mirror of
https://github.com/monero-project/monero.git
synced 2025-01-25 20:15:58 +00:00
ringct: do not include bulletproof commitments in signed message
Those are not serialized, but are restored from the outPk masks, so depending on what tries to validate the tx, those commitments may or may not be filled with valid data at the time. The outPk masks are already hashed as part of the rctSigBase field.
This commit is contained in:
parent
782a84f7b4
commit
8d4469a0ac
1 changed files with 3 additions and 3 deletions
|
@ -347,11 +347,11 @@ namespace rct {
|
||||||
keyV kv;
|
keyV kv;
|
||||||
if (rv.type == RCTTypeSimpleBulletproof || rv.type == RCTTypeFullBulletproof)
|
if (rv.type == RCTTypeSimpleBulletproof || rv.type == RCTTypeFullBulletproof)
|
||||||
{
|
{
|
||||||
kv.reserve((6*2+10) * rv.p.bulletproofs.size());
|
kv.reserve((6*2+9) * rv.p.bulletproofs.size());
|
||||||
for (const auto &p: rv.p.bulletproofs)
|
for (const auto &p: rv.p.bulletproofs)
|
||||||
{
|
{
|
||||||
for (size_t n = 0; n < p.V.size(); ++n)
|
// V are not hashed as they're expanded from outPk.mask
|
||||||
kv.push_back(p.V[n]);
|
// (and thus hashed as part of rctSigBase above)
|
||||||
kv.push_back(p.A);
|
kv.push_back(p.A);
|
||||||
kv.push_back(p.S);
|
kv.push_back(p.S);
|
||||||
kv.push_back(p.T1);
|
kv.push_back(p.T1);
|
||||||
|
|
Loading…
Reference in a new issue