diff --git a/src/crypto/crypto-sugar.h b/src/crypto/crypto-sugar.h index 3d1f18aa..d2fba2ce 100644 --- a/src/crypto/crypto-sugar.h +++ b/src/crypto/crypto-sugar.h @@ -667,6 +667,8 @@ namespace crypto friend bool operator==(const point_t& lhs, const point_t& rhs) { + // TODO: @#@# (performance) consider checking (lhs - rhs).is_zero() instead + // convert to xy form, then compare components (because (x, y, z, t) representation is not unique) fe lrecip, lx, ly; fe rrecip, rx, ry; diff --git a/src/currency_core/currency_basic.h b/src/currency_core/currency_basic.h index e9c30524..887d339c 100644 --- a/src/currency_core/currency_basic.h +++ b/src/currency_core/currency_basic.h @@ -425,16 +425,13 @@ namespace currency END_BOOST_SERIALIZATION() }; - crypto::bpp_signature_serialized outputs_range_proof; // aggregated range proof for some or all outputs std::vector input_proofs; // for each input BEGIN_SERIALIZE_OBJECT() - FIELD(outputs_range_proof) FIELD(input_proofs) END_SERIALIZE() BEGIN_BOOST_SERIALIZATION() - BOOST_SERIALIZE(outputs_range_proof) BOOST_SERIALIZE(input_proofs) END_BOOST_SERIALIZATION() }; diff --git a/src/currency_core/currency_format_utils.cpp b/src/currency_core/currency_format_utils.cpp index a057d295..88c8249e 100644 --- a/src/currency_core/currency_format_utils.cpp +++ b/src/currency_core/currency_format_utils.cpp @@ -637,7 +637,7 @@ namespace currency out.encrypted_amount = de.amount ^ amount_mask.m_u64[0]; out_blinding_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_BLINDING_MASK, h); // f = Hs(domain_sep, d, i) - out.amount_commitment = (crypto::c_scalar_1div8 * de.amount * crypto::c_point_H + crypto::c_scalar_1div8 * out_blinding_mask * crypto::c_point_G).to_public_key(); + out.amount_commitment = (crypto::c_scalar_1div8 * de.amount * crypto::c_point_H + crypto::c_scalar_1div8 * out_blinding_mask * crypto::c_point_G).to_public_key(); // A = 1/8 * a * H + 1/8 * f * G out.mix_attr = tx_outs_attr; // TODO @#@# @CZ check this } @@ -648,13 +648,13 @@ namespace currency crypto::scalar_t h = crypto::hash_helper_t::hs(derivation, output_index); out.stealth_address = (h * crypto::c_point_G + crypto::point_t(apa.spend_public_key)).to_public_key(); - out.concealing_point = (crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * crypto::point_t(apa.view_public_key)).to_public_key(); // Q = Hs(domain_sep, h) * V + out.concealing_point = (crypto::c_scalar_1div8 * crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * crypto::point_t(apa.view_public_key)).to_public_key(); // Q = 1/8 * Hs(domain_sep, h) * V crypto::scalar_t amount_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_AMOUNT_MASK, h); out.encrypted_amount = de.amount ^ amount_mask.m_u64[0]; out_blinding_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_BLINDING_MASK, h); // f = Hs(domain_sep, d, i) - out.amount_commitment = (crypto::c_scalar_1div8 * de.amount * crypto::c_point_H + crypto::c_scalar_1div8 * out_blinding_mask * crypto::c_point_G).to_public_key(); + out.amount_commitment = (crypto::c_scalar_1div8 * de.amount * crypto::c_point_H + crypto::c_scalar_1div8 * out_blinding_mask * crypto::c_point_G).to_public_key(); // A = 1/8 * a * H + 1/8 * f * G if (de.addr.front().is_auditable()) out.mix_attr = CURRENCY_TO_KEY_OUT_FORCED_NO_MIX; // override mix_attr to 1 for auditable target addresses @@ -2153,15 +2153,14 @@ namespace currency bool is_out_to_acc(const account_keys& acc, const tx_out_zarcanum& zo, const crypto::key_derivation& derivation, size_t output_index, uint64_t& decoded_amount) { - crypto::scalar_t h = {}; - crypto::derivation_to_scalar(derivation, output_index, h.as_secret_key()); // h = Hs(8 * r * V, i) + crypto::scalar_t h = crypto::hash_helper_t::hs(reinterpret_cast(derivation), output_index); // h = Hs(8 * r * V, i) crypto::point_t P_prime = h * crypto::c_point_G + crypto::point_t(acc.account_address.spend_public_key); // P =? Hs(8rV, i) * G + S if (P_prime.to_public_key() != zo.stealth_address) return false; - crypto::point_t Q_prime = h * crypto::point_t(acc.account_address.view_public_key); // Q =? v * Hs(8rV, i) * G - if (Q_prime.to_public_key() != zo.concealing_point) + crypto::point_t Q_prime = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * crypto::point_t(acc.account_address.view_public_key); // Q' * 8 =? Hs(domain_sep, h) * V + if (Q_prime != crypto::point_t(zo.concealing_point).modify_mul8()) return false; crypto::scalar_t amount_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_AMOUNT_MASK, h); @@ -2170,8 +2169,8 @@ namespace currency crypto::scalar_t blinding_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_BLINDING_MASK, h); // f = Hs(domain_sep, h) crypto::point_t A_prime; - A_prime.assign_mul_plus_G(decoded_amount, crypto::c_point_H, blinding_mask); // A =? a * H + f * G - if (A_prime.to_public_key() != zo.amount_commitment) + A_prime.assign_mul_plus_G(decoded_amount, crypto::c_point_H, blinding_mask); // A' * 8 =? a * H + f * G + if (A_prime != crypto::point_t(zo.amount_commitment).modify_mul8()) return false; return true; diff --git a/src/currency_core/currency_format_utils_transactions.h b/src/currency_core/currency_format_utils_transactions.h index b1424c96..40236c3f 100644 --- a/src/currency_core/currency_format_utils_transactions.h +++ b/src/currency_core/currency_format_utils_transactions.h @@ -1,4 +1,4 @@ -// Copyright (c) 2018-2019 Zano Project +// Copyright (c) 2018-2022 Zano Project // Distributed under the MIT/X11 software license, see the accompanying // file COPYING or http://www.opensource.org/licenses/mit-license.php. @@ -31,6 +31,7 @@ namespace currency std::string htlc_origin; //for htlc, specify origin bool is_multisig() const { return ms_sigs_count > 0; } + bool is_zarcanum() const { return false; } BEGIN_SERIALIZE_OBJECT() FIELD(outputs)