[WIP] Aggsig Transactions

[yeastplume]

See #399 for context

https://github.com/mimblewimble/rust-secp256k1-zkp/blob/master/src/aggsig.rs for latest state of rust aggsig API (still very subject to change)

• Integrate existing aggsig work into mimblewimble secp fork
• creation of single-sig version of API based on existing work
• Additions to single-sig API to support encoding different nonces within schnorr 'e' message (to support @tromp's additive signature scheme)
• Additions to single-sig API to support simple addition of two signatures
• (FIXED) The implementation I have doesn't verify the individual signatures AND the aggregated signature consistently, at the moment I can consistently validate one or the other, but not both. They should both work, and I'm currently working through the maths to figure out what the issue is.
• (Framework done) Automated testing to exercise this (at the moment, there are no tests in the wallet whatsover.. integration tests need to be added, probably a separate file) in grin/tests
• Updating transaction workflow between client and receiver as needed, with approach to keeping state between calls
• Updating validation
• Updating all automated tests

Note that stdout transactions are gone (as we don't have a strategy to handle them now that this is an exchange instead of a single send)

Also, I've added an optional config parameter to turn off waiting for peers on startup (which was slowing down automated testing immensely)

[yeastplume]

Updated with progress and more detailed tasks.

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@6a9a584). Click here to learn what that means.
The diff coverage is 0%.

@@           Coverage Diff           @@
##             master   #530   +/-   ##
=======================================
  Coverage          ?     0%           
=======================================
  Files             ?     33           
  Lines             ?   2922           
  Branches          ?      0           
=======================================
  Hits              ?      0           
  Misses            ?   2922           
  Partials          ?      0

Impacted Files	Coverage Δ
core/src/core/transaction.rs	0% <ø> (ø)
keychain/src/keychain.rs	0% <0%> (ø)
util/src/lib.rs	0% <0%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6a9a584...ffd1a91. Read the comment docs.

[yeastplume]

Update: This works end-to-end now, and (as advertised) produces transaction signatures without either party revealing their blinding factor (and with non-repudiation for either party).

Not complete yet, as I haven't looked at fixing up any tests that were run as a result, and there are a couple more features to add and cleanup to do. Particularly, I still need to ensure that there are multiple aggsig contexts allowed to support multiple transactions hitting the same wallet at once, and also decide when/how the receiver should decide a transaction isn't going to complete and remove the output from their wallet. But given this is still a first pass, these things can be tweaked/changed as we go along.

@antiochp @ignopeverell Probably in the state where you can start having a look/commenting on the changes (as and when you have time/inclination)

[yeastplume]

Tests passing and ready to merge, if no objections. I'm going to open up separate issues for the tasks remaining, as I'd like to get all of the up to now changes merged.

[antiochp]

This looks great.
Liking how generic the various tx building steps are during wallet interaction.

Preparing myself mentally for the merge conflicts in #215 after we merge this 😬

👍