Remove Monero as a dependency

Introduces missing CLSAG checks. The only difference now should be the additional rejection of torsioned points, which is relevant to https://github.com/serai-dex/serai/issues/25. Considering this is only currently used for FROST verification, this should be fine. Closes https://github.com/serai-dex/serai/issues/19 by making it irrelevant. Increases priority of https://github.com/serai-dex/serai/issues/68, as now it's used for the BP generators which are done at first-proof. Also merges BP's stricter hash_to_point with the library's, since CLSAG has the same bound.
2025-12-12 05:59:23 +00:00 · 2022-07-26 03:25:57 -04:00
parent ee29f6d6d8
commit 696da8228e
14 changed files with 33 additions and 403 deletions
--- a/coins/monero/src/ringct/bulletproofs/core.rs
+++ b/coins/monero/src/ringct/bulletproofs/core.rs
@@ -28,13 +28,7 @@ fn random_scalar<R: RngCore + CryptoRng>(rng: &mut R) -> Scalar {
 }

 fn hash_to_scalar(data: &[u8]) -> Scalar {
-  let scalar = Scalar(dalek_hash(data));
-  // Monero will explicitly retry on these cases, as them occurring breaks the proof
-  // This library acknowledges their practical impossibility of them occurring, and doesn't bother
-  // to code in logic to handle it. That said, if they ever occur, something must happen in order
-  // to not generate a proof we believe to be valid when it isn't
-  assert!(!bool::from(scalar.is_zero()), "ZERO HASH: {:?}", data);
-  scalar
+  Scalar(dalek_hash(data))
 }

 fn generator(i: usize) -> EdwardsPoint {
--- a/coins/monero/src/ringct/bulletproofs/mod.rs
+++ b/coins/monero/src/ringct/bulletproofs/mod.rs
@@ -54,44 +54,6 @@ impl Bulletproofs {
    Ok(prove(rng, outputs))
  }

-  #[must_use]
-  pub fn verify<R: RngCore + CryptoRng>(&self, rng: &mut R, commitments: &[EdwardsPoint]) -> bool {
-    if commitments.len() > 16 {
-      return false;
-    }
-
-    let mut seed = [0; 32];
-    rng.fill_bytes(&mut seed);
-
-    let mut serialized = Vec::with_capacity((9 + (2 * self.L.len())) * 32);
-    self.serialize(&mut serialized).unwrap();
-    let commitments: Vec<[u8; 32]> = commitments
-      .iter()
-      .map(|commitment| (commitment * Scalar::from(8u8).invert()).compress().to_bytes())
-      .collect();
-
-    unsafe {
-      #[link(name = "wrapper")]
-      extern "C" {
-        fn c_verify_bp(
-          seed: *const u8,
-          serialized_len: usize,
-          serialized: *const u8,
-          commitments_len: u8,
-          commitments: *const [u8; 32],
-        ) -> bool;
-      }
-
-      c_verify_bp(
-        seed.as_ptr(),
-        serialized.len(),
-        serialized.as_ptr(),
-        u8::try_from(commitments.len()).unwrap(),
-        commitments.as_ptr(),
-      )
-    }
-  }
-
  fn serialize_core<W: std::io::Write, F: Fn(&[EdwardsPoint], &mut W) -> std::io::Result<()>>(
    &self,
    w: &mut W,