coins/monero/src/ringct/bulletproofs/mod.rs

#![allow(non_snake_case)]

use rand_core::{RngCore, CryptoRng};

use curve25519_dalek::edwards::EdwardsPoint;
use multiexp::BatchVerifier;

use crate::{Commitment, wallet::TransactionError, serialize::*};

pub(crate) mod scalar_vector;
pub(crate) mod core;

pub(crate) mod original;
pub(crate) mod plus;

pub(crate) use self::original::OriginalStruct;
pub(crate) use self::plus::PlusStruct;

pub(crate) const MAX_OUTPUTS: usize = self::core::MAX_M;

#[allow(clippy::large_enum_variant)]
#[derive(Clone, PartialEq, Eq, Debug)]
pub enum Bulletproofs {
  Original(OriginalStruct),
  Plus(PlusStruct),
}

impl Bulletproofs {
  // TODO
  pub(crate) fn fee_weight(outputs: usize) -> usize {
    let proofs = 6 + usize::try_from(usize::BITS - (outputs - 1).leading_zeros()).unwrap();
    let len = (9 + (2 * proofs)) * 32;

    let mut clawback = 0;
    let padded = 1 << (proofs - 6);
    if padded > 2 {
      const BP_BASE: usize = 368;
      clawback = ((BP_BASE * padded) - len) * 4 / 5;
    }

    len + clawback
  }

  pub fn init(plus: bool) {
    if !plus {
      OriginalStruct::init();
    } else {
      PlusStruct::init();
    }
  }

  pub fn prove<R: RngCore + CryptoRng>(
    rng: &mut R,
    outputs: &[Commitment],
    plus: bool,
  ) -> Result<Bulletproofs, TransactionError> {
    if outputs.len() > MAX_OUTPUTS {
      return Err(TransactionError::TooManyOutputs)?;
    }
    Ok(if !plus {
      Bulletproofs::Original(OriginalStruct::prove(rng, outputs))
    } else {
      Bulletproofs::Plus(PlusStruct::prove(rng, outputs))
    })
  }

  #[must_use]
  pub fn verify<R: RngCore + CryptoRng>(&self, rng: &mut R, commitments: &[EdwardsPoint]) -> bool {
    match self {
      Bulletproofs::Original(bp) => bp.verify(rng, commitments),
      Bulletproofs::Plus(bp) => bp.verify(rng, commitments),
    }
  }

  #[must_use]
  pub fn batch_verify<ID: Copy, R: RngCore + CryptoRng>(
    &self,
    rng: &mut R,
    verifier: &mut BatchVerifier<ID, dalek_ff_group::EdwardsPoint>,
    id: ID,
    commitments: &[EdwardsPoint],
  ) -> bool {
    match self {
      Bulletproofs::Original(bp) => bp.batch_verify(rng, verifier, id, commitments),
      Bulletproofs::Plus(bp) => bp.batch_verify(rng, verifier, id, commitments),
    }
  }

  fn serialize_core<W: std::io::Write, F: Fn(&[EdwardsPoint], &mut W) -> std::io::Result<()>>(
    &self,
    w: &mut W,
    specific_write_vec: F,
  ) -> std::io::Result<()> {
    match self {
      Bulletproofs::Original(bp) => {
        write_point(&bp.A, w)?;
        write_point(&bp.S, w)?;
        write_point(&bp.T1, w)?;
        write_point(&bp.T2, w)?;
        write_scalar(&bp.taux, w)?;
        write_scalar(&bp.mu, w)?;
        specific_write_vec(&bp.L, w)?;
        specific_write_vec(&bp.R, w)?;
        write_scalar(&bp.a, w)?;
        write_scalar(&bp.b, w)?;
        write_scalar(&bp.t, w)
      }

      Bulletproofs::Plus(bp) => {
        write_point(&bp.A, w)?;
        write_point(&bp.A1, w)?;
        write_point(&bp.B, w)?;
        write_scalar(&bp.r1, w)?;
        write_scalar(&bp.s1, w)?;
        write_scalar(&bp.d1, w)?;
        specific_write_vec(&bp.L, w)?;
        specific_write_vec(&bp.R, w)
      }
    }
  }

  pub fn signature_serialize<W: std::io::Write>(&self, w: &mut W) -> std::io::Result<()> {
    self.serialize_core(w, |points, w| write_raw_vec(write_point, points, w))
  }

  pub fn serialize<W: std::io::Write>(&self, w: &mut W) -> std::io::Result<()> {
    self.serialize_core(w, |points, w| write_vec(write_point, points, w))
  }

  pub fn deserialize<R: std::io::Read>(r: &mut R) -> std::io::Result<Bulletproofs> {
    Ok(Bulletproofs::Original(OriginalStruct {
      A: read_point(r)?,
      S: read_point(r)?,
      T1: read_point(r)?,
      T2: read_point(r)?,
      taux: read_scalar(r)?,
      mu: read_scalar(r)?,
      L: read_vec(read_point, r)?,
      R: read_vec(read_point, r)?,
      a: read_scalar(r)?,
      b: read_scalar(r)?,
      t: read_scalar(r)?,
    }))
  }

  pub fn deserialize_plus<R: std::io::Read>(r: &mut R) -> std::io::Result<Bulletproofs> {
    Ok(Bulletproofs::Plus(PlusStruct {
      A: read_point(r)?,
      A1: read_point(r)?,
      B: read_point(r)?,
      r1: read_scalar(r)?,
      s1: read_scalar(r)?,
      d1: read_scalar(r)?,
      L: read_vec(read_point, r)?,
      R: read_vec(read_point, r)?,
    }))
  }
}
Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`#![allow(non_snake_case)]`
Implement TX creation Updates CLSAG signing as needed. Moves around Error types. CLSAG multisig and the multisig feature is currently completely borked because of this. The created TXs are accepted by Monero nodes. 2022-04-28 03:31:09 -04:00
Override Monero's random function with a Rust-seedable random Closes https://github.com/serai-dex/serai/issues/2. Also finishes the implementation of https://github.com/monero-project/research-lab/issues/103. 2022-05-22 01:56:17 -04:00			`use rand_core::{RngCore, CryptoRng};`

Modularize Bulletproofs in prep for BP+ 2022-07-26 08:06:56 -04:00			`use curve25519_dalek::edwards::EdwardsPoint;`
BP Verification (#75) * Use a struct in an enum for Bulletproofs * verification bp working for just one proof * add some more assert tests * Clean BP verification * Implement batch verification * Add a debug assertion w_cache isn't 0 It's initially set to 0 and if not updated, this would be broken. * Correct Monero workflow yaml * Again try to corrent Monero workflow yaml * Again * Finally * Re-apply weights as required by Bulletproofs Removing these was insecure and my fault. Co-authored-by: DangerousFreedom <dangfreed@tutanota.com> 2022-07-31 21:45:53 -05:00			`use multiexp::BatchVerifier;`
Implement TX creation Updates CLSAG signing as needed. Moves around Error types. CLSAG multisig and the multisig feature is currently completely borked because of this. The created TXs are accepted by Monero nodes. 2022-04-28 03:31:09 -04:00
Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`use crate::{Commitment, wallet::TransactionError, serialize::*};`
Move Rust definitions of C functions to their respective files 2022-05-13 20:26:53 -04:00
Implement Bulletproofs in Rust (#69) * Initial attempt at Bulletproofs I don't know why this doesn't work. The generators and hash_cache lines up without issue. AFAICT, the inner product proof is valid as well, as are all included formulas. * Add yinvpow asserts * Clean code * Correct bad imports * Fix the definition of TWO_N Bulletproofs work now :D * Tidy up a bit * fmt + clippy * Compile a variety of XMR dependencies with optimizations, even under dev The Rust bulletproof implementation is 8% slower than C right now, under release. This is acceptable, even if suboptimal. Under debug, they take a quarter of a second to two seconds though, depending on the amount of outputs, which justifies this move. * Remove unnecessary deref in BPs 2022-07-26 02:05:15 -05:00			`pub(crate) mod scalar_vector;`
Reorganize bulletproofs 2022-07-31 23:12:45 -04:00			`pub(crate) mod core;`
Implement Bulletproofs in Rust (#69) * Initial attempt at Bulletproofs I don't know why this doesn't work. The generators and hash_cache lines up without issue. AFAICT, the inner product proof is valid as well, as are all included formulas. * Add yinvpow asserts * Clean code * Correct bad imports * Fix the definition of TWO_N Bulletproofs work now :D * Tidy up a bit * fmt + clippy * Compile a variety of XMR dependencies with optimizations, even under dev The Rust bulletproof implementation is 8% slower than C right now, under release. This is acceptable, even if suboptimal. Under debug, they take a quarter of a second to two seconds though, depending on the amount of outputs, which justifies this move. * Remove unnecessary deref in BPs 2022-07-26 02:05:15 -05:00
Reorganize bulletproofs 2022-07-31 23:12:45 -04:00			`pub(crate) mod original;`
			`pub(crate) mod plus;`
Implement Bulletproofs in Rust (#69) * Initial attempt at Bulletproofs I don't know why this doesn't work. The generators and hash_cache lines up without issue. AFAICT, the inner product proof is valid as well, as are all included formulas. * Add yinvpow asserts * Clean code * Correct bad imports * Fix the definition of TWO_N Bulletproofs work now :D * Tidy up a bit * fmt + clippy * Compile a variety of XMR dependencies with optimizations, even under dev The Rust bulletproof implementation is 8% slower than C right now, under release. This is acceptable, even if suboptimal. Under debug, they take a quarter of a second to two seconds though, depending on the amount of outputs, which justifies this move. * Remove unnecessary deref in BPs 2022-07-26 02:05:15 -05:00
Reorganize bulletproofs 2022-07-31 23:12:45 -04:00			`pub(crate) use self::original::OriginalStruct;`
			`pub(crate) use self::plus::PlusStruct;`

			`pub(crate) const MAX_OUTPUTS: usize = self::core::MAX_M;`

			`#[allow(clippy::large_enum_variant)]`
			`#[derive(Clone, PartialEq, Eq, Debug)]`
			`pub enum Bulletproofs {`
			`Original(OriginalStruct),`
			`Plus(PlusStruct),`
			`}`
Add fee handling code to Monero Updates how change outputs are handled, with a far more logical construction offering greater flexibility. prepare_outputs can not longer error. SignaableTransaction::new will. 2022-06-19 12:03:01 -04:00
Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`impl Bulletproofs {`
Bulletproofs+ (#70) * Initial stab at Bulletproofs+ Does move around the existing Bulletproofs code, does still work as expected. * Make the Clsag RCTPrunable type work with BP and BP+ * Initial set of BP+ bug fixes * Further bug fixes * Remove RING_LEN as a constant * Monero v16 TX support Doesn't implement view tags, nor going back to v14, nor the updated BP clawback logic. * Support v14 and v16 at the same time 2022-07-27 04:05:43 -05:00			`// TODO`
Add fee handling code to Monero Updates how change outputs are handled, with a far more logical construction offering greater flexibility. prepare_outputs can not longer error. SignaableTransaction::new will. 2022-06-19 12:03:01 -04:00			`pub(crate) fn fee_weight(outputs: usize) -> usize {`
			`let proofs = 6 + usize::try_from(usize::BITS - (outputs - 1).leading_zeros()).unwrap();`
			`let len = (9 + (2 * proofs)) * 32;`

			`let mut clawback = 0;`
			`let padded = 1 << (proofs - 6);`
			`if padded > 2 {`
			`const BP_BASE: usize = 368;`
			`clawback = ((BP_BASE * padded) - len) * 4 / 5;`
			`}`

			`len + clawback`
			`}`

Add init function for BP statics Considering they take 7 seconds to generate, thanks to #68, the ability to generate them at the start instead of on first BP is greatly appreciated. Also performs minor cleanups regarding BPs. 2022-08-02 15:52:27 -04:00			`pub fn init(plus: bool) {`
			`if !plus {`
			`OriginalStruct::init();`
			`} else {`
			`PlusStruct::init();`
			`}`
			`}`

Modularize Bulletproofs in prep for BP+ 2022-07-26 08:06:56 -04:00			`pub fn prove<R: RngCore + CryptoRng>(`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`rng: &mut R,`
			`outputs: &[Commitment],`
Bulletproofs+ (#70) * Initial stab at Bulletproofs+ Does move around the existing Bulletproofs code, does still work as expected. * Make the Clsag RCTPrunable type work with BP and BP+ * Initial set of BP+ bug fixes * Further bug fixes * Remove RING_LEN as a constant * Monero v16 TX support Doesn't implement view tags, nor going back to v14, nor the updated BP clawback logic. * Support v14 and v16 at the same time 2022-07-27 04:05:43 -05:00			`plus: bool,`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`) -> Result<Bulletproofs, TransactionError> {`
Add fee handling code to Monero Updates how change outputs are handled, with a far more logical construction offering greater flexibility. prepare_outputs can not longer error. SignaableTransaction::new will. 2022-06-19 12:03:01 -04:00			`if outputs.len() > MAX_OUTPUTS {`
Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`return Err(TransactionError::TooManyOutputs)?;`
			`}`
Reorganize bulletproofs 2022-07-31 23:12:45 -04:00			`Ok(if !plus {`
			`Bulletproofs::Original(OriginalStruct::prove(rng, outputs))`
			`} else {`
			`Bulletproofs::Plus(PlusStruct::prove(rng, outputs))`
			`})`
Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`}`

BP Verification (#75) * Use a struct in an enum for Bulletproofs * verification bp working for just one proof * add some more assert tests * Clean BP verification * Implement batch verification * Add a debug assertion w_cache isn't 0 It's initially set to 0 and if not updated, this would be broken. * Correct Monero workflow yaml * Again try to corrent Monero workflow yaml * Again * Finally * Re-apply weights as required by Bulletproofs Removing these was insecure and my fault. Co-authored-by: DangerousFreedom <dangfreed@tutanota.com> 2022-07-31 21:45:53 -05:00			`#[must_use]`
			`pub fn verify<R: RngCore + CryptoRng>(&self, rng: &mut R, commitments: &[EdwardsPoint]) -> bool {`
			`match self {`
			`Bulletproofs::Original(bp) => bp.verify(rng, commitments),`
Reorganize bulletproofs 2022-07-31 23:12:45 -04:00			`Bulletproofs::Plus(bp) => bp.verify(rng, commitments),`
BP Verification (#75) * Use a struct in an enum for Bulletproofs * verification bp working for just one proof * add some more assert tests * Clean BP verification * Implement batch verification * Add a debug assertion w_cache isn't 0 It's initially set to 0 and if not updated, this would be broken. * Correct Monero workflow yaml * Again try to corrent Monero workflow yaml * Again * Finally * Re-apply weights as required by Bulletproofs Removing these was insecure and my fault. Co-authored-by: DangerousFreedom <dangfreed@tutanota.com> 2022-07-31 21:45:53 -05:00			`}`
			`}`

			`#[must_use]`
			`pub fn batch_verify<ID: Copy, R: RngCore + CryptoRng>(`
			`&self,`
			`rng: &mut R,`
			`verifier: &mut BatchVerifier<ID, dalek_ff_group::EdwardsPoint>,`
			`id: ID,`
			`commitments: &[EdwardsPoint],`
			`) -> bool {`
			`match self {`
			`Bulletproofs::Original(bp) => bp.batch_verify(rng, verifier, id, commitments),`
Reorganize bulletproofs 2022-07-31 23:12:45 -04:00			`Bulletproofs::Plus(bp) => bp.batch_verify(rng, verifier, id, commitments),`
BP Verification (#75) * Use a struct in an enum for Bulletproofs * verification bp working for just one proof * add some more assert tests * Clean BP verification * Implement batch verification * Add a debug assertion w_cache isn't 0 It's initially set to 0 and if not updated, this would be broken. * Correct Monero workflow yaml * Again try to corrent Monero workflow yaml * Again * Finally * Re-apply weights as required by Bulletproofs Removing these was insecure and my fault. Co-authored-by: DangerousFreedom <dangfreed@tutanota.com> 2022-07-31 21:45:53 -05:00			`}`
			`}`

Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`fn serialize_core<W: std::io::Write, F: Fn(&[EdwardsPoint], &mut W) -> std::io::Result<()>>(`
			`&self,`
			`w: &mut W,`
			`specific_write_vec: F,`
			`) -> std::io::Result<()> {`
Modularize Bulletproofs in prep for BP+ 2022-07-26 08:06:56 -04:00			`match self {`
BP Verification (#75) * Use a struct in an enum for Bulletproofs * verification bp working for just one proof * add some more assert tests * Clean BP verification * Implement batch verification * Add a debug assertion w_cache isn't 0 It's initially set to 0 and if not updated, this would be broken. * Correct Monero workflow yaml * Again try to corrent Monero workflow yaml * Again * Finally * Re-apply weights as required by Bulletproofs Removing these was insecure and my fault. Co-authored-by: DangerousFreedom <dangfreed@tutanota.com> 2022-07-31 21:45:53 -05:00			`Bulletproofs::Original(bp) => {`
			`write_point(&bp.A, w)?;`
			`write_point(&bp.S, w)?;`
			`write_point(&bp.T1, w)?;`
			`write_point(&bp.T2, w)?;`
			`write_scalar(&bp.taux, w)?;`
			`write_scalar(&bp.mu, w)?;`
			`specific_write_vec(&bp.L, w)?;`
			`specific_write_vec(&bp.R, w)?;`
			`write_scalar(&bp.a, w)?;`
			`write_scalar(&bp.b, w)?;`
			`write_scalar(&bp.t, w)`
Modularize Bulletproofs in prep for BP+ 2022-07-26 08:06:56 -04:00			`}`
Bulletproofs+ (#70) * Initial stab at Bulletproofs+ Does move around the existing Bulletproofs code, does still work as expected. * Make the Clsag RCTPrunable type work with BP and BP+ * Initial set of BP+ bug fixes * Further bug fixes * Remove RING_LEN as a constant * Monero v16 TX support Doesn't implement view tags, nor going back to v14, nor the updated BP clawback logic. * Support v14 and v16 at the same time 2022-07-27 04:05:43 -05:00
BP Verification (#75) * Use a struct in an enum for Bulletproofs * verification bp working for just one proof * add some more assert tests * Clean BP verification * Implement batch verification * Add a debug assertion w_cache isn't 0 It's initially set to 0 and if not updated, this would be broken. * Correct Monero workflow yaml * Again try to corrent Monero workflow yaml * Again * Finally * Re-apply weights as required by Bulletproofs Removing these was insecure and my fault. Co-authored-by: DangerousFreedom <dangfreed@tutanota.com> 2022-07-31 21:45:53 -05:00			`Bulletproofs::Plus(bp) => {`
			`write_point(&bp.A, w)?;`
			`write_point(&bp.A1, w)?;`
			`write_point(&bp.B, w)?;`
			`write_scalar(&bp.r1, w)?;`
			`write_scalar(&bp.s1, w)?;`
			`write_scalar(&bp.d1, w)?;`
			`specific_write_vec(&bp.L, w)?;`
			`specific_write_vec(&bp.R, w)`
Bulletproofs+ (#70) * Initial stab at Bulletproofs+ Does move around the existing Bulletproofs code, does still work as expected. * Make the Clsag RCTPrunable type work with BP and BP+ * Initial set of BP+ bug fixes * Further bug fixes * Remove RING_LEN as a constant * Monero v16 TX support Doesn't implement view tags, nor going back to v14, nor the updated BP clawback logic. * Support v14 and v16 at the same time 2022-07-27 04:05:43 -05:00			`}`
Modularize Bulletproofs in prep for BP+ 2022-07-26 08:06:56 -04:00			`}`
Implement TX creation Updates CLSAG signing as needed. Moves around Error types. CLSAG multisig and the multisig feature is currently completely borked because of this. The created TXs are accepted by Monero nodes. 2022-04-28 03:31:09 -04:00			`}`

Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`pub fn signature_serialize<W: std::io::Write>(&self, w: &mut W) -> std::io::Result<()> {`
			`self.serialize_core(w, \|points, w\| write_raw_vec(write_point, points, w))`
			`}`
Clean up code, correct a few bugs, add leader based one-time-key/BP gen 2022-04-28 20:09:31 -04:00
Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`pub fn serialize<W: std::io::Write>(&self, w: &mut W) -> std::io::Result<()> {`
			`self.serialize_core(w, \|points, w\| write_vec(write_point, points, w))`
Clean up code, correct a few bugs, add leader based one-time-key/BP gen 2022-04-28 20:09:31 -04:00			`}`

Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`pub fn deserialize<R: std::io::Read>(r: &mut R) -> std::io::Result<Bulletproofs> {`
BP Verification (#75) * Use a struct in an enum for Bulletproofs * verification bp working for just one proof * add some more assert tests * Clean BP verification * Implement batch verification * Add a debug assertion w_cache isn't 0 It's initially set to 0 and if not updated, this would be broken. * Correct Monero workflow yaml * Again try to corrent Monero workflow yaml * Again * Finally * Re-apply weights as required by Bulletproofs Removing these was insecure and my fault. Co-authored-by: DangerousFreedom <dangfreed@tutanota.com> 2022-07-31 21:45:53 -05:00			`Ok(Bulletproofs::Original(OriginalStruct {`
Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`A: read_point(r)?,`
			`S: read_point(r)?,`
			`T1: read_point(r)?,`
			`T2: read_point(r)?,`
			`taux: read_scalar(r)?,`
			`mu: read_scalar(r)?,`
Transaction deserialization 2022-05-21 20:27:21 -04:00			`L: read_vec(read_point, r)?,`
			`R: read_vec(read_point, r)?,`
Remove monero-rs types Still missing an updated RPC file. Restructures the library as it makes sense 2022-05-21 15:33:35 -04:00			`a: read_scalar(r)?,`
			`b: read_scalar(r)?,`
Apply an initial set of rustfmt rules 2022-07-15 01:26:07 -04:00			`t: read_scalar(r)?,`
BP Verification (#75) * Use a struct in an enum for Bulletproofs * verification bp working for just one proof * add some more assert tests * Clean BP verification * Implement batch verification * Add a debug assertion w_cache isn't 0 It's initially set to 0 and if not updated, this would be broken. * Correct Monero workflow yaml * Again try to corrent Monero workflow yaml * Again * Finally * Re-apply weights as required by Bulletproofs Removing these was insecure and my fault. Co-authored-by: DangerousFreedom <dangfreed@tutanota.com> 2022-07-31 21:45:53 -05:00			`}))`
Clean up code, correct a few bugs, add leader based one-time-key/BP gen 2022-04-28 20:09:31 -04:00			`}`
Bulletproofs+ (#70) * Initial stab at Bulletproofs+ Does move around the existing Bulletproofs code, does still work as expected. * Make the Clsag RCTPrunable type work with BP and BP+ * Initial set of BP+ bug fixes * Further bug fixes * Remove RING_LEN as a constant * Monero v16 TX support Doesn't implement view tags, nor going back to v14, nor the updated BP clawback logic. * Support v14 and v16 at the same time 2022-07-27 04:05:43 -05:00
			`pub fn deserialize_plus<R: std::io::Read>(r: &mut R) -> std::io::Result<Bulletproofs> {`
BP Verification (#75) * Use a struct in an enum for Bulletproofs * verification bp working for just one proof * add some more assert tests * Clean BP verification * Implement batch verification * Add a debug assertion w_cache isn't 0 It's initially set to 0 and if not updated, this would be broken. * Correct Monero workflow yaml * Again try to corrent Monero workflow yaml * Again * Finally * Re-apply weights as required by Bulletproofs Removing these was insecure and my fault. Co-authored-by: DangerousFreedom <dangfreed@tutanota.com> 2022-07-31 21:45:53 -05:00			`Ok(Bulletproofs::Plus(PlusStruct {`
Bulletproofs+ (#70) * Initial stab at Bulletproofs+ Does move around the existing Bulletproofs code, does still work as expected. * Make the Clsag RCTPrunable type work with BP and BP+ * Initial set of BP+ bug fixes * Further bug fixes * Remove RING_LEN as a constant * Monero v16 TX support Doesn't implement view tags, nor going back to v14, nor the updated BP clawback logic. * Support v14 and v16 at the same time 2022-07-27 04:05:43 -05:00			`A: read_point(r)?,`
			`A1: read_point(r)?,`
			`B: read_point(r)?,`
			`r1: read_scalar(r)?,`
			`s1: read_scalar(r)?,`
			`d1: read_scalar(r)?,`
			`L: read_vec(read_point, r)?,`
			`R: read_vec(read_point, r)?,`
BP Verification (#75) * Use a struct in an enum for Bulletproofs * verification bp working for just one proof * add some more assert tests * Clean BP verification * Implement batch verification * Add a debug assertion w_cache isn't 0 It's initially set to 0 and if not updated, this would be broken. * Correct Monero workflow yaml * Again try to corrent Monero workflow yaml * Again * Finally * Re-apply weights as required by Bulletproofs Removing these was insecure and my fault. Co-authored-by: DangerousFreedom <dangfreed@tutanota.com> 2022-07-31 21:45:53 -05:00			`}))`
Bulletproofs+ (#70) * Initial stab at Bulletproofs+ Does move around the existing Bulletproofs code, does still work as expected. * Make the Clsag RCTPrunable type work with BP and BP+ * Initial set of BP+ bug fixes * Further bug fixes * Remove RING_LEN as a constant * Monero v16 TX support Doesn't implement view tags, nor going back to v14, nor the updated BP clawback logic. * Support v14 and v16 at the same time 2022-07-27 04:05:43 -05:00			`}`
Clean up code, correct a few bugs, add leader based one-time-key/BP gen 2022-04-28 20:09:31 -04:00			`}`