Updated rct code with ring multisig and fixing key image bug I found …

…last night
monero-project · Feb 7, 2016 · b215a98 · b215a98
1 parent bfb18a0
commit b215a98
Show file tree

Hide file tree

Showing 11 changed files with 274 additions and 214 deletions.
diff --git a/source-code/MiniNero/brief/MakeClass.lua b/source-code/MiniNero/brief/MakeClass.lua
diff --git a/source-code/MiniNero/brief/runtest.bat b/source-code/MiniNero/brief/runtest.bat
diff --git a/source-code/MiniNero/brief/runtest.sh b/source-code/MiniNero/brief/runtest.sh
diff --git a/source-code/MiniNero/brief/runtest2.sh b/source-code/MiniNero/brief/runtest2.sh
diff --git a/source-code/MiniNero/brief/tasks.bat b/source-code/MiniNero/brief/tasks.bat
diff --git a/source-code/RingCT/rctMSig.cpp b/source-code/RingCT/rctMSig.cpp
@@ -34,4 +34,74 @@ using namespace std;
 
 namespace rct {
 
-    }
+    int i;
+    //Generate Signing Keys 
+    //This function is called by each participant in 
+    //A ring multisignature transaction. 
+    //The participant will send the returned parameters 
+    //to whomever is managing the transaction. 
+    //returns a, aG, aHP and I 
+    tuple<key, key, key, key> InitiateRMS(key x) {
+        key I = scalarmultKey(hashToPoint(scalarmultBase(x)), x);
+        key a, aG;
+        skpkGen(a, aG);
+        key aHP = scalarmultKey(hashToPoint(scalarmultBase(x)), a);
+        return make_tuple(a, aG, aHP, I);
+    }
+
+    //returns "c" which is the last index needed to get the last s-values
+    key rmsMgSigStart(const keyM & pk, mgSig & rv, keyV aG, keyV aHP, const int index) {
+
+		int rows = pk[0].size();
+		int cols = pk.size();
+		if (cols < 2) {
+			printf("Error! What is c if cols = 1!");
+		}
+		int i = 0, j = 0;
+		key c, c_old, c0, L, R, Hi;
+        sc_0(c_old.bytes);
+		vector<ge_dsmp> Ip(rows);
+		rv.ss = keyM(cols, rv.II);
+        unsigned char m2[96]; 
+		for (i = 0; i < rows; i++) {
+            memcpy(m2, pk[index][i].bytes, 32);
+            memcpy(m2 + 32, aG[i].bytes, 32);
+            memcpy(m2 + 64, aHP[i].bytes, 32);
+			precomp(Ip[i], rv.II[i]);
+            sc_add(c_old.bytes, c_old.bytes, cn_fast_hash96(m2).bytes);
+		}
+
+		int oldi = index;
+		i = (index + 1) % cols;
+		while (i != index) {
+
+			rv.ss[i] = skvGen(rows);            
+            sc_0(c.bytes);
+			for (j = 0; j < rows; j++) {
+				addKeys2(L, rv.ss[i][j], c_old, pk[i][j]);
+				hashToPoint(Hi, pk[i][j]);
+				addKeys3(R, rv.ss[i][j], Hi, c_old, Ip[j]);
+                memcpy(m2, pk[i][j].bytes, 32);
+                memcpy(m2 + 32, L.bytes, 32);
+                memcpy(m2 + 64, R.bytes, 32);      
+                sc_add(c.bytes, c.bytes, cn_fast_hash96(m2).bytes);
+			}
+            c_old = copy(c);
+            if (i == 0) { 
+                c0 = copy(c);
+			}
+			oldi = i;
+			i = (i + 1) % cols;
+		}
+		return c;
+	}
+
+    //have to return s = a - cx
+    //for each participant in the MG sig..
+    key rmsSign(key a, key c, key x) {
+        key s;
+        sc_mulsub(s.bytes, c.bytes, x.bytes, a.bytes);
+        return s;
+    }
+
+}
diff --git a/source-code/RingCT/rctMSig.h b/source-code/RingCT/rctMSig.h
@@ -50,6 +50,7 @@
 
 #include "rctTypes.h"
 #include "rctOps.h"
+#include "rctSigs.h"
 
 
 
@@ -58,11 +59,8 @@ using namespace std;
 using namespace crypto;
 
 namespace rct {
-
-    int i;
-    //rctSig genRMS(ctkeyV & inSk, ctkeyV  & inPk, const keyV & destinations, const vector<xmr_amount> amounts, const int mixin);
-
-
-
+    tuple<key, key, key, key> InitiateRMS(key x);
+    key rmsMgSigStart(const keyM & pk, mgSig & rv, keyV aG, keyV aHP, const int index);
+    key rmsSign(key a, key c, key x) ;
 }
 #endif
diff --git a/source-code/RingCT/rctOps.cpp b/source-code/RingCT/rctOps.cpp
@@ -352,16 +352,43 @@ namespace rct {
         sc_reduce32(hash.bytes);
         return hash;
     }
-
-    //returns cn_fast_hash(input) * G where G is the basepoint
-    key hashToPoint(const key & in) {
-        return scalarmultBase(cn_fast_hash(in));
+
+    //cn_fast_hash for a 96 byte unsigned char
+    key cn_fast_hash96(const void * in) {
+        uint8_t md2[32];
+        int j = 0;
+        key hash;
+        keccak((uint8_t *)in, 96, md2, 32);
+        for (j = 0; j < 32; j++) {
+            hash[j] = (unsigned char)md2[j];
+        }
+        sc_reduce32(hash.bytes);
+        return hash;
     }
-
-    //returns cn_fast_hash(input) * G where G is the basepoint
-    void hashToPoint(key & out, const key & in) {
-        scalarmultBase(out, cn_fast_hash(in));
+
+    key hashToPoint(const key & hh) {
+        key pointk;
+        ge_p2 point;
+        ge_p1p1 point2;
+        ge_p3 res;
+        key h = cn_fast_hash(hh); 
+        ge_fromfe_frombytes_vartime(&point, h.bytes);
+        ge_mul8(&point2, &point);
+        ge_p1p1_to_p3(&res, &point2);        
+        ge_p3_tobytes(pointk.bytes, &res);
+        return pointk;
     }
+
+    void hashToPoint(key & pointk, const key & hh) {
+        ge_p2 point;
+        ge_p1p1 point2;
+        ge_p3 res;
+        key h = cn_fast_hash(hh); 
+        ge_fromfe_frombytes_vartime(&point, h.bytes);
+        ge_mul8(&point2, &point);
+        ge_p1p1_to_p3(&res, &point2);        
+        ge_p3_tobytes(pointk.bytes, &res);
+    }    
 
     //sums a vector of curve points (for scalars use sc_add)
     void sumKeys(key & Csum, const keyV &  Cis) {

diff --git a/source-code/RingCT/rctOps.h b/source-code/RingCT/rctOps.h
@@ -48,6 +48,7 @@
 
 #include "rctTypes.h"
 
+
 using namespace std;
 using namespace crypto;
 
@@ -128,6 +129,8 @@ namespace rct {
 	void cn_fast_hash(key &hash, const key &in);
 	//cn_fast_hash for a 32 byte key
 	key cn_fast_hash(const key &in);
+    //for mg sigs
+    key cn_fast_hash96(const void * in);
 
 	//returns cn_fast_hash(input) * G where G is the basepoint
 	key hashToPoint(const key &in);