absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-09 12:49:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Slightly simplify CLSAG signing

Browse Source 
Expands its test to test all possible ring indexes, though just 0 and a 
single n would be sufficient.
This commit is contained in:
Luke Parker
2022-05-14 00:45:13 -04:00
parent 0aeab04c70
commit 94bd30083b
4 changed files with 54 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
coins/monero/src/clsag/mod.rs
View File

@@ -140,36 +140,32 @@ fn core(
to_hash.extend(pseudo_out.compress().to_bytes());
to_hash.extend(msg);
let mut c;
let mut c1 = Scalar::zero();
let start;
let end;
let mut i;
let mut c;
match A_c1 {
Mode::Sign(r, A, AH) => {
start = r + 1;
end = r + n;
to_hash.extend(A.compress().to_bytes());
to_hash.extend(AH.compress().to_bytes());
c = hash_to_scalar(&to_hash);
end = r;
i = (end + 1) % n;
if i == 0 {
c1 = c;
}
},
#[cfg(feature = "experimental")]
Mode::Verify(c1) => {
end = 0;
i = 0;
start = 0;
end = n;
c = c1;
}
}
let mut first = true;
while (i != end) || first {
first = false;
let mut c1 = None;
for i in (start .. end).map(|i| i % n) {
if i == 0 {
c1 = Some(c);
}
let c_p = mu_P * c;
let c_c = mu_C * c;
@@ -182,14 +178,9 @@ fn core(
to_hash.extend(L.compress().to_bytes());
to_hash.extend(R.compress().to_bytes());
c = hash_to_scalar(&to_hash);
i = (i + 1) % n;
if i == 0 {
c1 = c;
}
}
((D_bytes, c * mu_P, c * mu_C), c1)
((D_bytes, c * mu_P, c * mu_C), c1.unwrap_or(c))
}
pub(crate) fn sign_core<R: RngCore + CryptoRng>(

1
coins/monero/src/clsag/multisig.rs
View File

@@ -260,7 +260,6 @@ impl Algorithm<Ed25519> for Multisig {
sum: dfg::Scalar
) -> Option<Self::Signature> {
let interim = self.interim.as_ref().unwrap();
let mut clsag = interim.clsag.clone();
clsag.s[usize::from(self.input().decoys.i)] = Key { key: (sum.0 - interim.c).to_bytes() };
if verify(&clsag, &self.input().decoys.ring, &self.image, &interim.pseudo_out, &self.msg()).is_ok() {