Merge branch 'development' into release1

incognitochain · Apr 26, 2023 · 1bd6541 · 1bd6541
2 parents 321af37 + 214a4b4
commit 1bd6541
Show file tree

Hide file tree

Showing 9 changed files with 155 additions and 65 deletions.
diff --git a/config/local/param.yaml b/config/local/param.yaml
@@ -166,6 +166,9 @@ auto_enable_feature:
       min_trigger: 1
       force_trigger: 1
       require_percentage: 100
+  - fixbulletproof:
+      min_trigger: 20
+      require_percentage: 85
 blocktime_param:
   - "blocktimedef": 10
   - "blocktime20": 20

diff --git a/config/mainnet/param.yaml b/config/mainnet/param.yaml
@@ -173,6 +173,9 @@ auto_enable_feature:
   - delegation:
       min_trigger: 3160740
       require_percentage: 85
+  - fixbulletproof:
+      min_trigger: 1e9
+      require_percentage: 85
 blocktime_param:
   - "blocktimedef": 40
   - "blocktime20s_15_9": 20
@@ -192,4 +195,5 @@ bridge_agg_param:
   max_len_of_path: 3  # Only increase this param after deployed
   percent_fee_decimal: 1e6
   default_percent_fee_with_decimal: 750 # 0.075% * 1e6
-bc_height_break_point_coin_origin: 2087774
+bc_height_break_point_coin_origin: 2087774
+bc_height_break_point_agg_proof_v2: 3322000
diff --git a/config/testnet-1/param.yaml b/config/testnet-1/param.yaml
@@ -126,6 +126,9 @@ auto_enable_feature:
       min_trigger: 10892003
       force_trigger: 1000000000
       require_percentage: 90
+  - fixbulletproof:
+      min_trigger: 1e9
+      require_percentage: 85
 blocktime_param:
   - "blocktimedef": 40
   - "blocktime20": 20

diff --git a/config/testnet-2/param.yaml b/config/testnet-2/param.yaml
@@ -207,6 +207,9 @@ auto_enable_feature:
   - delegation:
       min_trigger: 6508800
       require_percentage: 90
+  - fixbulletproof:
+      min_trigger: 1e9
+      require_percentage: 85
 blocktime_param:
   - "blocktimedef": 10
   - "blocktime30s_23_8": 30

diff --git a/mempool/mempool.go b/mempool/mempool.go
@@ -387,6 +387,7 @@ func (tp *TxPool) maybeAcceptBatchTransaction(shardView *blockchain.ShardBestSta
 	boolParams["isBatch"] = true
 	boolParams["isNewZKP"] = tp.config.BlockChain.IsAfterNewZKPCheckPoint(uint64(beaconHeight))
 	boolParams["v2Only"] = tp.config.BlockChain.IsAfterPrivacyV2CheckPoint(uint64(beaconHeight))
+	boolParams["isAggProofV2"] = beaconView.TriggeredFeature["fixbulletproof"] > 0
 
 	ok, err, _ := batch.Validate(shardView.GetCopiedTransactionStateDB(), beaconView.GetBeaconFeatureStateDB(), boolParams)
 	if err != nil {
@@ -662,6 +663,7 @@ func (tp *TxPool) validateTransaction(shardView *blockchain.ShardBestState, beac
 		boolParams["isNewTransaction"] = isNewTransaction
 		boolParams["isNewZKP"] = tp.config.BlockChain.IsAfterNewZKPCheckPoint(uint64(beaconHeight))
 		boolParams["v2Only"] = tp.config.BlockChain.IsAfterPrivacyV2CheckPoint(uint64(beaconHeight))
+		boolParams["isAggProofV2"] = beaconView.TriggeredFeature["fixbulletproof"] > 0
 		validated, errValidateTxByItself := tx.ValidateTxByItself(boolParams, shardView.GetCopiedTransactionStateDB(), beaconView.GetBeaconFeatureStateDB(), tp.config.BlockChain, shardID, nil, nil)
 		if !validated {
 			return NewMempoolTxError(RejectInvalidTx, errValidateTxByItself)

diff --git a/privacy/privacy_v2/bulletproofs/bulletproofs.go b/privacy/privacy_v2/bulletproofs/bulletproofs.go
@@ -20,6 +20,7 @@ type AggregatedRangeWitness struct {
 // AggregatedRangeProof is the struct for Bulletproof.
 // The statement being proven is that output coins' values are in the uint64 range.
 type AggregatedRangeProof struct {
+	version           uint8
 	cmsValue          []*operation.Point
 	a                 *operation.Point
 	s                 *operation.Point
@@ -43,6 +44,10 @@ type bulletproofParams struct {
 // AggParam contains global Bulletproofs parameters `g, h, u, cs`
 var AggParam = newBulletproofParams(privacy_util.MaxOutputCoin)
 
+func (proof AggregatedRangeProof) GetVersion() uint8 {
+	return proof.version
+}
+
 // ValidateSanity performs sanity checks for this proof.
 func (proof AggregatedRangeProof) ValidateSanity() bool {
 	for i := 0; i < len(proof.cmsValue); i++ {
@@ -70,6 +75,7 @@ func (proof *AggregatedRangeProof) Init() {
 	proof.tHat = new(operation.Scalar)
 	proof.mu = new(operation.Scalar)
 	proof.innerProductProof = new(InnerProductProof).Init()
+	proof.version = 2
 }
 
 // IsNil returns true if any field in this proof is nil
@@ -107,6 +113,10 @@ func (proof *AggregatedRangeProof) SetCommitments(cmsValue []*operation.Point) {
 // Bytes marshals the proof into a byte slice
 func (proof AggregatedRangeProof) Bytes() []byte {
 	var res []byte
+	if proof.version >= 2 {
+		res = append(res, byte(0))
+		res = append(res, byte(proof.version))
+	}
 
 	if proof.IsNil() {
 		return []byte{}
@@ -136,6 +146,14 @@ func (proof *AggregatedRangeProof) SetBytes(bytes []byte) error {
 		return nil
 	}
 
+	if bytes[0] == 0 {
+		// parse version
+		proof.version = uint8(bytes[1])
+		bytes = bytes[2:]
+	} else {
+		proof.version = 1
+	}
+
 	lenValues := int(bytes[0])
 	offset := 1
 	var err error
@@ -228,6 +246,7 @@ func (wit *AggregatedRangeWitness) Set(values []uint64, rands []*operation.Scala
 
 func (wit AggregatedRangeWitness) Prove() (*AggregatedRangeProof, error) {
 	proof := new(AggregatedRangeProof)
+	proof.Init()
 	numValue := len(wit.values)
 	if numValue > privacy_util.MaxOutputCoin {
 		return nil, fmt.Errorf("output count exceeds MaxOutputCoin")
@@ -251,8 +270,12 @@ func (wit AggregatedRangeWitness) Prove() (*AggregatedRangeProof, error) {
 
 	// Pedersen commitments: V = g^v * h^r
 	proof.cmsValue = make([]*operation.Point, numValue)
+	initChal := aggParam.cs.ToBytesS()
 	for i := 0; i < numValue; i++ {
 		proof.cmsValue[i] = operation.PedCom.CommitAtIndex(new(operation.Scalar).FromUint64(values[i]), rands[i], operation.PedersenValueIndex)
+		if proof.version >= 2 {
+			initChal = append(initChal, proof.cmsValue[i].ToBytesS()...)
+		}
 	}
 	// Convert values to binary array
 	aL := make([]*operation.Scalar, N)
@@ -290,7 +313,7 @@ func (wit AggregatedRangeWitness) Prove() (*AggregatedRangeProof, error) {
 	proof.s = mbuilder.Eval()
 
 	// challenge y, z
-	y := generateChallenge(aggParam.cs.ToBytesS(), []*operation.Point{proof.a, proof.s})
+	y := generateChallenge(initChal, []*operation.Point{proof.a, proof.s})
 	z := generateChallenge(y.ToBytesS(), []*operation.Point{proof.a, proof.s})
 
 	// LINE 51-54
@@ -421,12 +444,18 @@ func (proof AggregatedRangeProof) simpleVerify() (bool, error) {
 	aggParam := setAggregateParams(N)
 
 	cmsValue := proof.cmsValue
+	initChal := aggParam.cs.ToBytesS()
+	for i := 0; i < numValue; i++ {
+		if proof.version >= 2 {
+			initChal = append(initChal, proof.cmsValue[i].ToBytesS()...)
+		}
+	}
 	for i := numValue; i < numValuePad; i++ {
 		cmsValue = append(cmsValue, operation.NewIdentityPoint())
 	}
 
 	// recalculate challenge y, z
-	y := generateChallenge(aggParam.cs.ToBytesS(), []*operation.Point{proof.a, proof.s})
+	y := generateChallenge(initChal, []*operation.Point{proof.a, proof.s})
 	z := generateChallenge(y.ToBytesS(), []*operation.Point{proof.a, proof.s})
 	zSquare := new(operation.Scalar).Mul(z, z)
 	zNeg := new(operation.Scalar).Sub(new(operation.Scalar).FromUint64(0), z)
@@ -524,9 +553,15 @@ func (proof AggregatedRangeProof) buildVerify(gval *operation.Point) (*operation
 	for i := numValue; i < numValuePad; i++ {
 		cmsValue = append(cmsValue, operation.NewIdentityPoint())
 	}
+	initChal := aggParam.cs.ToBytesS()
+	for i := 0; i < numValue; i++ {
+		if proof.version >= 2 {
+			initChal = append(initChal, proof.cmsValue[i].ToBytesS()...)
+		}
+	}
 
 	// recalculate challenge y, z
-	y := generateChallenge(aggParam.cs.ToBytesS(), []*operation.Point{proof.a, proof.s})
+	y := generateChallenge(initChal, []*operation.Point{proof.a, proof.s})
 	z := generateChallenge(y.ToBytesS(), []*operation.Point{proof.a, proof.s})
 	zSquare := new(operation.Scalar).Mul(z, z)
 	zNeg := new(operation.Scalar).Sub(new(operation.Scalar).FromUint64(0), z)

diff --git a/privacy/privacy_v2/bulletproofs/bulletproofs_ca.go b/privacy/privacy_v2/bulletproofs/bulletproofs_ca.go
@@ -24,6 +24,7 @@ func GetFirstAssetTag(coins []*coin.CoinV2) (*operation.Point, error) {
 // ProveUsingBase runs like the Bulletproof Prove function, except it sets a Pedersen base point before proving.
 func (wit AggregatedRangeWitness) ProveUsingBase(gval *operation.Point) (*AggregatedRangeProof, error) {
 	proof := new(AggregatedRangeProof)
+	proof.Init()
 	numValue := len(wit.values)
 	if numValue > privacy_util.MaxOutputCoin {
 		return nil, fmt.Errorf("output count exceeds MaxOutputCoin")
@@ -46,8 +47,12 @@ func (wit AggregatedRangeWitness) ProveUsingBase(gval *operation.Point) (*Aggreg
 	}
 
 	proof.cmsValue = make([]*operation.Point, numValue)
+	initChal := aggParam.cs.ToBytesS()
 	for i := 0; i < numValue; i++ {
 		proof.cmsValue[i] = new(operation.Point).AddPedersen(new(operation.Scalar).FromUint64(values[i]), gval, rands[i], operation.PedCom.G[operation.PedersenRandomnessIndex])
+		if proof.version >= 2 {
+			initChal = append(initChal, proof.cmsValue[i].ToBytesS()...)
+		}
 	}
 	// Convert values to binary array
 	aL := make([]*operation.Scalar, N)
@@ -85,7 +90,7 @@ func (wit AggregatedRangeWitness) ProveUsingBase(gval *operation.Point) (*Aggreg
 	mbuilder.AppendSingle(rho, operation.HBase)
 	proof.s = mbuilder.Eval()
 	// challenge y, z
-	y := generateChallenge(aggParam.cs.ToBytesS(), []*operation.Point{proof.a, proof.s})
+	y := generateChallenge(initChal, []*operation.Point{proof.a, proof.s})
 	z := generateChallenge(y.ToBytesS(), []*operation.Point{proof.a, proof.s})
 
 	// LINE 51-54

diff --git a/privacy/privacy_v2/bulletproofs/bulletproofs_test.go b/privacy/privacy_v2/bulletproofs/bulletproofs_test.go
@@ -39,41 +39,43 @@ var (
 	rangeProof   *AggregatedRangeProof
 	rangeProofV1 *bulletproofsV1.AggregatedRangeProof
 
-	batchedProofs, batchedProofsV1 = func() ([]*AggregatedRangeProof, []*bulletproofsV1.AggregatedRangeProof) {
-		result := make([]*AggregatedRangeProof, batchLen)
-		resultV1 := make([]*bulletproofsV1.AggregatedRangeProof, batchLen)
-		fmt.Printf("batch %d with %d CA proofs\n", batchLen, batchLenCA)
-		for i := 0; i < batchLen; i++ {
-			numOutputs := []int{1, 2, 4}[rand.Int()%3] // can use other distribution
-			// fmt.Printf("%d outputs\n", numOutputs)
-			values := make([]uint64, numOutputs)
-			rands := make([]*operation.Scalar, numOutputs)
-			for i := range values {
-				values[i] = uint64(rand.Uint64())
-				rands[i] = operation.RandomScalar()
-			}
-			wit := new(AggregatedRangeWitness)
-			wit.Set(values, rands)
-			var err error
-			if batchBases[i] == nil {
-				result[i], err = wit.Prove()
-				if err != nil {
-					panic(err)
-				}
-			} else {
-				result[i], err = wit.ProveUsingBase(batchBases[i])
-				if err != nil {
-					panic(err)
-				}
-			}
-			resultV1[i] = new(bulletproofsV1.AggregatedRangeProof)
-			err = resultV1[i].SetBytes(result[i].Bytes())
-			if err != nil {
-				panic(err)
-			}
-		}
-		return result, resultV1
-	}()
+	batchedProofs   []*AggregatedRangeProof
+	batchedProofsV1 []*bulletproofsV1.AggregatedRangeProof
+	// batchedProofs, batchedProofsV1 = func() ([]*AggregatedRangeProof, []*bulletproofsV1.AggregatedRangeProof) {
+	// 	result := make([]*AggregatedRangeProof, batchLen)
+	// 	resultV1 := make([]*bulletproofsV1.AggregatedRangeProof, batchLen)
+	// 	fmt.Printf("batch %d with %d CA proofs\n", batchLen, batchLenCA)
+	// 	for i := 0; i < batchLen; i++ {
+	// 		numOutputs := []int{1, 2, 4}[rand.Int()%3] // can use other distribution
+	// 		// fmt.Printf("%d outputs\n", numOutputs)
+	// 		values := make([]uint64, numOutputs)
+	// 		rands := make([]*operation.Scalar, numOutputs)
+	// 		for i := range values {
+	// 			values[i] = uint64(rand.Uint64())
+	// 			rands[i] = operation.RandomScalar()
+	// 		}
+	// 		wit := new(AggregatedRangeWitness)
+	// 		wit.Set(values, rands)
+	// 		var err error
+	// 		if batchBases[i] == nil {
+	// 			result[i], err = wit.Prove()
+	// 			if err != nil {
+	// 				panic(err)
+	// 			}
+	// 		} else {
+	// 			result[i], err = wit.ProveUsingBase(batchBases[i])
+	// 			if err != nil {
+	// 				panic(err)
+	// 			}
+	// 		}
+	// 		resultV1[i] = new(bulletproofsV1.AggregatedRangeProof)
+	// 		err = resultV1[i].SetBytes(result[i].Bytes())
+	// 		if err != nil {
+	// 			panic(err)
+	// 		}
+	// 	}
+	// 	return result, resultV1
+	// }()
 )
 
 type fnProve = func(values []uint64, rands []*operation.Scalar, rands2 []*operationV1.Scalar)
@@ -722,28 +724,7 @@ func TestProveVerifyRangeProof(t *testing.T) {
 		rands[i] = operation.RandomScalar()
 		rands2[i] = (&operationV1.Scalar{}).FromBytesS(rands[i].ToBytesS())
 	}
-	// old prover + new verifier
-	{
-		wit := new(bulletproofsV1.AggregatedRangeWitness)
-		wit.Set(values, rands2)
-		proof, err := wit.Prove()
-		Nil(t, err)
-		valid, err := proof.VerifyFaster()
-		Nil(t, err)
-		True(t, valid)
 
-		proofAgain := &AggregatedRangeProof{}
-
-		// fmt.Printf("proof 1 %x\n", proof.Bytes())
-		err = proofAgain.SetBytes(proof.Bytes())
-		// fmt.Printf("proof 2 %x\n", proofAgain.Bytes())
-		Nil(t, err)
-		valid, err = proofAgain.Verify()
-		Nil(t, err)
-		True(t, valid)
-	}
-
-	// new prover + old verifier
 	{
 		wit := new(AggregatedRangeWitness)
 		wit.Set(values, rands)
@@ -753,16 +734,58 @@ func TestProveVerifyRangeProof(t *testing.T) {
 		Nil(t, err)
 		True(t, valid)
 
-		proofAgain := &bulletproofsV1.AggregatedRangeProof{}
+		proofAgain := &AggregatedRangeProof{}
+
 		// fmt.Printf("proof 1 %x\n", proof.Bytes())
 		err = proofAgain.SetBytes(proof.Bytes())
 		// fmt.Printf("proof 2 %x\n", proofAgain.Bytes())
 		Nil(t, err)
 		valid, err = proofAgain.Verify()
 		Nil(t, err)
 		True(t, valid)
-		valid, err = proofAgain.VerifyFaster()
-		Nil(t, err)
-		True(t, valid)
 	}
+
+	// old prover + new verifier
+	// {
+	// 	wit := new(bulletproofsV1.AggregatedRangeWitness)
+	// 	wit.Set(values, rands2)
+	// 	proof, err := wit.Prove()
+	// 	Nil(t, err)
+	// 	valid, err := proof.VerifyFaster()
+	// 	Nil(t, err)
+	// 	True(t, valid)
+
+	// 	proofAgain := &AggregatedRangeProof{}
+
+	// 	// fmt.Printf("proof 1 %x\n", proof.Bytes())
+	// 	err = proofAgain.SetBytes(proof.Bytes())
+	// 	// fmt.Printf("proof 2 %x\n", proofAgain.Bytes())
+	// 	Nil(t, err)
+	// 	valid, err = proofAgain.Verify()
+	// 	Nil(t, err)
+	// 	True(t, valid)
+	// }
+
+	// // new prover + old verifier
+	// {
+	// 	wit := new(AggregatedRangeWitness)
+	// 	wit.Set(values, rands)
+	// 	proof, err := wit.Prove()
+	// 	Nil(t, err)
+	// 	valid, err := proof.Verify()
+	// 	Nil(t, err)
+	// 	True(t, valid)
+
+	// 	proofAgain := &bulletproofsV1.AggregatedRangeProof{}
+	// 	// fmt.Printf("proof 1 %x\n", proof.Bytes())
+	// 	err = proofAgain.SetBytes(proof.Bytes())
+	// 	// fmt.Printf("proof 2 %x\n", proofAgain.Bytes())
+	// 	Nil(t, err)
+	// 	valid, err = proofAgain.Verify()
+	// 	Nil(t, err)
+	// 	True(t, valid)
+	// 	valid, err = proofAgain.VerifyFaster()
+	// 	Nil(t, err)
+	// 	True(t, valid)
+	// }
 }