Zarcanum PoS proofs & wallet's mining code made compatible with non-explicit asset id outputs

2023-08-08 16:58:49 +02:00 · 2023-08-08 16:58:49 +02:00 · 46e4919245
commit 46e4919245
parent 256f60311a
4 changed files with 69 additions and 65 deletions
--- a/src/crypto/zarcanum.cpp
+++ b/src/crypto/zarcanum.cpp
@ -65,13 +65,14 @@ namespace crypto
  
  bool zarcanum_generate_proof(const hash& m, const hash& kernel_hash, const std::vector<CLSAG_GGXXG_input_ref_t>& ring,
    const scalar_t& last_pow_block_id_hashed, const key_image& stake_ki,
-    const scalar_t& secret_x, const scalar_t& secret_q, uint64_t secret_index, const crypto::scalar_t& stake_out_asset_id_blinding_mask, const scalar_t& pseudo_out_blinding_mask, uint64_t stake_amount, const scalar_t& stake_blinding_mask,
+    const scalar_t& secret_x, const scalar_t& secret_q, uint64_t secret_index, uint64_t stake_amount,
+    const scalar_t& stake_out_asset_id_blinding_mask, const scalar_t& stake_out_amount_blinding_mask, const scalar_t& pseudo_out_amount_blinding_mask,
    zarcanum_proof& result, uint8_t* p_err /* = nullptr */)
  {
    DBG_PRINT("zarcanum_generate_proof");
    const scalar_t a = stake_amount;
    const scalar_t h = scalar_t(kernel_hash);
-    const scalar_t f_plus_q = stake_blinding_mask + secret_q;
+    const scalar_t f_plus_q = stake_out_amount_blinding_mask + secret_q;
    const scalar_t f_plus_q_plus_fp = f_plus_q + last_pow_block_id_hashed;
    const scalar_t lhs = h * f_plus_q_plus_fp;                                                                // == h * (f + q + f') mod l
    const mp::uint256_t d_mp = lhs.as_boost_mp_type<mp::uint256_t>() / (c_zarcanum_z_coeff_mp * stake_amount) + 1;
@ -151,7 +152,7 @@ namespace crypto
    // layer 1 ring
    //     ring[j].amount_commitment - pseudo_out_amount_commitment
    // layer 1 secret (with respect to G)
-    //     stake_blinding_mask - pseudo_out_blinding_mask
+    //     stake_out_amount_blinding_mask - pseudo_out_amount_blinding_mask ( = f_i - f'_i )
    //
    // additional layer for confidential assets:
    //
@ -165,22 +166,24 @@ namespace crypto
    // layer 3 ring
    //     C - A[j] - Q[j]
    // layer 3 secret (with respect to X)
-    //     x0
+    //     x0 - a * stake_out_asset_id_blinding_mask  ( = x - a * r_i )
    //
    // layer 4 ring
    //     Q[j]
    // layer 4 secret (with respect to G)
    //     secret_q

-    // such pseudo_out_asset_id_blinding_mask effectively makes pseudo_out_blinded_asset_id == currency::native_coin_asset_id_pt == crypto::point_H
-    scalar_t pseudo_out_asset_id_blinding_mask = -stake_out_asset_id_blinding_mask;                                                     // T^p_i = T_i + (-r_i) * X = H_i
+    // such pseudo_out_asset_id_blinding_mask effectively makes pseudo_out_blinded_asset_id == currency::native_coin_asset_id_pt == point_H
+    scalar_t pseudo_out_asset_id_blinding_mask = -stake_out_asset_id_blinding_mask;                                                     // T^p_i = T_i + (-r_i) * X = H

-    point_t pseudo_out_amount_commitment = a * crypto::c_point_H + pseudo_out_blinding_mask * crypto::c_point_G;                        // A^p_i = a_i * H_i + f'_i * G
-    result.pseudo_out_amount_commitment = (crypto::c_scalar_1div8 * pseudo_out_amount_commitment).to_public_key();
+    point_t stake_out_asset_id = c_point_H + stake_out_asset_id_blinding_mask * c_point_X;                                      // T_i   = H + r_i * X
+
+    point_t pseudo_out_amount_commitment = a * stake_out_asset_id + pseudo_out_amount_blinding_mask * c_point_G;                // A^p_i = a_i * T_i + f'_i * G
+    result.pseudo_out_amount_commitment = (c_scalar_1div8 * pseudo_out_amount_commitment).to_public_key();

    TRY_ENTRY()
-    CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(generate_CLSAG_GGXXG(m, ring, pseudo_out_amount_commitment, crypto::c_point_H, C, stake_ki,
-      secret_x, stake_blinding_mask - pseudo_out_blinding_mask, -pseudo_out_asset_id_blinding_mask, x0, secret_q, secret_index,
+    CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(generate_CLSAG_GGXXG(m, ring, pseudo_out_amount_commitment, c_point_H, C, stake_ki,
+      secret_x, stake_out_amount_blinding_mask - pseudo_out_amount_blinding_mask, -pseudo_out_asset_id_blinding_mask, x0 - a * stake_out_asset_id_blinding_mask, secret_q, secret_index,
      result.clsag_ggxxg), 20);
    CATCH_ENTRY2(false);

@ -221,7 +224,7 @@ namespace crypto
      //}

      // make sure 0 < d <= l / floor(z * D)
-      const mp::uint256_t l_div_z_D_mp = crypto::zarcanum_precalculate_l_div_z_D(pos_difficulty);
+      const mp::uint256_t l_div_z_D_mp = zarcanum_precalculate_l_div_z_D(pos_difficulty);
      const scalar_t l_div_z_D(l_div_z_D_mp);
      CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(!sig.d.is_zero() && sig.d < l_div_z_D, 2);
      const scalar_t dz = sig.d * c_zarcanum_z_coeff_s;
@ -261,7 +264,7 @@ namespace crypto

      CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(bppe_verify<bpp_crypto_trait_Zarcanum>(range_proofs), 10);

-      static public_key native_coin_asset_id = (crypto::c_scalar_1div8 * crypto::c_point_H).to_public_key(); // consider making it less ugly -- sowle
+      static public_key native_coin_asset_id = (c_scalar_1div8 * c_point_H).to_public_key(); // consider making it less ugly -- sowle

      // check extended CLSAG-GGXG ring signature
      CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(verify_CLSAG_GGXXG(m, ring, sig.pseudo_out_amount_commitment, native_coin_asset_id, sig.C, stake_ki, sig.clsag_ggxxg), 1);
@ -305,7 +308,7 @@ namespace crypto
    CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(n == amount_commitments_for_rp_aggregation.size(), 5);
    CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(n == blinded_asset_ids.size(), 6);

-    crypto::hash_helper_t::hs_t hash_calculator(1 + 3 * n);
+    hash_helper_t::hs_t hash_calculator(1 + 3 * n);
    hash_calculator.add_hash(m);
    hash_calculator.add_points_array(amount_commitments);
    hash_calculator.add_points_array(amount_commitments_for_rp_aggregation);
@ -314,22 +317,22 @@ namespace crypto

 #ifndef NDEBUG
    for(size_t j = 0; j < n; ++j)
-      CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(amount_commitments[j] + w * amount_commitments_for_rp_aggregation[j] == u_secrets[j] * (blinded_asset_ids[j] + w * crypto::c_point_U) + (g_secrets0[j] + w * g_secrets1[j]) * c_point_G, 20);
+      CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(amount_commitments[j] + w * amount_commitments_for_rp_aggregation[j] == u_secrets[j] * (blinded_asset_ids[j] + w * c_point_U) + (g_secrets0[j] + w * g_secrets1[j]) * c_point_G, 20);
 #endif

    result.amount_commitments_for_rp_aggregation.clear();
    result.y0s.clear();
    result.y1s.clear();

-    crypto::scalar_vec_t r0, r1;
+    scalar_vec_t r0, r1;
    r0.resize_and_make_random(n);
    r1.resize_and_make_random(n);

-    std::vector<crypto::point_t> asset_tag_plus_U_vec(n);
+    std::vector<point_t> asset_tag_plus_U_vec(n);
    for(size_t j = 0; j < n; ++j)
-      asset_tag_plus_U_vec[j] = blinded_asset_ids[j] + w * crypto::c_point_U;
+      asset_tag_plus_U_vec[j] = blinded_asset_ids[j] + w * c_point_U;

-    std::vector<crypto::point_t> R(n);
+    std::vector<point_t> R(n);
    for(size_t j = 0; j < n; ++j)
      R[j].assign_mul_plus_G(r0[j], asset_tag_plus_U_vec[j], r1[j]); // R[j] = r0[j] * asset_tag_plus_U_vec[j] + r1[j] * G

@ -343,7 +346,7 @@ namespace crypto
    {
      result.y0s.emplace_back(r0[j] - result.c * u_secrets[j]);
      result.y1s.emplace_back(r1[j] - result.c * (g_secrets0[j] + w * g_secrets1[j]));
-      result.amount_commitments_for_rp_aggregation.emplace_back((crypto::c_scalar_1div8 * amount_commitments_for_rp_aggregation[j]).to_public_key());
+      result.amount_commitments_for_rp_aggregation.emplace_back((c_scalar_1div8 * amount_commitments_for_rp_aggregation[j]).to_public_key());
    }

    return true;
@ -367,14 +370,14 @@ namespace crypto
      CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(sig.y0s.size() == n, 4);
      CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(sig.y1s.size() == n, 5);

-      crypto::hash_helper_t::hs_t hash_calculator(1 + 3 * n);
+      hash_helper_t::hs_t hash_calculator(1 + 3 * n);
      hash_calculator.add_hash(m);
      DBG_VAL_PRINT(m);

      std::vector<point_t> amount_commitments_pt;
      for(size_t j = 0; j < n; ++j)
      {
-        point_t A = crypto::point_t(*amount_commitments_1div8[j]).modify_mul8();
+        point_t A = point_t(*amount_commitments_1div8[j]).modify_mul8();
        hash_calculator.add_point(A);
        amount_commitments_pt.emplace_back(A);
        DBG_VAL_PRINT(A);
@ -383,7 +386,7 @@ namespace crypto
      std::vector<point_t> amount_commitments_for_rp_aggregation_pt;
      for(size_t j = 0; j < n; ++j)
      {
-        point_t Arpa = crypto::point_t(sig.amount_commitments_for_rp_aggregation[j]).modify_mul8();
+        point_t Arpa = point_t(sig.amount_commitments_for_rp_aggregation[j]).modify_mul8();
        hash_calculator.add_point(Arpa); // TODO @#@ performance: consider adding premultiplied by 1/8 points to the hash
        amount_commitments_for_rp_aggregation_pt.emplace_back(Arpa);
        DBG_VAL_PRINT(Arpa);
@ -392,22 +395,22 @@ namespace crypto
      scalar_t w = hash_calculator.calc_hash(false); // don't clear the buffer
      DBG_VAL_PRINT(w);

-      std::vector<crypto::point_t> asset_tag_plus_U_vec(n);
+      std::vector<point_t> asset_tag_plus_U_vec(n);
      for(size_t j = 0; j < n; ++j)
-        asset_tag_plus_U_vec[j] = crypto::point_t(*blinded_asset_ids_1div8[j]).modify_mul8() + w * crypto::c_point_U;
+        asset_tag_plus_U_vec[j] = point_t(*blinded_asset_ids_1div8[j]).modify_mul8() + w * c_point_U;
      DBG_VAL_PRINT(asset_tag_plus_U_vec);

      for(size_t j = 0; j < n; ++j)
      {
-        hash_calculator.add_pub_key(crypto::point_t(
+        hash_calculator.add_pub_key(point_t(
          sig.y0s[j] * asset_tag_plus_U_vec[j] +
-          sig.y1s[j] * crypto::c_point_G +
+          sig.y1s[j] * c_point_G +
          sig.c      * (amount_commitments_pt[j] + w * amount_commitments_for_rp_aggregation_pt[j])
        ).to_public_key());
        DBG_VAL_PRINT(hash_calculator.m_elements.back().pk);
      }

-      crypto::scalar_t c = hash_calculator.calc_hash();
+      scalar_t c = hash_calculator.calc_hash();
      DBG_VAL_PRINT(c); DBG_VAL_PRINT(sig.c);
      CHECK_AND_FAIL_WITH_ERROR_IF_FALSE(sig.c == c, 0);
    }
--- a/src/crypto/zarcanum.h
+++ b/src/crypto/zarcanum.h
@ -37,17 +37,18 @@ namespace crypto
    
    bppe_signature E_range_proof;

-    crypto::public_key pseudo_out_amount_commitment; // premultiplied by 1/8
+    public_key pseudo_out_amount_commitment; // premultiplied by 1/8
    CLSAG_GGXXG_signature clsag_ggxxg;
  };

-  bool zarcanum_generate_proof(const hash& m, const hash& kernel_hash, const std::vector<crypto::CLSAG_GGXXG_input_ref_t>& ring,
+  bool zarcanum_generate_proof(const hash& m, const hash& kernel_hash, const std::vector<CLSAG_GGXXG_input_ref_t>& ring,
    const scalar_t& last_pow_block_id_hashed, const key_image& stake_ki,
-    const scalar_t& secret_x, const scalar_t& secret_q, uint64_t secret_index, const crypto::scalar_t& stake_out_asset_id_blinding_mask, const scalar_t& pseudo_out_blinding_mask, uint64_t stake_amount, const scalar_t& stake_blinding_mask,
+    const scalar_t& secret_x, const scalar_t& secret_q, uint64_t secret_index, uint64_t stake_amount,
+    const scalar_t& stake_out_asset_id_blinding_mask, const scalar_t& stake_out_amount_blinding_mask, const scalar_t& pseudo_out_amount_blinding_mask,
    zarcanum_proof& result, uint8_t* p_err = nullptr);
  

-  bool zarcanum_verify_proof(const hash& m, const hash& kernel_hash, const std::vector<crypto::CLSAG_GGXXG_input_ref_t>& ring,
+  bool zarcanum_verify_proof(const hash& m, const hash& kernel_hash, const std::vector<CLSAG_GGXXG_input_ref_t>& ring,
    const scalar_t& last_pow_block_id_hashed, const key_image& stake_ki,
    const mp::uint128_t& pos_difficulty,
    const zarcanum_proof& sig, uint8_t* p_err = nullptr) noexcept;
@ -174,9 +175,9 @@ namespace crypto
  };

  bool generate_vector_UG_aggregation_proof(const hash& m, const scalar_vec_t& u_secrets, const scalar_vec_t& g_secrets0, const scalar_vec_t& g_secrets1,
-    const std::vector<crypto::point_t>& amount_commitments,
-    const std::vector<crypto::point_t>& amount_commitments_for_rp_aggregation, 
-    const std::vector<crypto::point_t>& blinded_asset_ids, 
+    const std::vector<point_t>& amount_commitments,
+    const std::vector<point_t>& amount_commitments_for_rp_aggregation, 
+    const std::vector<point_t>& blinded_asset_ids, 
    vector_UG_aggregation_proof& result, uint8_t* p_err = nullptr);

  bool verify_vector_UG_aggregation_proof(const hash& m, const std::vector<const public_key*> amount_commitments_1div8, const std::vector<const public_key*> blinded_asset_ids_1div8,
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@ -4106,6 +4106,7 @@ bool wallet2::prepare_and_sign_pos_block(const mining_context& cxt, uint64_t ful
  WLT_CHECK_AND_ASSERT_MES(b.miner_tx.vin[1].type() == typeid(currency::txin_zc_input), false, "Wrong input 1 type in transaction: " << b.miner_tx.vin[1].type().name());
  WLT_CHECK_AND_ASSERT_MES(b.miner_tx.signatures.size() == 1 && b.miner_tx.signatures[0].type() == typeid(zarcanum_sig), false, "wrong sig prepared in a PoS block");
  WLT_CHECK_AND_ASSERT_MES(stake_out_v.type() == typeid(tx_out_zarcanum), false, "unexpected stake output type: " << stake_out_v.type().name() << ", expected: tx_out_zarcanum");
+  WLT_CHECK_AND_ASSERT_MES(td.m_zc_info_ptr->asset_id == currency::native_coin_asset_id, false, "attempted to stake an output with a non-native asset id");

  zarcanum_sig& sig = boost::get<zarcanum_sig>(b.miner_tx.signatures[0]);
  txin_zc_input& stake_input = boost::get<txin_zc_input>(b.miner_tx.vin[1]);
@ -4179,13 +4180,13 @@ bool wallet2::prepare_and_sign_pos_block(const mining_context& cxt, uint64_t ful
  }
  stake_input.k_image = pe.keyimage;

-  #ifndef NDEBUG
+  crypto::point_t stake_out_blinded_asset_id_pt = currency::native_coin_asset_id_pt + td.m_zc_info_ptr->asset_id_blinding_mask * crypto::c_point_X; 
+#ifndef NDEBUG
  {
-    crypto::point_t source_amount_commitment = crypto::c_scalar_1div8 * td.m_amount * crypto::c_point_H + crypto::c_scalar_1div8 * td.m_zc_info_ptr->amount_blinding_mask * crypto::c_point_G;
+    crypto::point_t source_amount_commitment = crypto::c_scalar_1div8 * td.m_amount * stake_out_blinded_asset_id_pt + crypto::c_scalar_1div8 * td.m_zc_info_ptr->amount_blinding_mask * crypto::c_point_G;
    WLT_CHECK_AND_ASSERT_MES(stake_out.amount_commitment == source_amount_commitment.to_public_key(), false, "real output amount commitment check failed");
    WLT_CHECK_AND_ASSERT_MES(ring[secret_index].amount_commitment == stake_out.amount_commitment, false, "ring secret member doesn't match with the stake output");
    WLT_CHECK_AND_ASSERT_MES(cxt.stake_amount == td.m_amount, false, "stake_amount missmatch");
-    //WLT_CHECK_AND_ASSERT_MES(source_amount_commitment == cxt.stake_amount * cxt.stake_out_blinded_asset_id + cxt.stake_out_amount_blinding_mask * crypto::c_point_G, false, "source_amount_commitment missmatch");
  }
  #endif

@ -4194,19 +4195,19 @@ bool wallet2::prepare_and_sign_pos_block(const mining_context& cxt, uint64_t ful
  WLT_CHECK_AND_ASSERT_MES(miner_tx_tgc.pseudo_out_amount_blinding_masks_sum.is_zero(), false, "pseudo_out_amount_blinding_masks_sum is nonzero"); // it should be zero because there's only one input (stake), and thus one pseudo out
  crypto::scalar_t pseudo_out_amount_blinding_mask = miner_tx_tgc.amount_blinding_masks_sum; // sum of outputs' amount blinding masks

-  miner_tx_tgc.pseudo_outs_blinded_asset_ids.emplace_back(currency::native_coin_asset_id_pt);
+  miner_tx_tgc.pseudo_outs_blinded_asset_ids.emplace_back(currency::native_coin_asset_id_pt); // for Zarcanum stake inputs pseudo outputs commitments has explicit native asset id
  miner_tx_tgc.pseudo_outs_plus_real_out_blinding_masks.emplace_back(0);
  miner_tx_tgc.real_zc_ins_asset_ids.emplace_back(td.m_zc_info_ptr->asset_id);
+  // TODO @#@# [architecture] the same value is calculated in zarcanum_generate_proof(), consider an impovement 
+  miner_tx_tgc.pseudo_out_amount_commitments_sum += cxt.stake_amount * stake_out_blinded_asset_id_pt + pseudo_out_amount_blinding_mask * crypto::c_point_G;
+  miner_tx_tgc.real_in_asset_id_blinding_mask_x_amount_sum += td.m_zc_info_ptr->asset_id_blinding_mask * cxt.stake_amount;

  uint8_t err = 0;
  r = crypto::zarcanum_generate_proof(hash_for_zarcanum_sig, cxt.kernel_hash, ring, cxt.last_pow_block_id_hashed, cxt.sk.kimage,
-    secret_x, cxt.secret_q, secret_index, td.m_zc_info_ptr->asset_id_blinding_mask, pseudo_out_amount_blinding_mask, cxt.stake_amount, cxt.stake_out_amount_blinding_mask,
+    secret_x, cxt.secret_q, secret_index, cxt.stake_amount, td.m_zc_info_ptr->asset_id_blinding_mask, cxt.stake_out_amount_blinding_mask, pseudo_out_amount_blinding_mask, 
    static_cast<crypto::zarcanum_proof&>(sig), &err);
  WLT_CHECK_AND_ASSERT_MES(r, false, "zarcanum_generate_proof failed, err: " << (int)err);

-  // TODO @#@# [architecture] the same value is calculated in zarcanum_generate_proof(), consider an impovement 
-  miner_tx_tgc.pseudo_out_amount_commitments_sum += cxt.stake_amount * currency::native_coin_asset_id_pt + pseudo_out_amount_blinding_mask * crypto::c_point_G;
-
  //
  // The miner tx prefix should be sealed by now, and the tx hash should be defined.
  // Any changes made below should only affect the signatures/proofs and should not impact the prefix hash calculation.   
@ -5823,7 +5824,7 @@ assets_selection_context wallet2::get_needed_money(uint64_t fee, const std::vect
      amounts_map.erase(amounts_map.find(dt.asset_id));
    }
  }
-  return std::move(amounts_map);
+  return amounts_map;
 }
 //----------------------------------------------------------------------------------------------------------------
 void wallet2::set_disable_tor_relay(bool disable)
@ -6102,34 +6103,33 @@ bool wallet2::get_actual_offers(std::list<bc_services::offer_details_ex>& offers
 //----------------------------------------------------------------------------------------------------
 bool wallet2::expand_selection_with_zc_input(assets_selection_context& needed_money_map, uint64_t fake_outputs_count, std::vector<uint64_t>& selected_indexes)
 {
-
-    free_amounts_cache_type& found_free_amounts = m_found_free_amounts[currency::native_coin_asset_id];
-    auto& asset_needed_money_item = needed_money_map[currency::native_coin_asset_id];
-    //need to add ZC input
-    for (auto it = found_free_amounts.begin(); it != found_free_amounts.end(); it++)
+  free_amounts_cache_type& found_free_amounts = m_found_free_amounts[currency::native_coin_asset_id];
+  auto& asset_needed_money_item = needed_money_map[currency::native_coin_asset_id];
+  //need to add ZC input
+  for (auto it = found_free_amounts.begin(); it != found_free_amounts.end(); it++)
+  {
+    for (auto it_in_amount = it->second.begin(); it_in_amount != it->second.end(); it_in_amount++)
    {
-      for (auto it_in_amount = it->second.begin(); it_in_amount != it->second.end(); it_in_amount++)
+      if (!m_transfers[*it_in_amount].is_zc())
      {
-        if (!m_transfers[*it_in_amount].is_zc())
-        {
-          continue;
-        }
+        continue;
+      }

-        if (is_transfer_ready_to_go(m_transfers[*it->second.begin()], fake_outputs_count))
+      if (is_transfer_ready_to_go(m_transfers[*it->second.begin()], fake_outputs_count))
+      {
+        asset_needed_money_item.found_amount += it->first;
+        selected_indexes.push_back(*it_in_amount);
+        it->second.erase(it_in_amount);
+        if (!it->second.size())
        {
-          asset_needed_money_item.found_amount += it->first;
-          selected_indexes.push_back(*it_in_amount);
-          it->second.erase(it_in_amount);
-          if (!it->second.size())
-          {
-            found_free_amounts.erase(it);
-          }
-          return true;
+          found_free_amounts.erase(it);
        }
+        return true;
      }
    }
-    WLT_THROW_IF_FALSE_WALLET_EX_MES(false , error::no_zc_inputs, "Missing ZC inputs for TX_FLAG_SIGNATURE_MODE_SEPARATE operation");
-    return true;
+  }
+  WLT_THROW_IF_FALSE_WALLET_EX_MES(false, error::no_zc_inputs, "At least one ZC is required for the operation, but none were found");
+  return true;
 }
 //----------------------------------------------------------------------------------------------------
 bool wallet2::select_indices_for_transfer(assets_selection_context& needed_money_map, uint64_t fake_outputs_count, std::vector<uint64_t>& selected_indexes)
--- a/tests/core_tests/pos_block_builder.cpp
+++ b/tests/core_tests/pos_block_builder.cpp
@ -233,7 +233,7 @@ void pos_block_builder::step5_sign(const currency::tx_source_entry& se, const cu

    uint8_t err = 0;
    r = crypto::zarcanum_generate_proof(tx_hash_for_sig, m_context.kernel_hash, ring, m_context.last_pow_block_id_hashed, m_context.sk.kimage,
-      secret_x, m_context.secret_q, prepared_real_out_index, se.real_out_asset_id_blinding_mask, -m_miner_tx_tgc.amount_blinding_masks_sum, m_context.stake_amount, m_context.stake_out_amount_blinding_mask,
+      secret_x, m_context.secret_q, prepared_real_out_index,m_context.stake_amount, se.real_out_asset_id_blinding_mask,  m_context.stake_out_amount_blinding_mask, -m_miner_tx_tgc.amount_blinding_masks_sum,
      static_cast<crypto::zarcanum_proof&>(sig), &err);
    CHECK_AND_ASSERT_THROW_MES(r, "zarcanum_generate_proof failed, err: " << (int)err);
  }