monero-project/monero
monero-project/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-01-20 17:54:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

ringct: cleanup proveRctCLSAGSimple

Browse source 
1. Document parameters
2. Document inner variables
3. Remove dead variables
4. Remove unneseccary allocations
This commit is contained in:
jeffro256 2024-12-08 03:23:59 -06:00
parent 9866a0e902
commit 79a07123b2
No known key found for this signature in database
GPG key ID: 6F79797A6E392442
1 changed files with 24 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
src/ringct/rctSigs.cpp
View file

@ -761,15 +761,22 @@ namespace rct {
return result; return result;
} }
clsag proveRctCLSAGSimple(const key &message, const ctkeyV &pubs, const ctkey &inSk, const key &a, const key &Cout, unsigned int index, hw::device &hwdev) { /**
//setup vars * brief: proveRctCLSAGSimple - given a msg, mixring, pseudo out commitment, and private keys, make a CLSAG proof
size_t rows = 1; * param: message - any message we want to sign, but normally a transaction body hash
size_t cols = pubs.size(); * param: pubs - AKA mixring, a list of referenced output pubkey and amount commitment tuples { (K_o, C_a), ... }
CHECK_AND_ASSERT_THROW_MES(cols >= 1, "Empty pubs"); * param: inSk - (x, c_a) where x is the privkey of pubs[index].dest and c_a is the blinding factor of pubs[index].mask
keyV tmp(rows + 1); * param: c_out - the blinding factor for Cout
keyV sk(rows + 1); * param: Cout - AKA the "pseudo amount commitment"
keyM M(cols, tmp); * param: index - the index of our private keys in the mixring
* return: a CLSAG that proves someone with opening knowledge of K_o[k] and C_a[k] (k unknown) signed this message
*/
clsag proveRctCLSAGSimple(const key &message, const ctkeyV &pubs, const ctkey &inSk, const key &c_out, const key &Cout, unsigned int index, hw::device &hwdev) {
CHECK_AND_ASSERT_THROW_MES(!pubs.empty(), "Empty pubs");
// P: unmodified output pubkeys K_o
// C: commitments to zero C_0 = C_a - Cout
// C_nonzero: unmodified amount commitments C_a
keyV P, C, C_nonzero; keyV P, C, C_nonzero;
P.reserve(pubs.size()); P.reserve(pubs.size());
C.reserve(pubs.size()); C.reserve(pubs.size());
@ -783,10 +790,15 @@ namespace rct {
C.push_back(tmp); C.push_back(tmp);
} }
sk[0] = copy(inSk.dest); // zero_commit_sk: private key of "true" commitment to zero c_0 s.t. C_0[index] = c_0 * G
sc_sub(sk[1].bytes, inSk.mask.bytes, a.bytes); // c_0 = c_a - c_out where:
clsag result = CLSAG_Gen(message, P, sk[0], C, sk[1], C_nonzero, Cout, index, hwdev); // c_a is the true amount commitment blinding factor and
memwipe(sk.data(), sk.size() * sizeof(key)); // c_out is the blinding factor of the pseudo amount commitment Cout
key zero_commit_sk;
sc_sub(zero_commit_sk.bytes, inSk.mask.bytes, c_out.bytes);
clsag result = CLSAG_Gen(message, P, inSk.dest, C, zero_commit_sk, C_nonzero, Cout, index, hwdev);
memwipe(&zero_commit_sk, sizeof(zero_commit_sk));
return result; return result;
} }