Slightly simplify CLSAG signing

Expands its test to test all possible ring indexes, though just 0 and a single n would be sufficient.
2025-12-09 04:39:24 +00:00 · 2022-05-14 00:45:13 -04:00
parent 0aeab04c70
commit 94bd30083b
4 changed files with 54 additions and 60 deletions
--- a/coins/monero/tests/clsag.rs
+++ b/coins/monero/tests/clsag.rs
@@ -16,50 +16,54 @@ mod frost;
 #[cfg(feature = "multisig")]
 use crate::frost::{THRESHOLD, generate_keys, sign};

-const RING_INDEX: u8 = 3;
 const RING_LEN: u64 = 11;
 const AMOUNT: u64 = 1337;

+#[cfg(feature = "multisig")]
+const RING_INDEX: u8 = 3;
+
 #[test]
 fn clsag() {
-  let msg = [1; 32];
+  for real in 0 .. RING_LEN {
+    let msg = [1; 32];

-  let mut secrets = [Scalar::zero(), Scalar::zero()];
-  let mut ring = vec![];
-  for i in 0 .. RING_LEN {
-    let dest = random_scalar(&mut OsRng);
-    let mask = random_scalar(&mut OsRng);
-    let amount;
-    if i == u64::from(RING_INDEX) {
-      secrets = [dest, mask];
-      amount = AMOUNT;
-    } else {
-      amount = OsRng.next_u64();
+    let mut secrets = [Scalar::zero(), Scalar::zero()];
+    let mut ring = vec![];
+    for i in 0 .. RING_LEN {
+      let dest = random_scalar(&mut OsRng);
+      let mask = random_scalar(&mut OsRng);
+      let amount;
+      if i == u64::from(real) {
+        secrets = [dest, mask];
+        amount = AMOUNT;
+      } else {
+        amount = OsRng.next_u64();
+      }
+      ring.push([&dest * &ED25519_BASEPOINT_TABLE, Commitment::new(mask, amount).calculate()]);
    }
-    ring.push([&dest * &ED25519_BASEPOINT_TABLE, Commitment::new(mask, amount).calculate()]);
-  }

-  let image = key_image::generate(&secrets[0]);
-  let (clsag, pseudo_out) = clsag::sign(
-    &mut OsRng,
-    &vec![(
-      secrets[0],
-      image,
-      clsag::Input::new(
-        Commitment::new(secrets[1], AMOUNT),
-        Decoys {
-          i: RING_INDEX,
-          offsets: (1 ..= RING_LEN).into_iter().map(|o| VarInt(o)).collect(),
-          ring: ring.clone()
-        }
-      ).unwrap()
-    )],
-    random_scalar(&mut OsRng),
-    msg
-  ).unwrap().swap_remove(0);
-  clsag::verify(&clsag, &ring, &image, &pseudo_out, &msg).unwrap();
-  #[cfg(feature = "experimental")]
-  clsag::rust_verify(&clsag, &ring, &image, &pseudo_out, &msg).unwrap();
+    let image = key_image::generate(&secrets[0]);
+    let (clsag, pseudo_out) = clsag::sign(
+      &mut OsRng,
+      &vec![(
+        secrets[0],
+        image,
+        clsag::Input::new(
+          Commitment::new(secrets[1], AMOUNT),
+          Decoys {
+            i: u8::try_from(real).unwrap(),
+            offsets: (1 ..= RING_LEN).into_iter().map(|o| VarInt(o)).collect(),
+            ring: ring.clone()
+          }
+        ).unwrap()
+      )],
+      random_scalar(&mut OsRng),
+      msg
+    ).unwrap().swap_remove(0);
+    clsag::verify(&clsag, &ring, &image, &pseudo_out, &msg).unwrap();
+    #[cfg(feature = "experimental")]
+    clsag::rust_verify(&clsag, &ring, &image, &pseudo_out, &msg).unwrap();
+  }
 }

 #[cfg(feature = "multisig")]
--- a/coins/monero/tests/key_image.rs
+++ b/coins/monero/tests/key_image.rs
@@ -10,7 +10,7 @@ mod frost;
 use crate::frost::{THRESHOLD, PARTICIPANTS, generate_keys};

 #[test]
-fn test() {
+fn key_image() {
  let (keys, group_private) = generate_keys();
  let image = key_image::generate(&group_private);