crypto: 5-layers extended CLSAG is introduced for Zarcanum + confidential assets needs (stubs so far, tbd)

2023-03-20 21:21:47 +01:00 · 2023-03-20 21:21:47 +01:00 · 4f1d01fc73
commit 4f1d01fc73
parent 96753bbc94
5 changed files with 89 additions and 5 deletions
--- a/src/common/crypto_serialization.h
+++ b/src/common/crypto_serialization.h
@ -135,6 +135,29 @@ namespace crypto
    END_BOOST_SERIALIZATION()
  };

+  struct CLSAG_GGXXG_signature_serialized : public CLSAG_GGXXG_signature
+  {
+    BEGIN_SERIALIZE_OBJECT()
+      FIELD(c)
+      FIELD_N("r_g", (std::vector<scalar_t>&)(r_g))
+      FIELD_N("r_x", (std::vector<scalar_t>&)(r_x))
+      FIELD(K1)
+      FIELD(K2)
+      FIELD(K3)
+      FIELD(K4)
+    END_SERIALIZE()
+
+    BEGIN_BOOST_SERIALIZATION()
+      BOOST_SERIALIZE(c)
+      BOOST_SERIALIZE((std::vector<scalar_t>&)(r_g))
+      BOOST_SERIALIZE((std::vector<scalar_t>&)(r_x))
+      BOOST_SERIALIZE(K1)
+      BOOST_SERIALIZE(K2)
+      BOOST_SERIALIZE(K3)
+      BOOST_SERIALIZE(K4)
+    END_BOOST_SERIALIZATION()
+  };
+
  struct vector_UG_aggregation_proof_serialized : public vector_UG_aggregation_proof
  {
    BEGIN_SERIALIZE_OBJECT()
--- a/src/crypto/clsag.cpp
+++ b/src/crypto/clsag.cpp
@ -801,4 +801,22 @@ namespace crypto
    return c_prev == sig.c;
  }

+
+  //---------------------------------------------------------------
+
+
+  bool generate_CLSAG_GGXXG(const hash& m, const std::vector<CLSAG_GGXXG_input_ref_t>& ring, const point_t& pseudo_out_amount_commitment, const point_t& pseudo_out_asset_id, const point_t& extended_amount_commitment, const key_image& ki,
+    const scalar_t& secret_0_xp, const scalar_t& secret_1_f, const scalar_t& secret_2_t, const scalar_t& secret_2_x, const scalar_t& secret_3_q, uint64_t secret_index, CLSAG_GGXXG_signature& sig)
+  {
+    return true;
+  }
+
+  bool verify_CLSAG_GGXXG(const hash& m, const std::vector<CLSAG_GGXXG_input_ref_t>& ring, const public_key& pseudo_out_amount_commitment, const public_key& pseudo_out_asset_id, const public_key& extended_amount_commitment, const key_image& ki,
+    const CLSAG_GGXXG_signature& sig)
+  {
+    return false;
+  }
+
+
+
 } // namespace crypto
--- a/src/crypto/clsag.h
+++ b/src/crypto/clsag.h
@ -130,4 +130,47 @@ namespace crypto
  bool verify_CLSAG_GGXG(const hash& m, const std::vector<CLSAG_GGXG_input_ref_t>& ring, const public_key& pseudo_out_amount_commitment,
    const public_key& extended_amount_commitment, const key_image& ki, const CLSAG_GGXG_signature& sig);

+
+
+  //
+  // 5-CLSAG
+  //
+
+
+  // 5-CLSAG signature (with respect to the group element G, G, X, X, G -- that's why 'GGXXG')
+  struct CLSAG_GGXXG_signature
+  {
+    scalar_t      c;
+    scalar_vec_t  r_g;  // for G-components (layers 0, 1, 4), size = size of the ring
+    scalar_vec_t  r_x;  // for X-component  (layers 2, 3),    size = size of the ring
+    public_key    K1;   // auxiliary key image for layer 1 (G)
+    public_key    K2;   // auxiliary key image for layer 2 (X)
+    public_key    K3;   // auxiliary key image for layer 2 (X)
+    public_key    K4;   // auxiliary key image for layer 3 (G)
+  };
+
+  struct CLSAG_GGXXG_input_ref_t : public CLSAG_GGX_input_ref_t
+  {
+    CLSAG_GGXXG_input_ref_t(const public_key& stealth_address, const public_key& amount_commitment, const public_key& blinded_asset_id, const public_key& concealing_point)
+      : CLSAG_GGX_input_ref_t(stealth_address, amount_commitment, blinded_asset_id)
+      , concealing_point(concealing_point)
+    {}
+
+    const public_key& concealing_point; // Q, premultiplied by 1/8
+  };
+
+  // pseudo_out_amount_commitment -- not premultiplied by 1/8
+  // pseudo_out_asset_id          -- not premultiplied by 1/8
+  // extended_amount_commitment   -- not premultiplied by 1/8
+  bool generate_CLSAG_GGXXG(const hash& m, const std::vector<CLSAG_GGXXG_input_ref_t>& ring, const point_t& pseudo_out_amount_commitment, const point_t& pseudo_out_asset_id, const point_t& extended_amount_commitment, const key_image& ki,
+    const scalar_t& secret_0_xp, const scalar_t& secret_1_f, const scalar_t& secret_2_t, const scalar_t& secret_2_x, const scalar_t& secret_3_q, uint64_t secret_index, CLSAG_GGXXG_signature& sig);
+
+  // pseudo_out_amount_commitment -- premultiplied by 1/8
+  // pseudo_out_asset_id          -- premultiplied by 1/8
+  // extended_amount_commitment   -- premultiplied by 1/8
+  // may throw an exception TODO @#@# make sure it's okay
+  bool verify_CLSAG_GGXXG(const hash& m, const std::vector<CLSAG_GGXXG_input_ref_t>& ring, const public_key& pseudo_out_amount_commitment, const public_key& pseudo_out_asset_id, const public_key& extended_amount_commitment, const key_image& ki,
+    const CLSAG_GGXXG_signature& sig);
+
+
 } // namespace crypto
--- a/src/currency_core/blockchain_storage.cpp
+++ b/src/currency_core/blockchain_storage.cpp
@ -5486,10 +5486,10 @@ bool blockchain_storage::validate_pos_block(const block& b,
    CHECK_AND_ASSERT_MES(max_related_block_height <= last_pow_block_height, false, "stake input refs' max related block height is " << max_related_block_height << " while last PoW block height is " << last_pow_block_height);    

    // build a ring of references
-    vector<crypto::CLSAG_GGXG_input_ref_t> ring;
+    vector<crypto::CLSAG_GGXXG_input_ref_t> ring;
    ring.reserve(scan_contex.zc_outs.size());
    for(auto& zc_out : scan_contex.zc_outs)
-      ring.emplace_back(zc_out.stealth_address, zc_out.amount_commitment, zc_out.concealing_point);
+      ring.emplace_back(zc_out.stealth_address, zc_out.amount_commitment, zc_out.blinded_asset_id, zc_out.concealing_point);

    crypto::scalar_t last_pow_block_id_hashed = crypto::hash_helper_t::hs(CRYPTO_HDS_ZARCANUM_LAST_POW_HASH, sm.last_pow_id);

--- a/src/currency_core/currency_basic.h
+++ b/src/currency_core/currency_basic.h
@ -534,9 +534,9 @@ namespace currency
      FIELD(y2);
      FIELD(y3);
      FIELD(y4);
-      FIELD((crypto::bppe_signature_serialized&)E_range_proof);
+      FIELD_N("E_range_proof", (crypto::bppe_signature_serialized&)E_range_proof);
      FIELD(pseudo_out_amount_commitment);
-      FIELD((crypto::CLSAG_GGXG_signature_serialized&)clsag_ggxg);
+      FIELD_N("clsag_ggxxg", (crypto::CLSAG_GGXXG_signature_serialized&)clsag_ggxxg);
    END_SERIALIZE()

    BEGIN_BOOST_SERIALIZATION()
@ -552,7 +552,7 @@ namespace currency
      BOOST_SERIALIZE(y4);
      BOOST_SERIALIZE((crypto::bppe_signature_serialized&)E_range_proof);
      BOOST_SERIALIZE(pseudo_out_amount_commitment);
-      BOOST_SERIALIZE((crypto::CLSAG_GGXG_signature_serialized&)clsag_ggxg);
+      BOOST_SERIALIZE((crypto::CLSAG_GGXXG_signature_serialized&)clsag_ggxxg);
    END_BOOST_SERIALIZATION()
  };