From 96e4680f762ccdc7936f557c90de5f30997ff330 Mon Sep 17 00:00:00 2001 From: Boog900 <54e72d8a-345f-4599-bd90-c6b9bc7d0ec5@aleeas.com> Date: Thu, 28 Sep 2023 19:40:30 +0100 Subject: [PATCH] revert the changes on `reserialize_chain` plus other misc changes --- coins/monero/src/bin/reserialize_chain.rs | 187 ++++++++-------------- coins/monero/src/ring_signatures.rs | 4 +- coins/monero/src/ringct/borromean.rs | 8 +- coins/monero/src/ringct/clsag/multisig.rs | 2 +- coins/monero/src/ringct/mlsag.rs | 14 +- coins/monero/src/ringct/mod.rs | 2 +- coins/monero/src/wallet/send/multisig.rs | 4 +- 7 files changed, 80 insertions(+), 141 deletions(-) diff --git a/coins/monero/src/bin/reserialize_chain.rs b/coins/monero/src/bin/reserialize_chain.rs index 1c3d5ef2e..6a42412c4 100644 --- a/coins/monero/src/bin/reserialize_chain.rs +++ b/coins/monero/src/bin/reserialize_chain.rs @@ -20,66 +20,7 @@ mod binaries { rpc::{RpcError, Rpc, HttpRpc}, }; - async fn get_outs(rpc: &Rpc, amount: u64, indexes: &[u64]) -> Vec<[EdwardsPoint; 2]> { - #[derive(Deserialize, Debug)] - struct Out { - key: String, - mask: String, - } - - #[derive(Deserialize, Debug)] - struct Outs { - outs: Vec, - } - - let outs: Outs = loop { - match rpc - .rpc_call( - "get_outs", - Some(json!({ - "get_txid": true, - "outputs": indexes.iter().map(|o| json!({ - "amount": amount, - "index": o - })).collect::>() - })), - ) - .await - { - Ok(outs) => break outs, - Err(RpcError::ConnectionError) => { - println!("get_outs ConnectionError"); - continue; - } - Err(e) => panic!("couldn't connect to RPC to get outs: {e:?}"), - } - }; - - let rpc_point = |point: &str| { - CompressedEdwardsY( - hex::decode(point) - .expect("invalid hex for ring member") - .try_into() - .expect("invalid point len for ring member"), - ) - .decompress() - .expect("invalid point for ring member") - }; - - outs - .outs - .iter() - .map(|out| { - let mask = rpc_point(&out.mask); - if amount != 0 { - assert_eq!(mask, Commitment::new(Scalar::from(1u8), amount).calculate()); - } - [rpc_point(&out.key), mask] - }) - .collect() - } pub(crate) use tokio::task::JoinHandle; - use monero_serai::ringct::mlsag::RingMatrix; pub(crate) async fn check_block(rpc: Arc>, block_i: usize) { let hash = loop { @@ -188,68 +129,9 @@ mod binaries { // Accordingly, making sure our signature_hash algorithm is correct is great, and further // making sure the verification functions are valid is appreciated match tx.rct_signatures.prunable { - RctPrunable::Null => {} - RctPrunable::AggregateMlsagBorromean { borromean, mlsag } => { - borromean - .iter() - .zip(&tx.rct_signatures.base.commitments) - .for_each(|(borro, commitment)| assert!(borro.verify(commitment))); - - let mut ring = RingMatrix::aggregate_builder( - &tx.rct_signatures.base.commitments, - tx.rct_signatures.base.fee, - ); - let mut key_images = Vec::new(); - - for input in &tx.prefix.inputs { - let (amount, key_offsets, image) = match input { - Input::Gen(_) => panic!("Input::Gen"), - Input::ToKey { amount, key_offsets, key_image } => (amount, key_offsets, key_image), - }; - - let mut running_sum = 0; - let mut actual_indexes = vec![]; - for offset in key_offsets { - running_sum += offset; - actual_indexes.push(running_sum); - } - - ring.push_ring(&get_outs(&rpc, amount.unwrap_or(0), &actual_indexes).await).unwrap(); - key_images.push(image); - } - - mlsag.verify(&sig_hash, &ring.finish(), &key_images).unwrap(); - } - RctPrunable::MlsagBorromean { borromean, mlsags } => { - borromean - .iter() - .zip(tx.rct_signatures.base.commitments) - .for_each(|(borro, commitment)| assert!(borro.verify(&commitment))); - - for ((i, mlsag), pseudo_out) in - mlsags.into_iter().enumerate().zip(tx.rct_signatures.base.pseudo_outs) - { - let (amount, key_offsets, image) = match &tx.prefix.inputs[i] { - Input::Gen(_) => panic!("Input::Gen"), - Input::ToKey { amount, key_offsets, key_image } => (amount, key_offsets, key_image), - }; - - let mut running_sum = 0; - let mut actual_indexes = vec![]; - for offset in key_offsets { - running_sum += offset; - actual_indexes.push(running_sum); - } - - let ring = RingMatrix::simple( - &get_outs(&rpc, amount.unwrap_or(0), &actual_indexes).await, - pseudo_out, - ) - .unwrap(); - - mlsag.verify(&sig_hash, &ring, &[image]).unwrap(); - } - } + RctPrunable::Null | + RctPrunable::AggregateMlsagBorromean { .. } | + RctPrunable::MlsagBorromean { .. } => {} RctPrunable::MlsagBulletproofs { bulletproofs, .. } => { assert!(bulletproofs.batch_verify( &mut rand_core::OsRng, @@ -279,6 +161,69 @@ mod binaries { actual_indexes.push(running_sum); } + async fn get_outs( + rpc: &Rpc, + amount: u64, + indexes: &[u64], + ) -> Vec<[EdwardsPoint; 2]> { + #[derive(Deserialize, Debug)] + struct Out { + key: String, + mask: String, + } + + #[derive(Deserialize, Debug)] + struct Outs { + outs: Vec, + } + + let outs: Outs = loop { + match rpc + .rpc_call( + "get_outs", + Some(json!({ + "get_txid": true, + "outputs": indexes.iter().map(|o| json!({ + "amount": amount, + "index": o + })).collect::>() + })), + ) + .await + { + Ok(outs) => break outs, + Err(RpcError::ConnectionError) => { + println!("get_outs ConnectionError"); + continue; + } + Err(e) => panic!("couldn't connect to RPC to get outs: {e:?}"), + } + }; + + let rpc_point = |point: &str| { + CompressedEdwardsY( + hex::decode(point) + .expect("invalid hex for ring member") + .try_into() + .expect("invalid point len for ring member"), + ) + .decompress() + .expect("invalid point for ring member") + }; + + outs + .outs + .iter() + .map(|out| { + let mask = rpc_point(&out.mask); + if amount != 0 { + assert_eq!(mask, Commitment::new(Scalar::from(1u8), amount).calculate()); + } + [rpc_point(&out.key), mask] + }) + .collect() + } + clsag .verify( &get_outs(&rpc, amount.unwrap_or(0), &actual_indexes).await, diff --git a/coins/monero/src/ring_signatures.rs b/coins/monero/src/ring_signatures.rs index aa3fd8a5f..881aeb64b 100644 --- a/coins/monero/src/ring_signatures.rs +++ b/coins/monero/src/ring_signatures.rs @@ -1,8 +1,6 @@ use std_shims::io::{self, *}; -use curve25519_dalek::edwards::EdwardsPoint; -use curve25519_dalek::scalar::Scalar; -use dalek_ff_group::ED25519_BASEPOINT_TABLE; +use curve25519_dalek::{EdwardsPoint, Scalar, constants::ED25519_BASEPOINT_TABLE}; use monero_generators::hash_to_point; diff --git a/coins/monero/src/ringct/borromean.rs b/coins/monero/src/ringct/borromean.rs index 1c53d2e21..214029477 100644 --- a/coins/monero/src/ringct/borromean.rs +++ b/coins/monero/src/ringct/borromean.rs @@ -1,15 +1,11 @@ use core::fmt::Debug; use std_shims::io::{self, Read, Write}; -use curve25519_dalek::edwards::EdwardsPoint; -use curve25519_dalek::scalar::Scalar; -use curve25519_dalek::traits::Identity; +use curve25519_dalek::{EdwardsPoint, Scalar, traits::Identity}; use monero_generators::H_pow_2; -use crate::hash_to_scalar; -use crate::unreduced_scalar::UnreducedScalar; -use crate::serialize::*; +use crate::{hash_to_scalar, unreduced_scalar::UnreducedScalar, serialize::*}; /// 64 Borromean ring signatures. /// diff --git a/coins/monero/src/ringct/clsag/multisig.rs b/coins/monero/src/ringct/clsag/multisig.rs index 3574a5af6..d1f703331 100644 --- a/coins/monero/src/ringct/clsag/multisig.rs +++ b/coins/monero/src/ringct/clsag/multisig.rs @@ -116,7 +116,7 @@ impl ClsagMultisig { ClsagMultisig { transcript, - H: hash_to_point(output_key), + H: hash_to_point(&output_key), image: EdwardsPoint::identity(), details, diff --git a/coins/monero/src/ringct/mlsag.rs b/coins/monero/src/ringct/mlsag.rs index f62f5b06d..d74811998 100644 --- a/coins/monero/src/ringct/mlsag.rs +++ b/coins/monero/src/ringct/mlsag.rs @@ -3,13 +3,11 @@ use std_shims::{ io::{self, Read, Write}, }; -use curve25519_dalek::scalar::Scalar; -use curve25519_dalek::edwards::EdwardsPoint; +use curve25519_dalek::{Scalar, EdwardsPoint}; use monero_generators::H; -use crate::serialize::*; -use crate::{hash_to_scalar, ringct::hash_to_point}; +use crate::{hash_to_scalar, ringct::hash_to_point, serialize::*}; #[derive(Clone, Copy, PartialEq, Eq, Debug)] #[cfg_attr(feature = "std", derive(thiserror::Error))] @@ -67,18 +65,18 @@ impl Mlsag { let key_images_iter = key_images.iter().map(|ki| Some(*ki)).chain(Some(None)); for (ring_member, ss) in ring.iter().zip(&self.ss) { - for ((ring_member_layer, s), ki) in ring_member.iter().zip(ss).zip(key_images_iter.clone()) { + for ((ring_member_entry, s), ki) in ring_member.iter().zip(ss).zip(key_images_iter.clone()) { #[allow(non_snake_case)] - let L = EdwardsPoint::vartime_double_scalar_mul_basepoint(&ci, ring_member_layer, s); + let L = EdwardsPoint::vartime_double_scalar_mul_basepoint(&ci, ring_member_entry, s); - buf.extend_from_slice(ring_member_layer.compress().as_bytes()); + buf.extend_from_slice(ring_member_entry.compress().as_bytes()); buf.extend_from_slice(L.compress().as_bytes()); // Not all dimensions need to be linkable, e.g. commitments, and only linkable layers need // to have key images. if let Some(ki) = ki { #[allow(non_snake_case)] - let R = (s * hash_to_point(ring_member_layer)) + (ci * ki); + let R = (s * hash_to_point(ring_member_entry)) + (ci * ki); buf.extend_from_slice(R.compress().as_bytes()); } } diff --git a/coins/monero/src/ringct/mod.rs b/coins/monero/src/ringct/mod.rs index ac504d4d4..56dbc48bc 100644 --- a/coins/monero/src/ringct/mod.rs +++ b/coins/monero/src/ringct/mod.rs @@ -61,7 +61,7 @@ impl EncryptedAmount { pub enum RctType { /// No RCT proofs. Null, - /// One MLSAG for a single input and a Borromean range proof (RCTTypeFull). + /// One MLSAG for multiple inputs and Borromean range proofs (RCTTypeFull). MlsagAggregate, // One MLSAG for each input and a Borromean range proof (RCTTypeSimple). MlsagIndividual, diff --git a/coins/monero/src/wallet/send/multisig.rs b/coins/monero/src/wallet/send/multisig.rs index c137e3b70..39e79437b 100644 --- a/coins/monero/src/wallet/send/multisig.rs +++ b/coins/monero/src/wallet/send/multisig.rs @@ -406,7 +406,9 @@ impl SignatureMachine for TransactionSignatureMachine { pseudo_outs.push(pseudo_out); } } - RctPrunable::MlsagBorromean { .. } | RctPrunable::MlsagBulletproofs { .. } => { + RctPrunable::AggregateMlsagBorromean { .. } | + RctPrunable::MlsagBorromean { .. } | + RctPrunable::MlsagBulletproofs { .. } => { unreachable!("attempted to sign a multisig TX which wasn't CLSAG") } }