absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 20:29:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add debug assertions to CLSAG/Bulletproofs proving

Browse Source
This commit is contained in:
Luke Parker
2022-12-01 11:50:03 -05:00
parent f0957c8d52
commit 0350cd803d
3 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
coins/monero/src/ringct/bulletproofs/original.rs
View File

@@ -42,7 +42,8 @@ impl OriginalStruct {
let (logMN, M, MN) = MN(commitments.len()); let (logMN, M, MN) = MN(commitments.len());
let (aL, aR) = bit_decompose(commitments); let (aL, aR) = bit_decompose(commitments);
let (mut cache, _) = hash_commitments(commitments.iter().map(Commitment::calculate)); let commitments_points = commitments.iter().map(Commitment::calculate).collect::<Vec<_>>();
let (mut cache, _) = hash_commitments(commitments_points.clone());
let (sL, sR) = let (sL, sR) =
ScalarVector((0 .. (MN * 2)).map(|_| Scalar::random(&mut *rng)).collect::<Vec<_>>()).split(); ScalarVector((0 .. (MN * 2)).map(|_| Scalar::random(&mut *rng)).collect::<Vec<_>>()).split();
@@ -74,7 +75,7 @@ impl OriginalStruct {
let t2 = inner_product(&l1, &r1); let t2 = inner_product(&l1, &r1);
let mut tau1 = Scalar::random(&mut *rng); let mut tau1 = Scalar::random(&mut *rng);
let mut tau2 = Scalar::random(rng); let mut tau2 = Scalar::random(&mut *rng);
let T1 = prove_multiexp(&[(t1, *H), (tau1, EdwardsPoint::generator())]); let T1 = prove_multiexp(&[(t1, *H), (tau1, EdwardsPoint::generator())]);
let T2 = prove_multiexp(&[(t2, *H), (tau2, EdwardsPoint::generator())]); let T2 = prove_multiexp(&[(t2, *H), (tau2, EdwardsPoint::generator())]);
@@ -146,7 +147,7 @@ impl OriginalStruct {
} }
} }
OriginalStruct { let res = OriginalStruct {
A: *A, A: *A,
S: *S, S: *S,
T1: *T1, T1: *T1,
@@ -158,7 +159,9 @@ impl OriginalStruct {
a: *a[0], a: *a[0],
b: *b[0], b: *b[0],
t: *t, t: *t,
} };
debug_assert!(res.verify(rng, &commitments_points));
res
} }
#[must_use] #[must_use]

11
coins/monero/src/ringct/bulletproofs/plus.rs
View File

@@ -60,7 +60,8 @@ impl PlusStruct {
let (logMN, M, MN) = MN(commitments.len()); let (logMN, M, MN) = MN(commitments.len());
let (aL, aR) = bit_decompose(commitments); let (aL, aR) = bit_decompose(commitments);
let (mut cache, _) = hash_plus(commitments.iter().map(Commitment::calculate)); let commitments_points = commitments.iter().map(Commitment::calculate).collect::<Vec<_>>();
let (mut cache, _) = hash_plus(commitments_points.clone());
let (mut alpha1, A) = alpha_rho(&mut *rng, &GENERATORS, &aL, &aR); let (mut alpha1, A) = alpha_rho(&mut *rng, &GENERATORS, &aL, &aR);
let y = hash_cache(&mut cache, &[A.compress().to_bytes()]); let y = hash_cache(&mut cache, &[A.compress().to_bytes()]);
@@ -132,7 +133,7 @@ impl PlusStruct {
let mut r = Scalar::random(&mut *rng); let mut r = Scalar::random(&mut *rng);
let mut s = Scalar::random(&mut *rng); let mut s = Scalar::random(&mut *rng);
let mut d = Scalar::random(&mut *rng); let mut d = Scalar::random(&mut *rng);
let mut eta = Scalar::random(rng); let mut eta = Scalar::random(&mut *rng);
let A1 = prove_multiexp(&[ let A1 = prove_multiexp(&[
(r, G_proof[0]), (r, G_proof[0]),
@@ -152,7 +153,7 @@ impl PlusStruct {
eta.zeroize(); eta.zeroize();
alpha1.zeroize(); alpha1.zeroize();
PlusStruct { let res = PlusStruct {
A: *A, A: *A,
A1: *A1, A1: *A1,
B: *B, B: *B,
@@ -161,7 +162,9 @@ impl PlusStruct {
d1: *d1, d1: *d1,
L: L.drain(..).map(|L| *L).collect(), L: L.drain(..).map(|L| *L).collect(),
R: R.drain(..).map(|R| *R).collect(), R: R.drain(..).map(|R| *R).collect(),
} };
debug_assert!(res.verify(rng, &commitments_points));
res
} }
#[must_use] #[must_use]

4
coins/monero/src/ringct/clsag/mod.rs
View File

@@ -265,6 +265,10 @@ impl Clsag {
inputs[i].0.zeroize(); inputs[i].0.zeroize();
nonce.zeroize(); nonce.zeroize();
debug_assert!(clsag
.verify(&inputs[i].2.decoys.ring, &inputs[i].1, &pseudo_out, &msg)
.is_ok());
res.push((clsag, pseudo_out)); res.push((clsag, pseudo_out));
} }