From bb61396c10f7135019989baf9e75d5810ffcb0fc Mon Sep 17 00:00:00 2001 From: sowle Date: Tue, 18 Oct 2022 04:32:40 +0200 Subject: [PATCH] fixed concealing_point calculation consistency over BCS and wallet PoS code --- src/currency_core/currency_format_utils.cpp | 6 +++--- src/wallet/wallet2.cpp | 10 ++++++++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/currency_core/currency_format_utils.cpp b/src/currency_core/currency_format_utils.cpp index 1331d4ab..d5b64558 100644 --- a/src/currency_core/currency_format_utils.cpp +++ b/src/currency_core/currency_format_utils.cpp @@ -927,12 +927,12 @@ namespace currency crypto::derivation_to_scalar((const crypto::key_derivation&)derivation, output_index, h.as_secret_key()); // h = Hs(8 * r * V, i) out.stealth_address = (h * crypto::c_point_G + crypto::point_t(apa.spend_public_key)).to_public_key(); - out.concealing_point = (crypto::c_scalar_1div8 * crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * crypto::point_t(apa.view_public_key)).to_public_key(); // Q = 1/8 * Hs(domain_sep, h) * V + out.concealing_point = (crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * crypto::point_t(apa.view_public_key)).to_public_key(); // Q = 1/8 * Hs(domain_sep, Hs(8 * r * V, i) ) * 8 * V crypto::scalar_t amount_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_AMOUNT_MASK, h); out.encrypted_amount = de.amount ^ amount_mask.m_u64[0]; - out_blinding_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_BLINDING_MASK, h); // f = Hs(domain_sep, d, i) + out_blinding_mask = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_BLINDING_MASK, h); // f = Hs(domain_sep, Hs(8 * r * V, i) ) out.amount_commitment = (crypto::c_scalar_1div8 * de.amount * crypto::c_point_H + crypto::c_scalar_1div8 * out_blinding_mask * crypto::c_point_G).to_public_key(); // A = 1/8 * a * H + 1/8 * f * G if (de.addr.front().is_auditable()) @@ -2531,7 +2531,7 @@ namespace currency if (P_prime.to_public_key() != zo.stealth_address) return false; - crypto::point_t Q_prime = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * crypto::point_t(acc.account_address.view_public_key); // Q' * 8 =? Hs(domain_sep, h) * V + crypto::point_t Q_prime = crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h) * 8 * crypto::point_t(acc.account_address.view_public_key); // Q' * 8 =? Hs(domain_sep, Hs(8 * r * V, i) ) * 8 * V if (Q_prime != crypto::point_t(zo.concealing_point).modify_mul8()) return false; diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index 029e97d8..323aa746 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -3892,9 +3892,15 @@ void wallet2::do_pos_mining_prepare_entry(mining_context& context, size_t transf if (context.zarcanum) { - crypto::point_t R(get_tx_pub_key_from_extra(td.m_ptx_wallet_info->m_tx)); crypto::scalar_t v = m_account.get_keys().view_secret_key; - context.secret_q = v * crypto::hash_helper_t::hs(CRYPTO_HDS_ZARCANUM_SECRET_Q, v * R); + crypto::key_derivation derivation = AUTO_VAL_INIT(derivation); + bool r = crypto::generate_key_derivation(get_tx_pub_key_from_extra(td.m_ptx_wallet_info->m_tx), m_account.get_keys().view_secret_key, derivation); // 8 * v * R + CHECK_AND_ASSERT_MES_NO_RET(r, "generate_key_derivation failed"); + crypto::scalar_t h = AUTO_VAL_INIT(h); + crypto::derivation_to_scalar(derivation, td.m_internal_output_index, h.as_secret_key()); // h = Hs(8 * v * R, i) + + // q = Hs(domain_sep, Hs(8 * v * R, i) ) * 8 * v + context.secret_q = v * 8 * crypto::hash_helper_t::hs(CRYPTO_HDS_OUT_CONCEALING_POINT, h); } } //------------------------------------------------------------------