Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch commitments #9

Merged
merged 3 commits into from
Oct 12, 2017
Merged

Switch commitments #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9666ab7
changing to own submodule fork
yeastplume Oct 12, 2017
4ec6bdf
reintroducing switch-commitment operation
yeastplume Oct 12, 2017
c809d95
replace git submodule path
yeastplume Oct 12, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion depend/secp256k1-zkp
Open in desktop
Submodule secp256k1-zkp updated 4 files
+48 −0 src/modules/rangeproof/main_impl.h
+19 −0 src/modules/rangeproof/switch.h
+19 −0 src/modules/rangeproof/switch_impl.h
+6 −1 src/secp256k1.c
18 changes: 18 additions & 0 deletions src/constants.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,3 +71,21 @@ pub const GENERATOR_Y: [u8; 32] = [
0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8
];

/// Generator H (as compressed curve point (3))
pub const GENERATOR_H : [u8;33] = [
0x11,
0x50, 0x92, 0x9b, 0x74, 0xc1, 0xa0, 0x49, 0x54,
0xb7, 0x8b, 0x4b, 0x60, 0x35, 0xe9, 0x7a, 0x5e,
0x07, 0x8a, 0x5a, 0x0f, 0x28, 0xec, 0x96, 0xd5,
0x47, 0xbf, 0xee, 0x9a, 0xce, 0x80, 0x3a, 0xc0
];

/// Generator J, for switch commitments (as compressed curve point (3))
pub const GENERATOR_J : [u8;33] = [
0x11,
0xb8, 0x60, 0xf5, 0x67, 0x95, 0xfc, 0x03, 0xf3,
0xc2, 0x16, 0x85, 0x38, 0x3d, 0x1b, 0x5a, 0x2f,
0x29, 0x54, 0xf4, 0x9b, 0x7e, 0x39, 0x8b, 0x8d,
0x2a, 0x01, 0x93, 0x93, 0x36, 0x21, 0x15, 0x5f
];
3 changes: 2 additions & 1 deletion src/ffi.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,8 @@ extern "C" {
// The commitment is 33 bytes, the blinding factor is 32 bytes.
pub fn secp256k1_switch_commit(ctx: *const Context,
commit: *mut c_uchar,
blind: *const c_uchar)
blind: *const c_uchar,
gen: *const c_uchar)
-> c_int;

// Generates a pedersen commitment: *commit = blind * G + value * G2.
Expand Down
34 changes: 7 additions & 27 deletions src/pedersen.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -334,7 +334,7 @@ impl Secp256k1 {
}
let mut commit = [0; 33];
unsafe {
ffi::secp256k1_switch_commit(self.ctx, commit.as_mut_ptr(), blind.as_ptr())
ffi::secp256k1_switch_commit(self.ctx, commit.as_mut_ptr(), blind.as_ptr(), constants::GENERATOR_J.as_ptr());
};
Ok(Commitment(commit))
}
Expand All @@ -347,16 +347,13 @@ impl Secp256k1 {
}
let mut commit = [0; 33];

// TODO - what do we need to be passing in here as the generator?
let gen = self.generator_h();

unsafe {
ffi::secp256k1_pedersen_commit(
self.ctx,
commit.as_mut_ptr(),
blind.as_ptr(),
value,
gen.as_ptr(),
constants::GENERATOR_H.as_ptr(),
)};
Ok(Commitment(commit))
}
Expand All @@ -371,16 +368,13 @@ impl Secp256k1 {
let mut commit = [0; 33];
let zblind = [0; 32];

// TODO - what do we need to be passing in here as the generator?
let gen = self.generator_h();

unsafe {
ffi::secp256k1_pedersen_commit(
self.ctx,
commit.as_mut_ptr(),
zblind.as_ptr(),
value,
gen.as_ptr(),
constants::GENERATOR_H.as_ptr(),
)};
Ok(Commitment(commit))
}
Expand Down Expand Up @@ -464,16 +458,6 @@ impl Secp256k1 {
nonce
}

// I have no idea what I'm doing but cribbing this from secp256k1-zkp seems to have
// cleaned up some of the test failures...
fn generator_h(&self) -> [u8; 33] {
[
0x11,
0x50, 0x92, 0x9b, 0x74, 0xc1, 0xa0, 0x49, 0x54, 0xb7, 0x8b, 0x4b, 0x60, 0x35, 0xe9, 0x7a, 0x5e,
0x07, 0x8a, 0x5a, 0x0f, 0x28, 0xec, 0x96, 0xd5, 0x47, 0xbf, 0xee, 0x9a, 0xce, 0x80, 0x3a, 0xc0
]
}

/// Produces a range proof for the provided value, using min and max
/// bounds, relying
/// on the blinding factor and commitment.
Expand All @@ -496,7 +480,6 @@ impl Secp256k1 {
let nonce = blind.clone();

let extra_commit = [0u8; 33];
let gen = self.generator_h();

// TODO - confirm this reworked retry logic works as expected
// pretty sure the original approach retried on success (so twice in total)
Expand All @@ -520,7 +503,7 @@ impl Secp256k1 {
message.len(),
extra_commit.as_ptr(),
0 as size_t,
gen.as_ptr(),
constants::GENERATOR_H.as_ptr(),
) == 1
};
// break out of the loop immediately on success or
Expand All @@ -547,7 +530,6 @@ impl Secp256k1 {
let mut max: u64 = 0;

let extra_commit = [0u8; 33];
let gen = self.generator_h();

let success = unsafe {
ffi::secp256k1_rangeproof_verify(
Expand All @@ -559,7 +541,7 @@ impl Secp256k1 {
proof.plen as size_t,
extra_commit.as_ptr(),
0 as size_t,
gen.as_ptr(),
constants::GENERATOR_H.as_ptr(),
) == 1
};

Expand Down Expand Up @@ -589,7 +571,6 @@ impl Secp256k1 {
let mut max: u64 = 0;

let extra_commit = [0u8; 33];
let gen = self.generator_h();

let success = unsafe {
ffi::secp256k1_rangeproof_rewind(
Expand All @@ -606,7 +587,7 @@ impl Secp256k1 {
proof.plen as size_t,
extra_commit.as_ptr(),
0 as size_t,
gen.as_ptr(),
constants::GENERATOR_H.as_ptr(),
) == 1
};

Expand All @@ -631,7 +612,6 @@ impl Secp256k1 {
let mut max: u64 = 0;

let extra_commit = [0u8; 33];
let gen = self.generator_h();

let success = unsafe {
ffi::secp256k1_rangeproof_info(
Expand All @@ -644,7 +624,7 @@ impl Secp256k1 {
proof.plen as size_t,
extra_commit.as_ptr(),
0 as size_t,
gen.as_ptr(),
constants::GENERATOR_H.as_ptr(),
) == 1
};
ProofInfo {
Expand Down