passes all non-multisig tests

jeffro256 · Jun 7, 2024 · 866d1ef · 866d1ef
1 parent 6e3011d
commit 866d1ef
Show file tree

Hide file tree

Showing 18 changed files with 132 additions and 118 deletions.
diff --git a/src/crypto/generators.cpp b/src/crypto/generators.cpp
@@ -76,8 +76,8 @@ constexpr public_key H = bytes_to<public_key>({ 0x8b, 0x65, 0x59, 0x70, 0x15, 0x
 constexpr public_key X = bytes_to<public_key>({ 0xa4, 0xfb, 0x43, 0xca, 0x69, 0x5e, 0x12, 0x99, 0x88, 0x02, 0xa2, 0x0a, 0x15,
     0x8f, 0x12, 0xea, 0x79, 0x47, 0x4f, 0xb9, 0x01, 0x21, 0x16, 0x95, 0x6a, 0x69, 0x76, 0x7c, 0x4d, 0x41, 0x11, 0x0f });
 //seraphis generator U: keccak_to_pt(keccak("Monero Generator T"))
-constexpr public_key U = bytes_to<public_key>({ 0x10, 0x94, 0x8b, 0x00, 0xd2, 0xde, 0x50, 0xb5, 0x76, 0x99, 0x8c, 0x11, 0xe8,
-    0x3c, 0x59, 0xa7, 0x96, 0x84, 0xd2, 0x5c, 0x9f, 0x8a, 0x0d, 0xc6, 0x86, 0x45, 0x70, 0xd7, 0x97, 0xb9, 0xc1, 0x6e });
+constexpr public_key U = bytes_to<public_key>({ 0x96, 0x6f, 0xc6, 0x6b, 0x82, 0xcd, 0x56, 0xcf, 0x85, 0xea, 0xec, 0x80, 0x1c,
+    0x42, 0x84, 0x5f, 0x5f, 0x40, 0x88, 0x78, 0xd1, 0x56, 0x1e, 0x00, 0xd3, 0xd7, 0xde, 0xd2, 0x79, 0x4d, 0x09, 0x4f });
 static ge_p3 G_p3;
 static ge_p3 H_p3;
 static ge_p3 X_p3;
@@ -187,7 +187,7 @@ static void init_gens()
         static_assert(static_cast<unsigned char>(G.data[0]) == 0x58, "compile-time constant sanity check");
         static_assert(static_cast<unsigned char>(H.data[0]) == 0x8b, "compile-time constant sanity check");
         static_assert(static_cast<unsigned char>(X.data[0]) == 0xa4, "compile-time constant sanity check");
-        static_assert(static_cast<unsigned char>(U.data[0]) == 0x10, "compile-time constant sanity check");
+        static_assert(static_cast<unsigned char>(U.data[0]) == 0x96, "compile-time constant sanity check");
 
         // build ge_p3 representations of generators
         const int G_deserialize = ge_frombytes_vartime(&G_p3, to_bytes(G));
@@ -206,9 +206,6 @@ static void init_gens()
         ge_p3_to_cached(&X_cached, &X_p3);
         ge_p3_to_cached(&U_cached, &U_p3);
 
-        // @TODO: remove
-        std::cout << "U: " << epee::to_hex::string({(const unsigned char*)U.data, 32}) << std::endl;
-
         // in debug mode, check that generators are reproducible
         (void)reproduce_generator_G; assert(reproduce_generator_G() == G);
         (void)reproduce_generator_H; assert(reproduce_generator_H() == H);

diff --git a/src/seraphis_main/sp_knowledge_proof_utils.cpp b/src/seraphis_main/sp_knowledge_proof_utils.cpp
@@ -150,24 +150,20 @@ void make_address_ownership_proof_v1(const rct::key &message,
 //-------------------------------------------------------------------------------------------------------------------
 void make_address_ownership_proof_v1(const rct::key &message,
     const crypto::secret_key &k_prove_spend,
-    const crypto::secret_key &s_view_balance,
+    const crypto::secret_key &k_generate_image,
     AddressOwnershipProofV1 &proof_out)
 {
     // for address ownership of K_s
 
-    // 1. make generate image key: k_gi + H_32[s_vb]()
-    crypto::secret_key k_generate_image;
-    jamtis::make_jamtis_generateimage_key(s_view_balance, k_generate_image);
-
-    // 2. prepare K_s = k_gi X + k_ps U
+    // 1. prepare K_s = k_gi X + k_ps U
     rct::key jamtis_spend_pubkey;
     make_seraphis_spendkey(k_generate_image, k_prove_spend, jamtis_spend_pubkey);
 
-    // 3. finish the proof
+    // 2. finish the proof
     make_address_ownership_proof_v1(message,
         jamtis_spend_pubkey,
         rct::rct2sk(rct::zero()),
-        s_view_balance,
+        k_generate_image,
         k_prove_spend,
         proof_out);
 }
@@ -195,15 +191,15 @@ void make_address_ownership_proof_v1(const rct::key &message,
     crypto::secret_key x;
     jamtis::make_jamtis_spendkey_extension_g(jamtis_spend_pubkey, s_generate_address, j, x);  //k^j_g
 
-    // b. y = k^j_x + k_vb
+    // b. y = k^j_x + k_gi
     crypto::secret_key y;
     jamtis::make_jamtis_spendkey_extension_x(jamtis_spend_pubkey, s_generate_address, j, y);  //k^j_x
-    sc_add(to_bytes(y), to_bytes(s_view_balance), to_bytes(y));  //+ k_vb
+    sc_add(to_bytes(y), to_bytes(k_generate_image), to_bytes(y));  //+ k_vb
 
-    // c. z = k^j_u + k_m
+    // c. z = k^j_u + k_ps
     crypto::secret_key z;
     jamtis::make_jamtis_spendkey_extension_u(jamtis_spend_pubkey, s_generate_address, j, z);  //k^j_u
-    sc_add(to_bytes(z), to_bytes(k_generate_image), to_bytes(z));  //+ k_m
+    sc_add(to_bytes(z), to_bytes(k_prove_spend), to_bytes(z));  //+ k_m
 
     // 4. compute address
     // K^j_s = x G + y X + z U
@@ -341,7 +337,7 @@ void make_enote_ownership_proof_v1_sender_plain(const crypto::x25519_secret_key
     crypto::x25519_scmul_key(enote_ephemeral_privkey, recipient_destination.addr_Dfa, x_fa);
 
     crypto::x25519_pubkey x_ir;
-    crypto::x25519_scmul_key(enote_ephemeral_privkey, recipient_destination.addr_Dfa, x_ir);
+    crypto::x25519_scmul_key(enote_ephemeral_privkey, recipient_destination.addr_Dir, x_ir);
 
     crypto::x25519_pubkey x_ur;
     crypto::x25519_scmul_base(enote_ephemeral_privkey, x_ur);
@@ -544,14 +540,14 @@ void make_enote_key_image_proof_v1(const rct::key &onetime_address,
 //-------------------------------------------------------------------------------------------------------------------
 void make_enote_key_image_proof_v1(const SpEnoteRecordV1 &enote_record,
     const crypto::secret_key &sp_spend_privkey,
-    const crypto::secret_key &s_view_balance,
+    const crypto::secret_key &k_generate_image,
     EnoteKeyImageProofV1 &proof_out)
 {
-    // 1. y = k_x + k_vb
+    // 1. y = k_x + k_gi
     crypto::secret_key y;
-    sc_add(to_bytes(y), to_bytes(enote_record.enote_view_extension_x), to_bytes(s_view_balance));
+    sc_add(to_bytes(y), to_bytes(enote_record.enote_view_extension_x), to_bytes(k_generate_image));
 
-    // 2. z = k_u + k_m
+    // 2. z = k_u + k_ps
     crypto::secret_key z;
     sc_add(to_bytes(z), to_bytes(enote_record.enote_view_extension_u), to_bytes(sp_spend_privkey));
 
@@ -591,7 +587,7 @@ bool verify_enote_key_image_proof_v1(const EnoteKeyImageProofV1 &proof,
 //-------------------------------------------------------------------------------------------------------------------
 void make_enote_unspent_proof_v1(const SpEnoteRecordV1 &enote_record,
     const crypto::secret_key &sp_spend_privkey,
-    const crypto::secret_key &s_view_balance,
+    const crypto::secret_key &k_generate_image,
     const crypto::key_image &test_KI,
     EnoteUnspentProofV1 &proof_out)
 {
@@ -600,11 +596,11 @@ void make_enote_unspent_proof_v1(const SpEnoteRecordV1 &enote_record,
     // a. ko_g = k_g
     const crypto::secret_key kog_skey{enote_record.enote_view_extension_g};
 
-    // b. ko_x = (k_x + k_vb)
+    // b. ko_x = (k_x + k_gi)
     crypto::secret_key kox_skey;
-    sc_add(to_bytes(kox_skey), to_bytes(enote_record.enote_view_extension_x), to_bytes(s_view_balance));
+    sc_add(to_bytes(kox_skey), to_bytes(enote_record.enote_view_extension_x), to_bytes(k_generate_image));
 
-    // c. ko_u = (k_u + k_m)
+    // c. ko_u = (k_u + k_ps)
     crypto::secret_key kou_skey;
     sc_add(to_bytes(kou_skey), to_bytes(enote_record.enote_view_extension_u), to_bytes(sp_spend_privkey));
 
@@ -707,7 +703,7 @@ bool verify_enote_unspent_proof_v1(const EnoteUnspentProofV1 &proof,
 void make_tx_funded_proof_v1(const rct::key &message,
     const SpEnoteRecordV1 &enote_record,
     const crypto::secret_key &sp_spend_privkey,
-    const crypto::secret_key &s_view_balance,
+    const crypto::secret_key &k_generate_image,
     TxFundedProofV1 &proof_out)
 {
     // 1. prepare a masked version of our enote's onetime address
@@ -721,9 +717,9 @@ void make_tx_funded_proof_v1(const rct::key &message,
     crypto::secret_key x;
     sc_add(to_bytes(x), to_bytes(t_k_new), to_bytes(enote_record.enote_view_extension_g));
 
-    // b. y = k_x + k_vb
+    // b. y = k_x + k_gi
     crypto::secret_key y;
-    sc_add(to_bytes(y), to_bytes(enote_record.enote_view_extension_x), to_bytes(s_view_balance));
+    sc_add(to_bytes(y), to_bytes(enote_record.enote_view_extension_x), to_bytes(k_generate_image));
 
     // c. z = k_u + k_m
     crypto::secret_key z;
@@ -822,14 +818,18 @@ void make_reserved_enote_proof_v1(const SpContextualEnoteRecordV1 &contextual_re
         amount_commitment_ref(contextual_record.record.enote),
         amount_proof);
 
-    // 3. make key image proof
+    // 3. generate-image
+    crypto::secret_key k_generate_image;
+    jamtis::make_jamtis_generateimage_key(s_view_balance, k_generate_image);
+
+    // 4. make key image proof
     EnoteKeyImageProofV1 key_image_proof;
     make_enote_key_image_proof_v1(contextual_record.record,
         sp_spend_privkey,
-        s_view_balance,
+        k_generate_image,
         key_image_proof);
 
-    // 4. complete full proof
+    // 5. complete full proof
     make_reserved_enote_proof_v1(enote_ownership_proof,
         amount_proof,
         key_image_proof,

diff --git a/src/seraphis_main/sp_knowledge_proof_utils.h b/src/seraphis_main/sp_knowledge_proof_utils.h
@@ -71,7 +71,7 @@ void make_address_ownership_proof_v1(const rct::key &message,
     AddressOwnershipProofV1 &proof_out);
 void make_address_ownership_proof_v1(const rct::key &message,  //for K_s
     const crypto::secret_key &k_prove_spend,
-    const crypto::secret_key &s_view_balance,
+    const crypto::secret_key &k_generate_image,
     AddressOwnershipProofV1 &proof_out);
 void make_address_ownership_proof_v1(const rct::key &message,  //for K^j_s
     const crypto::secret_key &k_prove_spend,
@@ -180,7 +180,7 @@ void make_enote_key_image_proof_v1(const rct::key &onetime_address,
     EnoteKeyImageProofV1 &proof_out);
 void make_enote_key_image_proof_v1(const SpEnoteRecordV1 &enote_record,
     const crypto::secret_key &sp_spend_privkey,
-    const crypto::secret_key &s_view_balance,
+    const crypto::secret_key &k_generate_image,
     EnoteKeyImageProofV1 &proof_out);
 /**
 * brief: verify enote key image proof
@@ -196,13 +196,13 @@ bool verify_enote_key_image_proof_v1(const EnoteKeyImageProofV1 &proof,
 * brief: make an enote unspent proof
 * param: enote_record - record of the enote for this proof
 * param: sp_spend_privkey - k_ps
-* param: s_view_balance - k_vb
+* param: k_generate_image - k_gi
 * param: test_KI - key image this proof shows does NOT correspond to the proof enote
 * outparam: proof_out - proof created
 */
 void make_enote_unspent_proof_v1(const SpEnoteRecordV1 &enote_record,
     const crypto::secret_key &sp_spend_privkey,
-    const crypto::secret_key &s_view_balance,
+    const crypto::secret_key &k_generate_image,
     const crypto::key_image &test_KI,
     EnoteUnspentProofV1 &proof_out);
 /**
@@ -219,15 +219,14 @@ bool verify_enote_unspent_proof_v1(const EnoteUnspentProofV1 &proof,
 * brief: make a funded tx proof
 * param: message - message provided by verifier
 * param: enote_record - enote_record containing all the mask openings 
-* param: onetime_address - address which has the format xG + yX + zU. 
-* param: k_vb - view_balance secret key 
-* param: k_ps - prove spend key 
+* param: sp_spend_privkey - k_ps
+* param: k_generate_image - k_gi
 * outparam: proof_out - proof created
 */
 void make_tx_funded_proof_v1(const rct::key &message,
     const SpEnoteRecordV1 &enote_record,
     const crypto::secret_key &sp_spend_privkey,
-    const crypto::secret_key &s_view_balance,
+    const crypto::secret_key &k_generate_image,
     TxFundedProofV1 &proof_out);
 /**
 * brief: verify funded tx proof

diff --git a/src/seraphis_main/tx_builder_types.cpp b/src/seraphis_main/tx_builder_types.cpp
@@ -147,7 +147,7 @@ void get_coinbase_output_proposals_v1(const SpCoinbaseTxProposalV1 &tx_proposal,
 }
 //-------------------------------------------------------------------------------------------------------------------
 void get_output_proposals_v1(const SpTxProposalV1 &tx_proposal,
-    const crypto::secret_key &k_view_balance,
+    const crypto::secret_key &s_view_balance,
     std::vector<SpOutputProposalV1> &output_proposals_out)
 {
     CHECK_AND_ASSERT_THROW_MES(tx_proposal.normal_payment_proposals.size() +
@@ -172,7 +172,7 @@ void get_output_proposals_v1(const SpTxProposalV1 &tx_proposal,
         tx_proposal.selfsend_payment_proposals)
     {
         make_v1_output_proposal_v1(selfsend_payment_proposal,
-            k_view_balance,
+            s_view_balance,
             input_context,
             tools::add_element(output_proposals_out));
     }
@@ -185,12 +185,12 @@ void get_output_proposals_v1(const SpTxProposalV1 &tx_proposal,
 //-------------------------------------------------------------------------------------------------------------------
 void get_tx_proposal_prefix_v1(const SpTxProposalV1 &tx_proposal,
     const tx_version_t &tx_version,
-    const crypto::secret_key &k_view_balance,
+    const crypto::secret_key &s_view_balance,
     rct::key &tx_proposal_prefix_out)
 {
     // get output proposals
     std::vector<SpOutputProposalV1> output_proposals;
-    get_output_proposals_v1(tx_proposal, k_view_balance, output_proposals);
+    get_output_proposals_v1(tx_proposal, s_view_balance, output_proposals);
 
     // sanity check semantics
     check_v1_output_proposal_set_semantics_v1(output_proposals);
@@ -251,11 +251,11 @@ std::uint8_t get_shared_num_primary_view_tag_bits(
 }
 //-------------------------------------------------------------------------------------------------------------------
 SpInputProposalV1 gen_sp_input_proposal_v1(const crypto::secret_key &sp_spend_privkey,
-    const crypto::secret_key &k_view_balance,
+    const crypto::secret_key &k_generate_image,
     const rct::xmr_amount amount)
 {
     SpInputProposalV1 temp;
-    temp.core = gen_sp_input_proposal_core(sp_spend_privkey, k_view_balance, amount);
+    temp.core = gen_sp_input_proposal_core(sp_spend_privkey, k_generate_image, amount);
     return temp;
 }
 //-------------------------------------------------------------------------------------------------------------------

diff --git a/src/seraphis_main/tx_builder_types.h b/src/seraphis_main/tx_builder_types.h
@@ -286,22 +286,22 @@ void get_coinbase_output_proposals_v1(const SpCoinbaseTxProposalV1 &tx_proposal,
 /**
 * brief: get_coinbase_output_proposals_v1 - convert the tx proposal's payment proposals into output proposals
 * param: tx_proposal -
-* param: k_view_balance -
+* param: s_view_balance -
 * outparam: output_proposals_out -
 */
 void get_output_proposals_v1(const SpTxProposalV1 &tx_proposal,
-    const crypto::secret_key &k_view_balance,
+    const crypto::secret_key &s_view_balance,
     std::vector<SpOutputProposalV1> &output_proposals_out);
 /**
 * brief: get_tx_proposal_prefix_v1 - get the message to be signed by input spend proofs
 * param: tx_proposal -
 * param: tx_version -
-* param: k_view_balance -
+* param: s_view_balance -
 * outparam: tx_proposal_prefix_out -
 */
 void get_tx_proposal_prefix_v1(const SpTxProposalV1 &tx_proposal,
     const tx_version_t &tx_version,
-    const crypto::secret_key &k_view_balance,
+    const crypto::secret_key &s_view_balance,
     rct::key &tx_proposal_prefix_out);
 /**
 * brief: get_shared_num_primary_view_tag_bits - get single shared value of npbits among payment/output proposals
@@ -317,12 +317,12 @@ std::uint8_t get_shared_num_primary_view_tag_bits(
 /**
 * brief: gen_sp_input_proposal_v1 - generate an input proposal
 * param: sp_spend_privkey -
-* param: k_view_balance -
+* param: k_generate_image -
 * param: amount -
 * return: random input proposal
 */
 SpInputProposalV1 gen_sp_input_proposal_v1(const crypto::secret_key &sp_spend_privkey,
-    const crypto::secret_key &k_view_balance,
+    const crypto::secret_key &k_generate_image,
     const rct::xmr_amount amount);
 /**
 * brief: gen_sp_coinbase_output_proposal_v1 - generate a coinbase output proposal