Expose generate/verify wrappers for generic_double_schnorr_sig and add a consensus helper for balance-proof checks.
Co-Authored-By: Charon <charon@lethean.io>
Add full V2 transaction verification pipeline: parse SignaturesRaw variant
vector into structured ZC signature data, verify CLSAG GGX ring signatures
per ZC input, verify BPP range proofs, and verify BGE asset surjection
proofs with correct ring construction (mul8 point arithmetic).
Fix three wire format bugs that caused V2 parsing failures:
- RefTypeGlobalIndex (tag 0x1A) uses 8-byte LE, not varint
- Raw uint64_t variant (tagUint64) uses 8-byte LE, not varint
- zarcanum_tx_data_v1 fee uses FIELD() → 8-byte LE, not VARINT_FIELD()
Add cn_point_sub to C++ bridge and Go wrapper for BGE ring construction.
Add GetZCRingOutputs to chain for fetching ZC ring member data.
Co-Authored-By: Charon <charon@lethean.io>
Add cn_bpp_verify for Bulletproofs++ (1 delta, bpp_crypto_trait_ZC_out)
used by zc_outs_range_proof in post-HF4 transactions. Distinguish from
cn_bppe_verify (2 deltas, bpp_crypto_trait_Zarcanum) used for Zarcanum
PoS proofs.
Key changes:
- Add deserialise_bpp() and cn_bpp_verify() to bridge.cpp
- Add VerifyBPP() Go wrapper in proof.go
- Wire BPPE and BGE stubs into real C++ verify functions
- Add try/catch to all proof verifiers (C++ throws on invalid points)
- Add nil/empty input guards to all Go proof functions
- Test with real BPP proof from testnet block 101 coinbase tx
The BPP proof from tx 543bc3c2... (first post-HF4 coinbase) verifies
successfully through the full CGo pipeline, confirming wire format
deserialisation matches the C++ daemon output.
Co-Authored-By: Charon <charon@lethean.io>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GenerateAccount, RestoreFromSeed, RestoreViewOnly with deterministic
view key derivation (sc_reduce32(Keccak256(spend_secret))), matching
C++ account_base::generate(). Encrypted persistence via Argon2id
(time=3, mem=64MB) + AES-256-GCM in go-store.
Adds cn_sc_reduce32 to the CGo bridge for scalar reduction mod l,
required to convert a hash output into a valid Ed25519 secret key.
Co-Authored-By: Charon <charon@lethean.io>
CLSAG_GG generation and verification with flat-buffer ring marshalling.
Cofactor helpers (PointMul8/PointDiv8) for 1/8 premultiplication handling.
CLSAG_GGX and CLSAG_GGXXG verify-only bindings (GGX sig size tests).
Bulletproofs+, BGE, and Zarcanum verification stubs — implementation
deferred to Phase 4 when RPC provides real on-chain proof data.
19 tests pass, 3 skipped (proof stubs), all clean with -race.
Co-Authored-By: Charon <charon@lethean.io>
Standard signature sign/verify round-trip with negative tests (wrong key,
wrong message). Ring signature (NLSAG) uses flat buffer C API to avoid
double-pointer indirection across CGo boundary. Round-trip with 4-member
ring and wrong-message negative test. All 15 tests pass with race detector.
Co-Authored-By: Charon <charon@lethean.io>
