Charon/blockchain
1
0
Fork 0
forked from lthn/blockchain
Code Pull requests Activity

fixed concealing_point calculation consistency over BCS and wallet PoS code

Browse source
This commit is contained in:
sowle 2022-10-18 04:32:40 +02:00
parent e704303f3b
commit bb61396c10
No known key found for this signature in database
GPG key ID: C07A24B2D89D49FC
2 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/currency_core/currency_format_utils.cpp
View file

@ -927,12 +927,12 @@ namespace currency
crypto::derivation_to_scalar((const crypto::key_derivation&)derivation, output_index, h.as_secret_key()); // h = Hs(8 * r * V, i)
out.stealth_address = (h * crypto::c_point_G + crypto::point_t(apa.spend_public_key)).to_public_key();
out.concealing_point = (crypto::c_scalar_1div8 * crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * crypto::point_t(apa.view_public_key)).to_public_key(); // Q = 1/8 * Hs(domain_sep, h) * V
out.concealing_point = (crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * crypto::point_t(apa.view_public_key)).to_public_key(); // Q = 1/8 * Hs(domain_sep, Hs(8 * r * V, i) ) * 8 * V
crypto::scalar_t amount_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_AMOUNT_MASK, h);
out.encrypted_amount = de.amount ^ amount_mask.m_u64[0];
out_blinding_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_BLINDING_MASK, h); // f = Hs(domain_sep, d, i)
out_blinding_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_BLINDING_MASK, h); // f = Hs(domain_sep, Hs(8 * r * V, i) )
out.amount_commitment = (crypto::c_scalar_1div8 * de.amount * crypto::c_point_H + crypto::c_scalar_1div8 * out_blinding_mask * crypto::c_point_G).to_public_key(); // A = 1/8 * a * H + 1/8 * f * G
if (de.addr.front().is_auditable())
@ -2531,7 +2531,7 @@ namespace currency
if (P_prime.to_public_key() != zo.stealth_address)
return false;
crypto::point_t Q_prime = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * crypto::point_t(acc.account_address.view_public_key); // Q' * 8 =? Hs(domain_sep, h) * V
crypto::point_t Q_prime = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * 8 * crypto::point_t(acc.account_address.view_public_key); // Q' * 8 =? Hs(domain_sep, Hs(8 * r * V, i) ) * 8 * V
if (Q_prime != crypto::point_t(zo.concealing_point).modify_mul8())
return false;

10
src/wallet/wallet2.cpp
View file

@ -3892,9 +3892,15 @@ void wallet2::do_pos_mining_prepare_entry(mining_context& context, size_t transf
if (context.zarcanum)
{
crypto::point_t R(get_tx_pub_key_from_extra(td.m_ptx_wallet_info->m_tx));
crypto::scalar_t v = m_account.get_keys().view_secret_key;
context.secret_q = v * crypto::hash_helper_t::hs(CRYPTO_HDS_ZARCANUM_SECRET_Q, v * R);
crypto::key_derivation derivation = AUTO_VAL_INIT(derivation);
bool r = crypto::generate_key_derivation(get_tx_pub_key_from_extra(td.m_ptx_wallet_info->m_tx), m_account.get_keys().view_secret_key, derivation); // 8 * v * R
CHECK_AND_ASSERT_MES_NO_RET(r, "generate_key_derivation failed");
crypto::scalar_t h = AUTO_VAL_INIT(h);
crypto::derivation_to_scalar(derivation, td.m_internal_output_index, h.as_secret_key()); // h = Hs(8 * v * R, i)
// q = Hs(domain_sep, Hs(8 * v * R, i) ) * 8 * v
context.secret_q = v * 8 * crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h);
}
}
//------------------------------------------------------------------