c77d2bfa Add the possibility to export private view key for fast scan. (cslashm)
100b7bc1 Change mutex lock model to avoid dead lock and ensure locks are always released. (cslashm)
641dfc99 Automatic height setup when creating/restoring hw device. (cslashm)
eaa8bfe7 wallet2: set from_height of GET_OUTPUT_DISTRIBUTION correctly The previous expression (stoffu)
0a619f78 wallet2: enable the mitigation only after the fork height (stoffu)
A key image may be present more than once if all but one of the
txes spending that key image are coming from blocks. When loading
a txpool from storage, we must load the one that's not from a
block first to avoid rejection
and get them pruned in find_and_save_rings, since it does not need
the pruned data in the first place.
Also set decode_to_json to false where missing, we don't need this
either.
On client startup the device asks for authorization to export the private view key.
If user agree, the client hold the private view key allowing a fast blockchain scan.
If the user does not agree, the blockchain scan is fully done via the device.
When creating/restoring wallet, if --restore-height option is not used the current estimate
height is used for starting the scan. In other words it is assume we are creating a new account.
This will avoid careless forkers polluting the shared database
even if they make their own chain. They'll then automatically
start using another subdb, and any key-reusing fork of those
forks will reuse their subdbs.
It scans for known spent outputs and stores their public keys
in a database which can then be read by the wallet, which can
then avoid using those as fake outs in new transactions.
Usage: monero-blockchain-blackball db1 db2...
This uses the shared database in ~/.shared-ringdb
If a pre-fork output is spent on both Monero and attack chain,
any post-fork output can be deduced to be a fake output, thereby
decreasing the effective ring size.
The segregate-per-fork-outputs option, on by default, allows
selecting only pre-fork outputs in this case, so that the same
ring can be used when spending it on the other side, which does
not decrease the effective ring size.
This is intended to be SET when intending to spend Monero on the
attack fork, and to be UNSET if not intending to spend Monero
on the attack fork (since it leaks the fact that the output being
spent is pre-fork).
If the user is not certain yet whether they will spend pre-fork
outputs on a key reusing fork, the key-reuse-mitigation2 option
should be SET instead.
If you use this option and intend to spend Monero on both forks,
then spend real Monero first.
This maps key images to rings, so that different forks can reuse
the rings by key image. This avoids revealing the real inputs like
would happen if two forks spent the same outputs with different
rings. This database is meant to be shared with all Monero forks
which don't bother making a new chain, putting users' privacy at
risk in the process. It is placed in a shared data directory by
default ($HOME/.shared-ringdb on UNIX like systems). You may
use --shared-ringdb-dir to override this location, and should
then do so for all Monero forks for them to share the database.
hash: add prehashed version cn_slow_hash_prehashed
slow-hash: let cn_slow_hash take 4th parameter for deciding prehashed or not
slow-hash: add support for prehashed version for the other 3 platforms
When #3303 was merged, a cyclic dependency chain was generated:
libdevice <- libcncrypto <- libringct <- libdevice
This was because libdevice needs access to a set of basic crypto operations
implemented in libringct such as scalarmultBase(), while libringct also needs
access to abstracted crypto operations implemented in libdevice such as
ecdhEncode(). To untangle this cyclic dependency chain, this patch splits libringct
into libringct_basic and libringct, where the basic crypto ops previously in
libringct are moved into libringct_basic. The cyclic dependency is now resolved
thanks to this separation:
libcncrypto <- libringct_basic <- libdevice <- libcryptonote_basic <- libringct
This eliminates the need for crypto_device.cpp and rctOps_device.cpp.
Also, many abstracted interfaces of hw::device such as encrypt_payment_id() and
get_subaddress_secret_key() were previously implemented in libcryptonote_basic
(cryptonote_format_utils.cpp) and were then called from hw::core::device_default,
which is odd because libdevice is supposed to be independent of libcryptonote_basic.
Therefore, those functions were moved to device_default.cpp.
91d97dd4 fuzz_tests: set small subaddress lookahead for speed (moneromooo-monero)
5f85cc7e wallet2: guard against overflowing of subaddress indices (moneromooo-monero)