Correct discrepancies with the IETF draft

While all the transcript/extension code works as expected, which means, they don't cause any conflicts, n was still capped at u64::MAX at creation when it needs to be u16. Furthermore, participant index and scalars/points were little endian instead of big endian/curve dependent.
2025-12-12 05:59:23 +00:00 · 2022-05-06 07:49:18 -04:00
parent b443747994
commit 3dab26cd94
7 changed files with 32 additions and 35 deletions
--- a/coins/monero/src/transaction/multisig.rs
+++ b/coins/monero/src/transaction/multisig.rs
@@ -64,6 +64,8 @@ impl SignableTransaction {
      // These outputs can only be spent once. Therefore, it forces all RNGs derived from this
      // transcript (such as the one used to create one time keys) to be unique
      transcript.append_message(b"input_hash", &input.tx.0);
+      // TODO: Should this be u8, u16, or u32? Right now, outputs are solely up to 16, but what
+      // about the future?
      transcript.append_message(b"input_output_index", &u64::try_from(input.o).unwrap().to_le_bytes());
      // Not including this, with a doxxed list of payments, would allow brute forcing the inputs
      // to determine RNG seeds and therefore the true spends