gitea-mirror/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2026-06-12 19:11:36 -07:00
Code Issues Packages Projects Releases Wiki Activity

ringct: merge decodeRct and decodeRctSimple

Browse Source
This commit is contained in:
jeffro256
2026-05-06 18:21:37 -05:00
parent 1a65f025ea
commit 589dd0a973
9 changed files with 14 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ringct/rctSigs.cpp
+2 -45
View File
@@ -1541,18 +1541,9 @@ namespace rct {
} }
} }
//RingCT protocol
//genRct:
// creates an rctSig with all data necessary to verify the rangeProofs and that the signer owns one of the
// columns that are claimed as inputs, and that the sum of inputs = sum of outputs.
// Also contains masked "amount" and "mask" so the receiver can see how much they received
//verRct:
// verifies that all signatures (rangeProogs, MG sig, sum inputs = outputs) are correct
//decodeRct: (c.f. https://eprint.iacr.org/2015/1098 section 5.1.1)
// uses the attached ecdh info to find the amounts represented by each output commitment
// must know the destination private key to find the correct amount, else will return a random number
xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, key & mask, hw::device &hwdev) { xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, key & mask, hw::device &hwdev) {
CHECK_AND_ASSERT_MES(rv.type == RCTTypeFull, false, "decodeRct called on non-full rctSig"); CHECK_AND_ASSERT_MES(rv.type != RCTTypeNull && rv.type <= RCTTypeBulletproofPlus,
false, "decodeRct called on unrecognized rctSig type");
CHECK_AND_ASSERT_THROW_MES(i < rv.ecdhInfo.size(), "Bad index"); CHECK_AND_ASSERT_THROW_MES(i < rv.ecdhInfo.size(), "Bad index");
CHECK_AND_ASSERT_THROW_MES(rv.outPk.size() == rv.ecdhInfo.size(), "Mismatched sizes of rv.outPk and rv.ecdhInfo"); CHECK_AND_ASSERT_THROW_MES(rv.outPk.size() == rv.ecdhInfo.size(), "Mismatched sizes of rv.outPk and rv.ecdhInfo");
@@ -1583,38 +1574,4 @@ namespace rct {
key mask; key mask;
return decodeRct(rv, sk, i, mask, hwdev); return decodeRct(rv, sk, i, mask, hwdev);
} }
xmr_amount decodeRctSimple(const rctSig & rv, const key & sk, unsigned int i, key &mask, hw::device &hwdev) {
CHECK_AND_ASSERT_MES(rv.type == RCTTypeSimple || rv.type == RCTTypeBulletproof || rv.type == RCTTypeBulletproof2 || rv.type == RCTTypeCLSAG || rv.type == RCTTypeBulletproofPlus,
false, "decodeRct called on non simple rctSig");
CHECK_AND_ASSERT_THROW_MES(i < rv.ecdhInfo.size(), "Bad index");
CHECK_AND_ASSERT_THROW_MES(rv.outPk.size() == rv.ecdhInfo.size(), "Mismatched sizes of rv.outPk and rv.ecdhInfo");
//mask amount and mask
ecdhTuple ecdh_info = rv.ecdhInfo[i];
hwdev.ecdhDecode(ecdh_info, sk, rv.type == RCTTypeBulletproof2 || rv.type == RCTTypeCLSAG || rv.type == RCTTypeBulletproofPlus);
mask = ecdh_info.mask;
key amount = ecdh_info.amount;
key C = rv.outPk[i].mask;
DP("C");
DP(C);
key Ctmp;
CHECK_AND_ASSERT_THROW_MES(sc_check(mask.bytes) == 0, "warning, bad ECDH mask");
CHECK_AND_ASSERT_THROW_MES(sc_check(amount.bytes) == 0, "warning, bad ECDH amount");
addKeys2(Ctmp, mask, amount, H);
DP("Ctmp");
DP(Ctmp);
if (equalKeys(C, Ctmp) == false) {
CHECK_AND_ASSERT_THROW_MES(false, "warning, amount decoded incorrectly, will be unable to spend");
}
rct::xmr_amount amount_8;
CHECK_AND_ASSERT_THROW_MES(h2d(amount_8, amount),
"long decoded amount contains superfluous data");
return amount_8;
}
xmr_amount decodeRctSimple(const rctSig & rv, const key & sk, unsigned int i, hw::device &hwdev) {
key mask;
return decodeRctSimple(rv, sk, i, mask, hwdev);
}
} }
src/ringct/rctSigs.h
+1 -3
View File
@@ -122,7 +122,7 @@ namespace rct {
// verifies that all signatures (rangeProogs, MG sig, sum inputs = outputs) are correct // verifies that all signatures (rangeProogs, MG sig, sum inputs = outputs) are correct
//decodeRct: (c.f. https://eprint.iacr.org/2015/1098 section 5.1.1) //decodeRct: (c.f. https://eprint.iacr.org/2015/1098 section 5.1.1)
// uses the attached ecdh info to find the amounts represented by each output commitment // uses the attached ecdh info to find the amounts represented by each output commitment
// must know the destination private key to find the correct amount, else will return a random number // must know the destination private key to find the correct amount, else will throw
rctSig genRct(const key &message, const ctkeyV & inSk, const keyV & destinations, const std::vector<xmr_amount> & amounts, const ctkeyM &mixRing, const keyV &amount_keys, unsigned int index, ctkeyV &outSk, const RCTConfig &rct_config, hw::device &hwdev); rctSig genRct(const key &message, const ctkeyV & inSk, const keyV & destinations, const std::vector<xmr_amount> & amounts, const ctkeyM &mixRing, const keyV &amount_keys, unsigned int index, ctkeyV &outSk, const RCTConfig &rct_config, hw::device &hwdev);
rctSig genRct(const key &message, const ctkeyV & inSk, const ctkeyV & inPk, const keyV & destinations, const std::vector<xmr_amount> & amounts, const keyV &amount_keys, const int mixin, const RCTConfig &rct_config, hw::device &hwdev); rctSig genRct(const key &message, const ctkeyV & inSk, const ctkeyV & inPk, const keyV & destinations, const std::vector<xmr_amount> & amounts, const keyV &amount_keys, const int mixin, const RCTConfig &rct_config, hw::device &hwdev);
rctSig genRctSimple(const key & message, const ctkeyV & inSk, const ctkeyV & inPk, const keyV & destinations, const std::vector<xmr_amount> & inamounts, const std::vector<xmr_amount> & outamounts, const keyV &amount_keys, xmr_amount txnFee, unsigned int mixin, const RCTConfig &rct_config, hw::device &hwdev); rctSig genRctSimple(const key & message, const ctkeyV & inSk, const ctkeyV & inPk, const keyV & destinations, const std::vector<xmr_amount> & inamounts, const std::vector<xmr_amount> & outamounts, const keyV &amount_keys, xmr_amount txnFee, unsigned int mixin, const RCTConfig &rct_config, hw::device &hwdev);
@@ -135,8 +135,6 @@ namespace rct {
static inline bool verRctSimple(const rctSig & rv) { return verRctSemanticsSimple(rv) && verRctNonSemanticsSimple(rv); } static inline bool verRctSimple(const rctSig & rv) { return verRctSemanticsSimple(rv) && verRctNonSemanticsSimple(rv); }
xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, key & mask, hw::device &hwdev); xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, key & mask, hw::device &hwdev);
xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, hw::device &hwdev); xmr_amount decodeRct(const rctSig & rv, const key & sk, unsigned int i, hw::device &hwdev);
xmr_amount decodeRctSimple(const rctSig & rv, const key & sk, unsigned int i, key & mask, hw::device &hwdev);
xmr_amount decodeRctSimple(const rctSig & rv, const key & sk, unsigned int i, hw::device &hwdev);
key get_pre_mlsag_hash(const rctSig &rv, hw::device &hwdev); key get_pre_mlsag_hash(const rctSig &rv, hw::device &hwdev);
} }
#endif /* RCTSIGS_H */ #endif /* RCTSIGS_H */
src/wallet/wallet2.cpp
+1 -2
View File
@@ -2186,13 +2186,12 @@ static uint64_t decodeRct(const rct::rctSig & rv, const crypto::key_derivation &
{ {
switch (rv.type) switch (rv.type)
{ {
case rct::RCTTypeFull:
case rct::RCTTypeSimple: case rct::RCTTypeSimple:
case rct::RCTTypeBulletproof: case rct::RCTTypeBulletproof:
case rct::RCTTypeBulletproof2: case rct::RCTTypeBulletproof2:
case rct::RCTTypeCLSAG: case rct::RCTTypeCLSAG:
case rct::RCTTypeBulletproofPlus: case rct::RCTTypeBulletproofPlus:
return rct::decodeRctSimple(rv, rct::sk2rct(scalar1), i, mask, hwdev);
case rct::RCTTypeFull:
return rct::decodeRct(rv, rct::sk2rct(scalar1), i, mask, hwdev); return rct::decodeRct(rv, rct::sk2rct(scalar1), i, mask, hwdev);
default: default:
LOG_ERROR("Unsupported rct type: " << rv.type); LOG_ERROR("Unsupported rct type: " << rv.type);
tests/core_tests/bulletproof_plus.cpp
+1 -5
View File
@@ -157,11 +157,7 @@ bool gen_bpp_tx_validation_base::generate_with(std::vector<test_event_entry>& ev
crypto::secret_key amount_key; crypto::secret_key amount_key;
crypto::derivation_to_scalar(derivation, o, amount_key); crypto::derivation_to_scalar(derivation, o, amount_key);
rct::key rct_tx_mask; rct::key rct_tx_mask;
const uint8_t type = rct_txes.back().rct_signatures.type; rct::decodeRct(rct_txes.back().rct_signatures, rct::sk2rct(amount_key), o, rct_tx_mask, hw::get_device("default"));
if (rct::is_rct_simple(type))
rct::decodeRctSimple(rct_txes.back().rct_signatures, rct::sk2rct(amount_key), o, rct_tx_mask, hw::get_device("default"));
else
rct::decodeRct(rct_txes.back().rct_signatures, rct::sk2rct(amount_key), o, rct_tx_mask, hw::get_device("default"));
} }
while (amounts_paid[0] != (size_t)-1) while (amounts_paid[0] != (size_t)-1)
tests/core_tests/bulletproofs.cpp
+1 -5
View File
@@ -157,11 +157,7 @@ bool gen_bp_tx_validation_base::generate_with(std::vector<test_event_entry>& eve
crypto::secret_key amount_key; crypto::secret_key amount_key;
crypto::derivation_to_scalar(derivation, o, amount_key); crypto::derivation_to_scalar(derivation, o, amount_key);
rct::key rct_tx_mask; rct::key rct_tx_mask;
const uint8_t type = rct_txes.back().rct_signatures.type; rct::decodeRct(rct_txes.back().rct_signatures, rct::sk2rct(amount_key), o, rct_tx_mask, hw::get_device("default"));
if (rct::is_rct_simple(type))
rct::decodeRctSimple(rct_txes.back().rct_signatures, rct::sk2rct(amount_key), o, rct_tx_mask, hw::get_device("default"));
else
rct::decodeRct(rct_txes.back().rct_signatures, rct::sk2rct(amount_key), o, rct_tx_mask, hw::get_device("default"));
} }
while (amounts_paid[0] != (size_t)-1) while (amounts_paid[0] != (size_t)-1)
tests/core_tests/rct.cpp
+1 -5
View File
@@ -134,11 +134,7 @@ bool gen_rct_tx_validation_base::generate_with_full(std::vector<test_event_entry
CHECK_AND_ASSERT_MES(r, false, "Failed to generate key derivation"); CHECK_AND_ASSERT_MES(r, false, "Failed to generate key derivation");
crypto::secret_key amount_key; crypto::secret_key amount_key;
crypto::derivation_to_scalar(derivation, o, amount_key); crypto::derivation_to_scalar(derivation, o, amount_key);
const uint8_t type = rct_txes[n].rct_signatures.type; rct::decodeRct(rct_txes[n].rct_signatures, rct::sk2rct(amount_key), o, rct_tx_masks[o+n*4], hw::get_device("default"));
if (rct::is_rct_simple(type))
rct::decodeRctSimple(rct_txes[n].rct_signatures, rct::sk2rct(amount_key), o, rct_tx_masks[o+n*4], hw::get_device("default"));
else
rct::decodeRct(rct_txes[n].rct_signatures, rct::sk2rct(amount_key), o, rct_tx_masks[o+n*4], hw::get_device("default"));
} }
uint64_t fee = 0; uint64_t fee = 0;
tests/core_tests/rct2.cpp
+1 -5
View File
@@ -157,11 +157,7 @@ bool gen_rct2_tx_validation_base::generate_with(std::vector<test_event_entry>& e
crypto::secret_key amount_key; crypto::secret_key amount_key;
crypto::derivation_to_scalar(derivation, o, amount_key); crypto::derivation_to_scalar(derivation, o, amount_key);
rct::key rct_tx_mask; rct::key rct_tx_mask;
const uint8_t type = rct_txes.back().rct_signatures.type; rct::decodeRct(rct_txes.back().rct_signatures, rct::sk2rct(amount_key), o, rct_tx_mask, hw::get_device("default"));
if (rct::is_rct_simple(type))
rct::decodeRctSimple(rct_txes.back().rct_signatures, rct::sk2rct(amount_key), o, rct_tx_mask, hw::get_device("default"));
else
rct::decodeRct(rct_txes.back().rct_signatures, rct::sk2rct(amount_key), o, rct_tx_mask, hw::get_device("default"));
} }
while (amounts_paid[0] != (size_t)-1) while (amounts_paid[0] != (size_t)-1)
tests/unit_tests/bulletproofs.cpp
+1 -1
View File
@@ -138,7 +138,7 @@ TEST(bulletproofs, multi_splitting)
for (size_t i = 0; i < n_outputs; ++i) for (size_t i = 0; i < n_outputs; ++i)
{ {
rct::key mask; rct::key mask;
rct::decodeRctSimple(s, amount_keys[i], i, mask, hw::get_device("default")); rct::decodeRct(s, amount_keys[i], i, mask, hw::get_device("default"));
ASSERT_TRUE(mask == outSk[i].mask); ASSERT_TRUE(mask == outSk[i].mask);
} }
} }
tests/unit_tests/ringct.cpp
+5 -5
View File
@@ -351,7 +351,7 @@ TEST(ringct, range_proofs)
ASSERT_TRUE(verRctSimple(s)); ASSERT_TRUE(verRctSimple(s));
//decode received amount //decode received amount
decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default")); decodeRct(s, amount_keys[1], 1, mask, hw::get_device("default"));
// Ring CT with failing MG sig part should not verify! // Ring CT with failing MG sig part should not verify!
// Since sum of inputs != outputs // Since sum of inputs != outputs
@@ -368,7 +368,7 @@ TEST(ringct, range_proofs)
ASSERT_FALSE(verRctSimple(s)); ASSERT_FALSE(verRctSimple(s));
//decode received amount //decode received amount
decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default")); decodeRct(s, amount_keys[1], 1, mask, hw::get_device("default"));
} }
TEST(ringct, range_proofs_with_fee) TEST(ringct, range_proofs_with_fee)
@@ -416,7 +416,7 @@ TEST(ringct, range_proofs_with_fee)
ASSERT_TRUE(verRctSimple(s)); ASSERT_TRUE(verRctSimple(s));
//decode received amount //decode received amount
decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default")); decodeRct(s, amount_keys[1], 1, mask, hw::get_device("default"));
// Ring CT with failing MG sig part should not verify! // Ring CT with failing MG sig part should not verify!
// Since sum of inputs != outputs // Since sum of inputs != outputs
@@ -433,7 +433,7 @@ TEST(ringct, range_proofs_with_fee)
ASSERT_FALSE(verRctSimple(s)); ASSERT_FALSE(verRctSimple(s));
//decode received amount //decode received amount
decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default")); decodeRct(s, amount_keys[1], 1, mask, hw::get_device("default"));
} }
TEST(ringct, simple) TEST(ringct, simple)
@@ -492,7 +492,7 @@ TEST(ringct, simple)
ASSERT_TRUE(verRctSimple(s)); ASSERT_TRUE(verRctSimple(s));
//decode received amount corresponding to output pubkey index 1 //decode received amount corresponding to output pubkey index 1
decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default")); decodeRct(s, amount_keys[1], 1, mask, hw::get_device("default"));
} }
static rct::rctSig make_sample_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], bool last_is_fee) static rct::rctSig make_sample_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], bool last_is_fee)