crypto: c_point_X; hs(char[32], hash); minor improvements for clsag implementation

2022-08-29 22:56:37 +02:00 · 2022-08-29 22:56:37 +02:00 · 6b85159119
commit 6b85159119
parent 3f8583fbe1
5 changed files with 26 additions and 3 deletions
--- a/src/crypto/clsag.cpp
+++ b/src/crypto/clsag.cpp
@ -148,7 +148,7 @@ namespace crypto
    }

    // calculate aggregate key image
-    point_t W_key_image = agg_coeff_0 * point_t(ki) + agg_coeff_1 * point_t(sig.K1).modify_mul8();
+    point_t W_key_image = agg_coeff_0 * key_image + agg_coeff_1 * point_t(sig.K1).modify_mul8();
    DBG_VAL_PRINT(W_key_image);
    
    scalar_t c_prev = sig.c;
--- a/src/crypto/clsag.h
+++ b/src/crypto/clsag.h
@ -34,8 +34,8 @@ namespace crypto
    CLSAG_GG_input_ref_t(const public_key& stealth_address, const public_key& amount_commitment)
      : stealth_address(stealth_address), amount_commitment(amount_commitment) {}

-    const public_key& stealth_address;
-    const public_key& amount_commitment;
+    const public_key& stealth_address;   // not premultiplied by 1/8, TODO @#@#: make sure it's okay
+    const public_key& amount_commitment; // multiplied by 1/8
  };

  bool generate_CLSAG_GG(const hash& m, const std::vector<CLSAG_GG_input_ref_t>& ring, const point_t& pseudo_out_amount_commitment, const key_image& ki,
--- a/src/crypto/crypto-sugar.cpp
+++ b/src/crypto/crypto-sugar.cpp
@ -22,6 +22,9 @@ namespace crypto

  const point_t  c_point_H        = { 0x05087c1f5b9b32d6, 0x00547595f445c3b5, 0x764df64578552f2a, 0x8a49a651e0e0da45 };  // == Hp(G), this is being checked in bpp_basics
  const point_t  c_point_H2       = { 0x70c8d1ab9dbf1cc0, 0xc561bb12639a8516, 0x3cfff1def9e5b268, 0xe0936386f3bcce1a };  // == Hp("h2_generator"), checked in bpp_basics
+
+  const point_t  c_point_X        = { 0xc9d2f543dbbc253a, 0x87099e9ac33d06dd, 0x76bcf12dcf6ffcba, 0x20384a4a88752d32 };  // == Hp("X_generator"), checked in clsag_ggxg_basics
+
  const point_t  c_point_0        = point_t(point_t::tag_zero());

  static_assert(sizeof(scalar_t::m_sk) == sizeof(scalar_t::m_u64) && sizeof(scalar_t::m_u64) == sizeof(scalar_t::m_s), "size missmatch");
--- a/src/crypto/crypto-sugar.h
+++ b/src/crypto/crypto-sugar.h
@ -912,6 +912,7 @@ namespace crypto

  extern const point_t  c_point_H;
  extern const point_t  c_point_H2;
+  extern const point_t  c_point_X;
  extern const point_t  c_point_0;

  //
@ -1135,6 +1136,14 @@ namespace crypto
      return hs_calculator.calc_hash();
    }

+    static scalar_t hs(const char(&str32)[32], const crypto::hash& h)
+    {
+      hs_t hs_calculator(2);
+      hs_calculator.add_32_chars(str32);
+      hs_calculator.add_hash(h);
+      return hs_calculator.calc_hash();
+    }
+
    static point_t hp(const point_t& p)
    {
      point_t result;
--- a/tests/functional_tests/crypto_tests_clsag.h
+++ b/tests/functional_tests/crypto_tests_clsag.h
@ -244,3 +244,14 @@ TEST(clsag, sig_difference)

  return true;
 }
+
+
+TEST(clsag_ggxg, basics)
+{
+  std::string X_hash_str("X_generator");
+  point_t X = hash_helper_t::hp(X_hash_str.c_str(), X_hash_str.size());
+  LOG_PRINT_L0("X = " << X.to_hex_comma_separated_uint64_str());
+  ASSERT_EQ(X, c_point_X);
+
+  return true;
+}