coins/monero/src/lib.rs

#![cfg_attr(docsrs, feature(doc_auto_cfg))]
#![doc = include_str!("../README.md")]
#![deny(missing_docs)]
#![cfg_attr(not(feature = "std"), no_std)]

pub use monero_io as io;
pub use monero_generators as generators;
pub use monero_primitives as primitives;

mod merkle;

/// Ring Signature structs and functionality.
pub mod ring_signatures;

/// RingCT structs and functionality.
pub mod ringct;

/// Transaction structs and functionality.
pub mod transaction;
/// Block structs and functionality.
pub mod block;

/// The minimum amount of blocks an output is locked for.
///
/// If Monero suffered a re-organization, any transactions which selected decoys belonging to
/// recent blocks would become invalidated. Accordingly, transactions must use decoys which are
/// presumed to not be invalidated in the future. If wallets only selected n-block-old outputs as
/// decoys, then any ring member within the past n blocks would have to be the real spend.
/// Preventing this at the consensus layer ensures privacy and integrity.
pub const DEFAULT_LOCK_WINDOW: usize = 10;

/// The minimum amount of blocks a coinbase output is locked for.
pub const COINBASE_LOCK_WINDOW: usize = 60;

/// Monero's block time target, in seconds.
pub const BLOCK_TIME: usize = 120;
Use doc_auto_cfg 2022-09-29 04:47:55 -04:00			`#![cfg_attr(docsrs, feature(doc_auto_cfg))]`
Bump crate versions 2023-03-20 20:28:41 -04:00			`#![doc = include_str!("../README.md")]`
Finish documenting monero-serai 2024-06-22 14:37:43 -04:00			`#![deny(missing_docs)]`
no-std support for monero-serai (#311) * Move monero-serai from std to std-shims, where possible * no-std fixes * Make the HttpRpc its own feature, thiserror only on std * Drop monero-rs's epee for a homegrown one We only need it for a single function. While I tried jeffro's, it didn't work out of the box, had three unimplemented!s, and is no where near viable for no_std. Fixes #182, though should be further tested. * no-std monero-serai * Allow base58-monero via git * cargo fmt 2023-06-29 04:14:29 -04:00			`#![cfg_attr(not(feature = "std"), no_std)]`

Tidy up monero-serai as a meta crate 2024-06-16 12:26:14 -04:00			`pub use monero_io as io;`
			`pub use monero_generators as generators;`
			`pub use monero_primitives as primitives;`
Generate Bulletproofs(+) generators at compile time Creates a new monero-generators crate so the monero crate can run the code in question at build time. Saves several seconds from running the tests. Closes https://github.com/serai-dex/serai/issues/101. 2022-08-21 06:36:53 -04:00
Monero: support for legacy transactions (#308) * add mlsag * fix last commit * fix miner v1 txs * fix non-miner v1 txs * add borromean + fix mlsag * add block hash calculations * fix for the jokester that added unreduced scalars to the borromean signature of 2368d846e671bf79a1f84c6d3af9f0bfe296f043f50cf17ae5e485384a53707b * Add Borromean range proof verifying functionality * Add MLSAG verifying functionality * fmt & clippy :) * update MLSAG, ss2_elements will always be 2 * Add MgSig proving * Tidy block.rs * Tidy Borromean, fix bugs in last commit, replace todo! with unreachable! * Mark legacy EcdhInfo amount decryption as experimental * Correct comments * Write a new impl of the merkle algorithm This one tries to be understandable. * Only pull in things only needed for experimental when experimental * Stop caching the Monero block hash now in processor that we have Block::hash * Corrections for recent processor commit * Use a clearer algorithm for the merkle Should also be more efficient due to not shifting as often. * Tidy Mlsag * Remove verify_rct_* from Mlsag Both methods were ports from Monero, overtly specific without clear documentation. They need to be added back in, with documentation, or included in a node which provides the necessary further context for them to be naturally understandable. * Move mlsag/mod.rs to mlsag.rs This should only be a folder if it has multiple files. * Replace EcdhInfo terminology The ECDH encrypted the amount, yet this struct contained the encrypted amount, not some ECDH. Also corrects the types on the original EcdhInfo struct. * Correct handling of commitment masks when scanning * Route read_array through read_raw_vec * Misc lint * Make a proper RctType enum No longer caches RctType in the RctSignatures as well. * Replace Vec<Bulletproofs> with Bulletproofs Monero uses aggregated range proofs, so there's only ever one Bulletproof. This is enforced with a consensus rule as well, making this safe. As for why Monero uses a vec, it's probably due to the lack of variadic typing used. Its effectively an Option for them, yet we don't need an Option since we do have variadic typing (enums). * Add necessary checks to Eventuality re: supported protocols * Fix for block 202612 and fix merkel root calculations * MLSAG (de)serialisation fix ss_2_elements will not always be 2 as rct type 1 transactions are not enforced to have one input * Revert "MLSAG (de)serialisation fix" This reverts commit 5e710e0c96658092c6ecfe5e4ea5a9c3dbee3ab3. here it checks number of MGs == number of inputs: https://github.com/monero-project/monero/blob/0a1eaf26f9dd6b762c2582ee12603b2a4671c735/src/cryptonote_core/tx_verification_utils.cpp#L60-59 and here it checks for RctTypeFull number of MGs == 1: https://github.com/monero-project/monero/blob/0a1eaf26f9dd6b762c2582ee12603b2a4671c735/src/ringct/rctSigs.cpp#L1325 so number of inputs == 1 so ss_2_elements == 2 * update `MlsagAggregate` comment * cargo update Resolves a yanked crate * Move location of serai-client in Cargo.toml --------- Co-authored-by: Luke Parker <lukeparker5132@gmail.com> 2023-07-04 21:18:05 +00:00			`mod merkle;`

Monero: add more legacy verify functions (#383) * Add v1 ring sig verifying * allow calculating signature hash for v1 txs * add unreduced scalar type with recovery I have added this type for borromen sigs, the ee field can be a normal scalar as in the verify function the ee field is checked against a reduced scalar mean for it to verify as correct ee must be reduced * change block major/ minor versions to u8 this matches Monero I have also changed a couple varint functions to accept the `VarInt` trait * expose `serialize_hashable` on `Block` * add back MLSAG verifying functions I still need to revert the commit removing support for >1 input MLSAG FULL This adds a new rct type to separate Full and simple rct * add back support for multiple inputs for RCT FULL * comment `non_adjacent_form` function also added `#[allow(clippy::needless_range_loop)]` around a loop as without a re-write satisfying clippy without it will make the function worse. * Improve Mlsag verifying API * fix rebase errors * revert the changes on `reserialize_chain` plus other misc changes * fix no-std * Reduce the amount of rpc calls needed for `get_block_by_number`. This function was causing me problems, every now and then a node would return a block with a different number than requested. * change `serialize_hashable` to give the POW hashing blob. Monero calculates the POW hash and the block hash using slightly different blobs :/ * make ring_signatures public and add length check when verifying. * Misc improvements and bug fixes --------- Co-authored-by: Luke Parker <lukeparker5132@gmail.com> 2023-11-12 15:18:18 +00:00			`/// Ring Signature structs and functionality.`
			`pub mod ring_signatures;`

Expand and correct documentation 2022-09-29 05:25:29 -04:00			`/// RingCT structs and functionality.`
Move RingCT code to a deciated folder Should help keep things ordered as more RingCT code is added. 2022-05-22 02:24:24 -04:00			`pub mod ringct;`
Initial commit Combines the existing frost-rs, dalek-ff-group, and monero-rs repos into a monorepo. Makes tweaks necessary as needed. Replaces RedDSA (which was going to be stubbed out into a new folder for now) with an offset system that voids its need and allows stealth addresses with CLSAG. 2022-04-21 21:36:18 -04:00
Incomplete work on using Option to remove panic cases 2024-06-22 09:02:59 -04:00			`/// Transaction structs and functionality.`
Implement TX creation Updates CLSAG signing as needed. Moves around Error types. CLSAG multisig and the multisig feature is currently completely borked because of this. The created TXs are accepted by Monero nodes. 2022-04-28 03:31:09 -04:00			`pub mod transaction;`
Incomplete work on using Option to remove panic cases 2024-06-22 09:02:59 -04:00			`/// Block structs and functionality.`
Implement Block types Finishes updating the RPC to not use monero, tests now pass 2022-05-21 21:35:25 -04:00			`pub mod block;`
Implement TX creation Updates CLSAG signing as needed. Moves around Error types. CLSAG multisig and the multisig feature is currently completely borked because of this. The created TXs are accepted by Monero nodes. 2022-04-28 03:31:09 -04:00
Incomplete work on using Option to remove panic cases 2024-06-22 09:02:59 -04:00			`/// The minimum amount of blocks an output is locked for.`
			`///`
			`/// If Monero suffered a re-organization, any transactions which selected decoys belonging to`
			`/// recent blocks would become invalidated. Accordingly, transactions must use decoys which are`
			`/// presumed to not be invalidated in the future. If wallets only selected n-block-old outputs as`
			`/// decoys, then any ring member within the past n blocks would have to be the real spend.`
			`/// Preventing this at the consensus layer ensures privacy and integrity.`
Monero: fix decoy selection algo and add test for latest spendable (#384) * Monero: fix decoy selection algo and add test for latest spendable - DSA only selected coinbase outputs and didn't match the wallet2 implementation - Added test to make sure DSA will select a decoy output from the most recent unlocked block - Made usage of "height" in DSA consistent with other usage of "height" in Monero code (height == num blocks in chain) - Rely on monerod RPC response for output's unlocked status * xmr runner tests mine until outputs are unlocked * fingerprintable canoncial select decoys * Separate fingerprintable canonical function Makes it simpler for callers who are unconcered with consistent canonical output selection across multiple clients to rely on the simpler Decoy::select and not worry about fingerprintable canonical * fix merge conflicts * Put back TODO for issue #104 * Fix incorrect check on distribution len The RingCT distribution on mainnet doesn't start until well after genesis, so the distribution length is expected to be < height. To be clear, this was my mistake from this series of changes to the DSA. I noticed this mistake because the DSA would error when running on mainnet. 2024-02-19 18:34:10 -08:00			`pub const DEFAULT_LOCK_WINDOW: usize = 10;`
Incomplete work on using Option to remove panic cases 2024-06-22 09:02:59 -04:00
			`/// The minimum amount of blocks a coinbase output is locked for.`
Monero: fix decoy selection algo and add test for latest spendable (#384) * Monero: fix decoy selection algo and add test for latest spendable - DSA only selected coinbase outputs and didn't match the wallet2 implementation - Added test to make sure DSA will select a decoy output from the most recent unlocked block - Made usage of "height" in DSA consistent with other usage of "height" in Monero code (height == num blocks in chain) - Rely on monerod RPC response for output's unlocked status * xmr runner tests mine until outputs are unlocked * fingerprintable canoncial select decoys * Separate fingerprintable canonical function Makes it simpler for callers who are unconcered with consistent canonical output selection across multiple clients to rely on the simpler Decoy::select and not worry about fingerprintable canonical * fix merge conflicts * Put back TODO for issue #104 * Fix incorrect check on distribution len The RingCT distribution on mainnet doesn't start until well after genesis, so the distribution length is expected to be < height. To be clear, this was my mistake from this series of changes to the DSA. I noticed this mistake because the DSA would error when running on mainnet. 2024-02-19 18:34:10 -08:00			`pub const COINBASE_LOCK_WINDOW: usize = 60;`
Incomplete work on using Option to remove panic cases 2024-06-22 09:02:59 -04:00
			`/// Monero's block time target, in seconds.`
Monero: fix decoy selection algo and add test for latest spendable (#384) * Monero: fix decoy selection algo and add test for latest spendable - DSA only selected coinbase outputs and didn't match the wallet2 implementation - Added test to make sure DSA will select a decoy output from the most recent unlocked block - Made usage of "height" in DSA consistent with other usage of "height" in Monero code (height == num blocks in chain) - Rely on monerod RPC response for output's unlocked status * xmr runner tests mine until outputs are unlocked * fingerprintable canoncial select decoys * Separate fingerprintable canonical function Makes it simpler for callers who are unconcered with consistent canonical output selection across multiple clients to rely on the simpler Decoy::select and not worry about fingerprintable canonical * fix merge conflicts * Put back TODO for issue #104 * Fix incorrect check on distribution len The RingCT distribution on mainnet doesn't start until well after genesis, so the distribution length is expected to be < height. To be clear, this was my mistake from this series of changes to the DSA. I noticed this mistake because the DSA would error when running on mainnet. 2024-02-19 18:34:10 -08:00			`pub const BLOCK_TIME: usize = 120;`