bool mlsag_hash(const rct::keyV &long_message, rct::key &c) override;
|
||||||
bool mlsag_sign(const rct::key &c, const rct::keyV &xx, const rct::keyV &alpha, const size_t rows, const size_t dsRows, rct::keyV &ss) override;
|
bool mlsag_sign(const rct::key &c, const rct::keyV &xx, const rct::keyV &alpha, const size_t rows, const size_t dsRows, rct::keyV &ss) override;
|
||||||
|
|
||||||
|
bool clsag_prepare(const rct::key &p, const rct::key &z, rct::key &I, rct::key &D, const rct::key &H, rct::key &a, rct::key &aG, rct::key &aH) override;
|
||||||
|
bool clsag_hash(const rct::keyV &data, rct::key &hash) override;
|
||||||
|
bool clsag_sign(const rct::key &c, const rct::key &a, const rct::key &p, const rct::key &z, const rct::key &mu_P, const rct::key &mu_C, rct::key &s) override;
|
||||||
|
|
||||||
bool close_tx(void) override;
|
bool close_tx(void) override;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -173,7 +173,7 @@ namespace rct {
|
||||||
// P[l] == p*G
|
// P[l] == p*G
|
||||||
// C[l] == z*G
|
// C[l] == z*G
|
||||||
// C[i] == C_nonzero[i] - C_offset (for hashing purposes) for all i
|
// C[i] == C_nonzero[i] - C_offset (for hashing purposes) for all i
|
||||||
clsag CLSAG_Gen(const key &message, const keyV & P, const key & p, const keyV & C, const key & z, const keyV & C_nonzero, const key & C_offset, const unsigned int l, const multisig_kLRki *kLRki, key *mscout, key *mspout) {
|
clsag CLSAG_Gen(const key &message, const keyV & P, const key & p, const keyV & C, const key & z, const keyV & C_nonzero, const key & C_offset, const unsigned int l, const multisig_kLRki *kLRki, key *mscout, key *mspout, hw::device &hwdev) {
|
||||||
clsag sig;
|
clsag sig;
|
||||||
size_t n = P.size(); // ring size
|
size_t n = P.size(); // ring size
|
||||||
CHECK_AND_ASSERT_THROW_MES(n == C.size(), "Signing and commitment key vector sizes must match!");
|
CHECK_AND_ASSERT_THROW_MES(n == C.size(), "Signing and commitment key vector sizes must match!");
|
||||||
|
@ -189,16 +189,21 @@ namespace rct {
|
||||||
ge_p3_tobytes(H.bytes,&H_p3);
|
ge_p3_tobytes(H.bytes,&H_p3);
|
||||||
|
|
||||||
key D;
|
key D;
|
||||||
scalarmultKey(D,H,z);
|
|
||||||
|
// Initial values
|
||||||
|
key a;
|
||||||
|
key aG;
|
||||||
|
key aH;
|
||||||
|
|
||||||
// Multisig
|
// Multisig
|
||||||
if (kLRki)
|
if (kLRki)
|
||||||
{
|
{
|
||||||
sig.I = kLRki->ki;
|
sig.I = kLRki->ki;
|
||||||
|
scalarmultKey(D,H,z);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
scalarmultKey(sig.I,H,p);
|
hwdev.clsag_prepare(p,z,sig.I,D,H,a,aG,aH);
|
||||||
}
|
}
|
||||||
|
|
||||||
geDsmp I_precomp;
|
geDsmp I_precomp;
|
||||||
|
@ -209,13 +214,6 @@ namespace rct {
|
||||||
// Offset key image
|
// Offset key image
|
||||||
scalarmultKey(sig.D,D,INV_EIGHT);
|
scalarmultKey(sig.D,D,INV_EIGHT);
|
||||||
|
|
||||||
// Initial values
|
|
||||||
key a;
|
|
||||||
key aG;
|
|
||||||
key aH;
|
|
||||||
skpkGen(a,aG);
|
|
||||||
scalarmultKey(aH,H,a);
|
|
||||||
|
|
||||||
// Aggregation hashes
|
// Aggregation hashes
|
||||||
keyV mu_P_to_hash(2*n+4); // domain, I, D, P, C, C_offset
|
keyV mu_P_to_hash(2*n+4); // domain, I, D, P, C, C_offset
|
||||||
keyV mu_C_to_hash(2*n+4); // domain, I, D, P, C, C_offset
|
keyV mu_C_to_hash(2*n+4); // domain, I, D, P, C, C_offset
|
||||||
|
@ -266,7 +264,7 @@ namespace rct {
|
||||||
c_to_hash[2*n+3] = aG;
|
c_to_hash[2*n+3] = aG;
|
||||||
c_to_hash[2*n+4] = aH;
|
c_to_hash[2*n+4] = aH;
|
||||||
}
|
}
|
||||||
c = hash_to_scalar(c_to_hash);
|
hwdev.clsag_hash(c_to_hash,c);
|
||||||
|
|
||||||
size_t i;
|
size_t i;
|
||||||
i = (l + 1) % n;
|
i = (l + 1) % n;
|
||||||
|
@ -305,7 +303,7 @@ namespace rct {
|
||||||
|
|
||||||
c_to_hash[2*n+3] = L;
|
c_to_hash[2*n+3] = L;
|
||||||
c_to_hash[2*n+4] = R;
|
c_to_hash[2*n+4] = R;
|
||||||
c_new = hash_to_scalar(c_to_hash);
|
hwdev.clsag_hash(c_to_hash,c_new);
|
||||||
copy(c,c_new);
|
copy(c,c_new);
|
||||||
|
|
||||||
i = (i + 1) % n;
|
i = (i + 1) % n;
|
||||||
|
@ -314,11 +312,8 @@ namespace rct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Compute final scalar
|
// Compute final scalar
|
||||||
key s0_p_mu_P;
|
hwdev.clsag_sign(c,a,p,z,mu_P,mu_C,sig.s[l]);
|
||||||
sc_mul(s0_p_mu_P.bytes,mu_P.bytes,p.bytes);
|
memwipe(&a, sizeof(key));
|
||||||
key s0_add_z_mu_C;
|
|
||||||
sc_muladd(s0_add_z_mu_C.bytes,mu_C.bytes,z.bytes,s0_p_mu_P.bytes);
|
|
||||||
sc_mulsub(sig.s[l].bytes,c.bytes,s0_add_z_mu_C.bytes,a.bytes);
|
|
||||||
|
|
||||||
if (mscout)
|
if (mscout)
|
||||||
*mscout = c;
|
*mscout = c;
|
||||||
|
@ -329,7 +324,7 @@ namespace rct {
|
||||||
}
|
}
|
||||||
|
|
||||||
clsag CLSAG_Gen(const key &message, const keyV & P, const key & p, const keyV & C, const key & z, const keyV & C_nonzero, const key & C_offset, const unsigned int l) {
|
clsag CLSAG_Gen(const key &message, const keyV & P, const key & p, const keyV & C, const key & z, const keyV & C_nonzero, const key & C_offset, const unsigned int l) {
|
||||||
return CLSAG_Gen(message, P, p, C, z, C_nonzero, C_offset, l, NULL, NULL, NULL);
|
return CLSAG_Gen(message, P, p, C, z, C_nonzero, C_offset, l, NULL, NULL, NULL, hw::get_device("default"));
|
||||||
}
|
}
|
||||||
|
|
||||||
// MLSAG signatures
|
// MLSAG signatures
|
||||||
|
@ -748,7 +743,7 @@ namespace rct {
|
||||||
|
|
||||||
sk[0] = copy(inSk.dest);
|
sk[0] = copy(inSk.dest);
|
||||||
sc_sub(sk[1].bytes, inSk.mask.bytes, a.bytes);
|
sc_sub(sk[1].bytes, inSk.mask.bytes, a.bytes);
|
||||||
clsag result = CLSAG_Gen(message, P, sk[0], C, sk[1], C_nonzero, Cout, index, kLRki, mscout, mspout);
|
clsag result = CLSAG_Gen(message, P, sk[0], C, sk[1], C_nonzero, Cout, index, kLRki, mscout, mspout, hwdev);
|
||||||
memwipe(sk.data(), sk.size() * sizeof(key));
|
memwipe(sk.data(), sk.size() * sizeof(key));
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
|
@ -77,8 +77,8 @@ namespace rct {
|
||||||
mgSig MLSAG_Gen(const key &message, const keyM & pk, const keyV & xx, const multisig_kLRki *kLRki, key *mscout, const unsigned int index, size_t dsRows, hw::device &hwdev);
|
mgSig MLSAG_Gen(const key &message, const keyM & pk, const keyV & xx, const multisig_kLRki *kLRki, key *mscout, const unsigned int index, size_t dsRows, hw::device &hwdev);
|
||||||
bool MLSAG_Ver(const key &message, const keyM &pk, const mgSig &sig, size_t dsRows);
|
bool MLSAG_Ver(const key &message, const keyM &pk, const mgSig &sig, size_t dsRows);
|
||||||
|
|
||||||
clsag CLSAG_Gen(const key &message, const keyV & P, const key & p, const keyV & C, const keyV & C_nonzero, const key & C_offset, const key & z, const unsigned int l, const multisig_kLRki *kLRki, key *mscout, key *mspout);
|
clsag CLSAG_Gen(const key &message, const keyV & P, const key & p, const keyV & C, const key & z, const keyV & C_nonzero, const key & C_offset, const unsigned int l, const multisig_kLRki *kLRki, key *mscout, key *mspout, hw::device &hwdev);
|
||||||
clsag CLSAG_Gen(const key &message, const keyV & P, const key & p, const keyV & C, const keyV & C_nonzero, const key & C_offset, const key & z, const unsigned int l);
|
clsag CLSAG_Gen(const key &message, const keyV & P, const key & p, const keyV & C, const key & z, const keyV & C_nonzero, const key & C_offset, const unsigned int l);
|
||||||
clsag proveRctCLSAGSimple(const key &, const ctkeyV &, const ctkey &, const key &, const key &, const multisig_kLRki *, key *, key *, unsigned int, hw::device &);
|
clsag proveRctCLSAGSimple(const key &, const ctkeyV &, const ctkey &, const key &, const key &, const multisig_kLRki *, key *, key *, unsigned int, hw::device &);
|
||||||
bool verRctCLSAGSimple(const key &, const clsag &, const ctkeyV &, const key &);
|
bool verRctCLSAGSimple(const key &, const clsag &, const ctkeyV &, const key &);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue