Add MLSAG verifying functionality

coins/monero/src/ringct/mlsag/mod.rs

@@ -1,12 +1,13 @@
+#![allow(non_snake_case)]
+
 use std::io;
 use std::io::{Read, Write};
 
-
 use curve25519_dalek::scalar::Scalar;
+use curve25519_dalek::edwards::EdwardsPoint;
 
-use crate::{
-  serialize::*,
-};
+use crate::{hash_to_scalar, serialize::*};
+use crate::ringct::hash_to_point;
 
 /// MLSAG signature, as used in Monero.
 #[derive(Clone, PartialEq, Eq, Debug)]
@@ -31,4 +32,35 @@ impl Mlsag {
       cc: read_scalar(r)?,
     })
   }
+
+  fn verify(&self, msg: &[u8; 32], ring: &[[EdwardsPoint; 2]], I: &EdwardsPoint) -> bool {
+    let mut buf = Vec::with_capacity(32 * 6);
+
+
+    let mut ci = self.cc;
+
+    for i in 0..ring.len() {
+      buf.extend_from_slice(msg);
+      buf.extend_from_slice(ring[i][0].compress().as_bytes());
+
+      let L1 = EdwardsPoint::vartime_double_scalar_mul_basepoint(&ci, &ring[i][0], &self.ss[i][0]);
+      buf.extend_from_slice(L1.compress().as_bytes());
+
+      let temp = hash_to_point(ring[i][0]);
+
+      let R = self.ss[i][0] * temp + ci * I;
+      buf.extend_from_slice(R.compress().as_bytes());
+
+      buf.extend_from_slice(ring[i][1].compress().as_bytes());
+
+
+      let L2 = EdwardsPoint::vartime_double_scalar_mul_basepoint(&ci, &ring[i][1], &self.ss[i][1]);
+      buf.extend_from_slice(L2.compress().as_bytes());
+
+      ci = hash_to_scalar(&buf);
+      buf.clear();
+    }
+
+    ci == self.cc
+  }
 }

coins/monero/src/ringct/mod.rs

@@ -10,9 +10,9 @@ pub use hash_to_point::{raw_hash_to_point, hash_to_point};
 
 /// CLSAG struct, along with signing and verifying functionality.
 pub mod clsag;
-/// MLSAG struct.
+/// MLSAG struct, along with verifying functionality.
 pub mod mlsag;
-/// RangeSig struct.
+/// RangeSig struct, along with verifying functionality.
 pub mod borromean;
 /// Bulletproofs(+) structs, along with proving and verifying functionality.
 pub mod bulletproofs;