Add MgSig proving

coins/monero/src/ringct/mlsag/mod.rs

@@ -5,6 +5,7 @@ use std::io::{Read, Write};
 
 use curve25519_dalek::scalar::Scalar;
 use curve25519_dalek::edwards::EdwardsPoint;
+use curve25519_dalek::traits::Identity;
 
 use crate::{hash_to_scalar, serialize::*};
 use crate::ringct::hash_to_point;
@@ -31,7 +32,56 @@ impl MgSig {
     })
   }
 
-  pub fn verify(&self, msg: &[u8; 32], ring: &[[EdwardsPoint; 2]], I: &EdwardsPoint) -> bool {
+  pub fn verify_rct_full(
+    &self,
+    msg: &[u8; 32],
+    pubs: &[[EdwardsPoint; 2]],
+    out_pks: &[EdwardsPoint],
+    fee: &EdwardsPoint,
+    I: &EdwardsPoint,
+  ) -> bool {
+    if pubs.is_empty() {
+      return false;
+    }
+
+    let sum_out_pk = {
+      let mut sum = EdwardsPoint::identity();
+      for out_pk in out_pks {
+        sum += out_pk;
+      }
+      sum
+    };
+
+    let mut ring_matrix = Vec::with_capacity(pubs.len());
+
+    for member in pubs.iter() {
+      ring_matrix.push([member[0], member[1] - sum_out_pk - fee])
+    }
+
+    self.verify_mlsag(msg, &ring_matrix, I)
+  }
+
+  pub fn verify_rct_simple(
+    &self,
+    msg: &[u8; 32],
+    pubs: &[[EdwardsPoint; 2]],
+    pseudo_out: &EdwardsPoint,
+    I: &EdwardsPoint,
+  ) -> bool {
+    if pubs.is_empty() {
+      return false;
+    }
+
+    let mut ring_matrix = Vec::with_capacity(pubs.len());
+
+    for member in pubs.iter() {
+      ring_matrix.push([member[0], member[1] - pseudo_out])
+    }
+
+    self.verify_mlsag(msg, &ring_matrix, I)
+  }
+
+  fn verify_mlsag(&self, msg: &[u8; 32], ring: &[[EdwardsPoint; 2]], I: &EdwardsPoint) -> bool {
     let mut buf = Vec::with_capacity(32 * 6);
 
     let mut ci = self.cc;

coins/monero/src/ringct/mod.rs

@@ -108,12 +108,12 @@ pub enum RctPrunable {
   Null,
   Borromean {
     range_sigs: Vec<RangeSig>,
-    mlsags: Vec<Mlsag>,
+    mlsags: Vec<MgSig>,
     simple: bool,
   },
   BulletProof {
     bulletproofs: Vec<Bulletproofs>,
-    mlsags: Vec<Mlsag>,
+    mlsags: Vec<MgSig>,
     pseudo_outs: Vec<EdwardsPoint>,
     v2: bool,
   },
@@ -163,7 +163,7 @@ impl RctPrunable {
       RctPrunable::Null => Ok(()),
       RctPrunable::Borromean { range_sigs, mlsags, simple: _ } => {
         write_raw_vec(RangeSig::write, range_sigs, w)?;
-        write_raw_vec(Mlsag::write, mlsags, w)
+        write_raw_vec(MgSig::write, mlsags, w)
       }
       RctPrunable::BulletProof { bulletproofs, mlsags, pseudo_outs, v2 } => {
         if !v2 {
@@ -172,7 +172,7 @@ impl RctPrunable {
           write_varint(&bulletproofs.len().try_into().unwrap(), w)?;
         }
         write_raw_vec(Bulletproofs::write, bulletproofs, w)?;
-        write_raw_vec(Mlsag::write, mlsags, w)?;
+        write_raw_vec(MgSig::write, mlsags, w)?;
         write_raw_vec(write_point, pseudo_outs, w)
       }
       RctPrunable::Clsag { bulletproofs, clsags, pseudo_outs } => {
@@ -234,7 +234,10 @@ impl RctPrunable {
       RctPrunable::Clsag { bulletproofs, .. } => {
         bulletproofs.iter().try_for_each(|bp| bp.signature_write(w))
       }
-      _ => todo!(),
+      RctPrunable::BulletProof { bulletproofs, .. } => {
+        bulletproofs.iter().try_for_each(|bp| bp.signature_write(w))
+      }
+      RctPrunable::Borromean { range_sigs, .. } => range_sigs.iter().try_for_each(|rs| rs.write(w)),
     }
   }
 }