moneroutil/ringsignature.go

package moneroutil

import (
	"bytes"
	"crypto/rand"
	"fmt"
	mathrand "math/rand"
)

const (
	PointLength  = 32
	ScalarLength = 32
)

type PubKey [PointLength]byte
type PrivKey [ScalarLength]byte

type RingSignatureElement struct {
	c [ScalarLength]byte
	r [ScalarLength]byte
}

type RingSignature []*RingSignatureElement

func RandomScalar() (result [ScalarLength]byte) {
	var reduceFrom [ScalarLength * 2]byte
	tmp := make([]byte, ScalarLength*2)
	rand.Read(tmp)
	copy(reduceFrom[:], tmp)
	ScReduce(&result, &reduceFrom)
	return
}

func (p *PrivKey) FromBytes(b [ScalarLength]byte) {
	*p = b
}

func (p *PrivKey) ToBytes() (result [ScalarLength]byte) {
	result = [32]byte(*p)
	return
}

func (p *PrivKey) PubKey() (pubKey *PubKey) {
	secret := p.ToBytes()
	point := new(ExtendedGroupElement)
	GeScalarMultBase(point, &secret)
	pubKeyBytes := new([PointLength]byte)
	point.ToBytes(pubKeyBytes)
	pubKey = (*PubKey)(pubKeyBytes)
	return
}

func (p *PubKey) ToBytes() (result [PointLength]byte) {
	result = [PointLength]byte(*p)
	return
}

func NewKeyPair() (privKey *PrivKey, pubKey *PubKey) {
	privKey = new(PrivKey)
	pubKey = new(PubKey)
	privKey.FromBytes(RandomScalar())
	pubKey = privKey.PubKey()
	return
}

func (s *RingSignatureElement) Serialize() (result []byte) {
	result = make([]byte, 2*ScalarLength)
	copy(result, s.c[:])
	copy(result[ScalarLength:2*ScalarLength], s.r[:])
	return
}

func (r *RingSignature) Serialize() (result []byte) {
	for i := 0; i < len(*r); i++ {
		result = append(result, (*r)[i].Serialize()...)
	}
	return
}

func ParseSignature(buf *bytes.Buffer) (result *RingSignatureElement, err error) {
	s := new(RingSignatureElement)
	c := buf.Next(ScalarLength)
	if len(c) != ScalarLength {
		err = fmt.Errorf("Not enough bytes for signature c")
		return
	}
	copy(s.c[:], c)
	r := buf.Next(ScalarLength)
	if len(r) != ScalarLength {
		err = fmt.Errorf("Not enough bytes for signature r")
		return
	}
	copy(s.r[:], r)
	result = s
	return
}

func ParseSignatures(mixinLengths []int, buf *bytes.Buffer) (signatures []RingSignature, err error) {
	// mixinLengths is the number of mixins at each input position
	sigs := make([]RingSignature, len(mixinLengths), len(mixinLengths))
	for i, nMixin := range mixinLengths {
		sigs[i] = make([]*RingSignatureElement, nMixin, nMixin)
		for j := 0; j < nMixin; j++ {
			sigs[i][j], err = ParseSignature(buf)
			if err != nil {
				return
			}
		}
	}
	signatures = sigs
	return
}

// hashes a pubkey into an Edwards Curve element
func HashToEC(pk *PubKey, r *ExtendedGroupElement) {
	var p1 ProjectiveGroupElement
	var p2 CompletedGroupElement
	h := [PointLength]byte(Keccak256(pk[:]))
	p1.FromBytes(&h)
	GeMul8(&p2, &p1)
	p2.ToExtended(r)
}

func HashToScalar(data ...[]byte) (result [ScalarLength]byte) {
	result = Keccak256(data...)
	ScReduce32(&result)
	return
}

func CreateSignature(prefixHash *Hash, mixins []PubKey, privKey *PrivKey) (keyImage PubKey, pubKeys []PubKey, sig RingSignature) {
	point := new(ExtendedGroupElement)
	HashToEC(privKey.PubKey(), point)
	privKeyBytes := privKey.ToBytes()
	keyImagePoint := new(ProjectiveGroupElement)
	GeScalarMult(keyImagePoint, &privKeyBytes, point)
	var keyImageBytes [PointLength]byte
	// convert key Image point from Projective to Extended
	// in order to precompute
	keyImagePoint.ToBytes(&keyImageBytes)
	keyImageGe := new(ExtendedGroupElement)
	keyImageGe.FromBytes(&keyImageBytes)
	keyImage = PubKey(keyImageBytes)
	var keyImagePre [8]CachedGroupElement
	GePrecompute(&keyImagePre, keyImageGe)
	k := RandomScalar()
	pubKeys = make([]PubKey, len(mixins)+1)
	privIndex := mathrand.Intn(len(pubKeys))
	pubKeys[privIndex] = *privKey.PubKey()
	r := make([]*RingSignatureElement, len(pubKeys))
	var sum [ScalarLength]byte
	toHash := prefixHash[:]
	for i := 0; i < len(pubKeys); i++ {
		tmpE := new(ExtendedGroupElement)
		tmpP := new(ProjectiveGroupElement)
		var tmpEBytes, tmpPBytes [PointLength]byte
		if i == privIndex {
			GeScalarMultBase(tmpE, &k)
			tmpE.ToBytes(&tmpEBytes)
			toHash = append(toHash, tmpEBytes[:]...)
			HashToEC(privKey.PubKey(), tmpE)
			GeScalarMult(tmpP, &k, tmpE)
			tmpP.ToBytes(&tmpPBytes)
			toHash = append(toHash, tmpPBytes[:]...)
		} else {
			if i > privIndex {
				pubKeys[i] = mixins[i-1]
			} else {
				pubKeys[i] = mixins[i]
			}
			r[i] = &RingSignatureElement{
				c: RandomScalar(),
				r: RandomScalar(),
			}
			pubKeyBytes := pubKeys[i].ToBytes()
			tmpE.FromBytes(&pubKeyBytes)
			GeDoubleScalarMultVartime(tmpP, &r[i].c, tmpE, &r[i].r)
			tmpP.ToBytes(&tmpPBytes)
			toHash = append(toHash, tmpPBytes[:]...)
			HashToEC(&pubKeys[i], tmpE)
			GeDoubleScalarMultPrecompVartime(tmpP, &r[i].r, tmpE, &r[i].c, &keyImagePre)
			tmpP.ToBytes(&tmpPBytes)
			toHash = append(toHash, tmpPBytes[:]...)
			ScAdd(&sum, &sum, &r[i].c)
		}
	}
	h := HashToScalar(toHash)
	r[privIndex] = new(RingSignatureElement)
	ScSub(&r[privIndex].c, &h, &sum)
	scalar := privKey.ToBytes()
	ScMulSub(&r[privIndex].r, &r[privIndex].c, &scalar, &k)
	sig = r
	return
}

func VerifySignature(prefixHash *Hash, keyImage *PubKey, pubKeys []PubKey, ringSignature RingSignature) (result bool) {
	keyImageGe := new(ExtendedGroupElement)
	keyImageBytes := [PointLength]byte(*keyImage)
	if !keyImageGe.FromBytes(&keyImageBytes) {
		result = false
		return
	}
	var keyImagePre [8]CachedGroupElement
	GePrecompute(&keyImagePre, keyImageGe)
	toHash := prefixHash[:]
	var tmpS, sum [ScalarLength]byte
	for i, pubKey := range pubKeys {
		rse := ringSignature[i]
		if !ScValid(&rse.c) || !ScValid(&rse.r) {
			result = false
			return
		}
		tmpE := new(ExtendedGroupElement)
		tmpP := new(ProjectiveGroupElement)
		pubKeyBytes := [PointLength]byte(pubKey)
		if !tmpE.FromBytes(&pubKeyBytes) {
			result = false
			return
		}
		var tmpPBytes, tmpEBytes [PointLength]byte
		GeDoubleScalarMultVartime(tmpP, &rse.c, tmpE, &rse.r)
		tmpP.ToBytes(&tmpPBytes)
		toHash = append(toHash, tmpPBytes[:]...)
		HashToEC(&pubKey, tmpE)
		tmpE.ToBytes(&tmpEBytes)
		GeDoubleScalarMultPrecompVartime(tmpP, &rse.r, tmpE, &rse.c, &keyImagePre)
		tmpP.ToBytes(&tmpPBytes)
		toHash = append(toHash, tmpPBytes[:]...)
		ScAdd(&sum, &sum, &rse.c)
	}
	tmpS = HashToScalar(toHash)
	ScSub(&sum, &tmpS, &sum)
	result = ScIsZero(&sum)
	return
}

/* Below are structs for the CT version */

type Key [32]byte

type ctKey struct {
	destination Key
	mask        Key
}

type ecdhTuple struct {
	mask     Key
	amount   Key
	senderPk Key
}

type RingSignatureBase struct {
	ringSigType uint8
	message     Key
	mixRing     [][]ctKey
	pseudoOuts  []Key
	ecdhInfo    []ecdhTuple
	outPk       []ctKey
	fee         uint64
}

type Key64 [64]Key

type boroSig struct {
	s0 Key64
	s1 Key64
	ee Key
}

type mgSig struct {
	ss [][]Key
	cc Key
	ii []Key
}

type rangeSig struct {
	asig boroSig
	ci   Key64
}

type RctSigPrunable struct {
	rangeSigs []rangeSig
	MGs       []mgSig
}

type RingSignatureCT struct {
	RingSignatureBase
	RctSigPrunable
}
Initial Commit 2017-04-25 00:19:04 +00:00			`package moneroutil`

WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`import (`
			`"bytes"`
added create signature 2017-05-11 02:56:17 +00:00			`"crypto/rand"`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`"fmt"`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`mathrand "math/rand"`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`)`

			`const (`
added create signature 2017-05-11 02:56:17 +00:00			`PointLength = 32`
			`ScalarLength = 32`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`)`

added create signature 2017-05-11 02:56:17 +00:00			`type PubKey [PointLength]byte`
			`type PrivKey [ScalarLength]byte`

WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`type RingSignatureElement struct {`
added create signature 2017-05-11 02:56:17 +00:00			`c [ScalarLength]byte`
			`r [ScalarLength]byte`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`}`

			`type RingSignature []*RingSignatureElement`

added create signature 2017-05-11 02:56:17 +00:00			`func RandomScalar() (result [ScalarLength]byte) {`
			`var reduceFrom [ScalarLength * 2]byte`
			`tmp := make([]byte, ScalarLength*2)`
			`rand.Read(tmp)`
			`copy(reduceFrom[:], tmp)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`ScReduce(&result, &reduceFrom)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`return`
			`}`

moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`func (p *PrivKey) FromBytes(b [ScalarLength]byte) {`
			`*p = b`
			`}`

			`func (p *PrivKey) ToBytes() (result [ScalarLength]byte) {`
			`result = [32]byte(*p)`
			`return`
			`}`

			`func (p PrivKey) PubKey() (pubKey PubKey) {`
			`secret := p.ToBytes()`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`point := new(ExtendedGroupElement)`
			`GeScalarMultBase(point, &secret)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`pubKeyBytes := new([PointLength]byte)`
			`point.ToBytes(pubKeyBytes)`
			`pubKey = (*PubKey)(pubKeyBytes)`
			`return`
			`}`

			`func (p *PubKey) ToBytes() (result [PointLength]byte) {`
			`result = [PointLength]byte(*p)`
			`return`
			`}`

			`func NewKeyPair() (privKey PrivKey, pubKey PubKey) {`
			`privKey = new(PrivKey)`
			`pubKey = new(PubKey)`
			`privKey.FromBytes(RandomScalar())`
			`pubKey = privKey.PubKey()`
			`return`
			`}`

WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`func (s *RingSignatureElement) Serialize() (result []byte) {`
added create signature 2017-05-11 02:56:17 +00:00			`result = make([]byte, 2*ScalarLength)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`copy(result, s.c[:])`
added create signature 2017-05-11 02:56:17 +00:00			`copy(result[ScalarLength:2*ScalarLength], s.r[:])`
			`return`
			`}`

			`func (r *RingSignature) Serialize() (result []byte) {`
			`for i := 0; i < len(*r); i++ {`
			`result = append(result, (*r)[i].Serialize()...)`
			`}`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`return`
			`}`

			`func ParseSignature(buf bytes.Buffer) (result RingSignatureElement, err error) {`
			`s := new(RingSignatureElement)`
added create signature 2017-05-11 02:56:17 +00:00			`c := buf.Next(ScalarLength)`
			`if len(c) != ScalarLength {`
added HashToScalar and tests 2017-05-10 04:18:37 +00:00			`err = fmt.Errorf("Not enough bytes for signature c")`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`return`
			`}`
			`copy(s.c[:], c)`
added create signature 2017-05-11 02:56:17 +00:00			`r := buf.Next(ScalarLength)`
			`if len(r) != ScalarLength {`
added HashToScalar and tests 2017-05-10 04:18:37 +00:00			`err = fmt.Errorf("Not enough bytes for signature r")`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`return`
			`}`
			`copy(s.r[:], r)`
			`result = s`
			`return`
			`}`

			`func ParseSignatures(mixinLengths []int, buf *bytes.Buffer) (signatures []RingSignature, err error) {`
			`// mixinLengths is the number of mixins at each input position`
			`sigs := make([]RingSignature, len(mixinLengths), len(mixinLengths))`
			`for i, nMixin := range mixinLengths {`
			`sigs[i] = make([]*RingSignatureElement, nMixin, nMixin)`
			`for j := 0; j < nMixin; j++ {`
			`sigs[i][j], err = ParseSignature(buf)`
			`if err != nil {`
			`return`
			`}`
			`}`
			`}`
			`signatures = sigs`
			`return`
			`}`

			`// hashes a pubkey into an Edwards Curve element`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`func HashToEC(pk PubKey, r ExtendedGroupElement) {`
			`var p1 ProjectiveGroupElement`
			`var p2 CompletedGroupElement`
added create signature 2017-05-11 02:56:17 +00:00			`h := [PointLength]byte(Keccak256(pk[:]))`
Added HashToEC 2017-05-10 14:17:19 +00:00			`p1.FromBytes(&h)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`GeMul8(&p2, &p1)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`p2.ToExtended(r)`
			`}`

added create signature 2017-05-11 02:56:17 +00:00			`func HashToScalar(data ...[]byte) (result [ScalarLength]byte) {`
added HashToScalar and tests 2017-05-10 04:18:37 +00:00			`result = Keccak256(data...)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`ScReduce32(&result)`
added HashToScalar and tests 2017-05-10 04:18:37 +00:00			`return`
			`}`

moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`func CreateSignature(prefixHash Hash, mixins []PubKey, privKey PrivKey) (keyImage PubKey, pubKeys []PubKey, sig RingSignature) {`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`point := new(ExtendedGroupElement)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`HashToEC(privKey.PubKey(), point)`
			`privKeyBytes := privKey.ToBytes()`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`keyImagePoint := new(ProjectiveGroupElement)`
			`GeScalarMult(keyImagePoint, &privKeyBytes, point)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`var keyImageBytes [PointLength]byte`
			`// convert key Image point from Projective to Extended`
			`// in order to precompute`
			`keyImagePoint.ToBytes(&keyImageBytes)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`keyImageGe := new(ExtendedGroupElement)`
added create signature 2017-05-11 02:56:17 +00:00			`keyImageGe.FromBytes(&keyImageBytes)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`keyImage = PubKey(keyImageBytes)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`var keyImagePre [8]CachedGroupElement`
			`GePrecompute(&keyImagePre, keyImageGe)`
added create signature 2017-05-11 02:56:17 +00:00			`k := RandomScalar()`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`pubKeys = make([]PubKey, len(mixins)+1)`
			`privIndex := mathrand.Intn(len(pubKeys))`
			`pubKeys[privIndex] = *privKey.PubKey()`
added create signature 2017-05-11 02:56:17 +00:00			`r := make([]*RingSignatureElement, len(pubKeys))`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`var sum [ScalarLength]byte`
			`toHash := prefixHash[:]`
			`for i := 0; i < len(pubKeys); i++ {`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`tmpE := new(ExtendedGroupElement)`
			`tmpP := new(ProjectiveGroupElement)`
added create signature 2017-05-11 02:56:17 +00:00			`var tmpEBytes, tmpPBytes [PointLength]byte`
			`if i == privIndex {`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`GeScalarMultBase(tmpE, &k)`
added create signature 2017-05-11 02:56:17 +00:00			`tmpE.ToBytes(&tmpEBytes)`
			`toHash = append(toHash, tmpEBytes[:]...)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`HashToEC(privKey.PubKey(), tmpE)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`GeScalarMult(tmpP, &k, tmpE)`
added create signature 2017-05-11 02:56:17 +00:00			`tmpP.ToBytes(&tmpPBytes)`
			`toHash = append(toHash, tmpPBytes[:]...)`
			`} else {`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`if i > privIndex {`
			`pubKeys[i] = mixins[i-1]`
			`} else {`
			`pubKeys[i] = mixins[i]`
			`}`
added create signature 2017-05-11 02:56:17 +00:00			`r[i] = &RingSignatureElement{`
			`c: RandomScalar(),`
			`r: RandomScalar(),`
			`}`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`pubKeyBytes := pubKeys[i].ToBytes()`
added create signature 2017-05-11 02:56:17 +00:00			`tmpE.FromBytes(&pubKeyBytes)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`GeDoubleScalarMultVartime(tmpP, &r[i].c, tmpE, &r[i].r)`
added create signature 2017-05-11 02:56:17 +00:00			`tmpP.ToBytes(&tmpPBytes)`
			`toHash = append(toHash, tmpPBytes[:]...)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`HashToEC(&pubKeys[i], tmpE)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`GeDoubleScalarMultPrecompVartime(tmpP, &r[i].r, tmpE, &r[i].c, &keyImagePre)`
added create signature 2017-05-11 02:56:17 +00:00			`tmpP.ToBytes(&tmpPBytes)`
			`toHash = append(toHash, tmpPBytes[:]...)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`ScAdd(&sum, &sum, &r[i].c)`
added create signature 2017-05-11 02:56:17 +00:00			`}`
			`}`
			`h := HashToScalar(toHash)`
			`r[privIndex] = new(RingSignatureElement)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`ScSub(&r[privIndex].c, &h, &sum)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`scalar := privKey.ToBytes()`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`ScMulSub(&r[privIndex].r, &r[privIndex].c, &scalar, &k)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`sig = r`
added create signature 2017-05-11 02:56:17 +00:00			`return`
			`}`

			`func VerifySignature(prefixHash Hash, keyImage PubKey, pubKeys []PubKey, ringSignature RingSignature) (result bool) {`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`keyImageGe := new(ExtendedGroupElement)`
added create signature 2017-05-11 02:56:17 +00:00			`keyImageBytes := [PointLength]byte(*keyImage)`
Added all signature validity checks from monero/tests/crypto/tests.txt 2017-05-10 15:14:12 +00:00			`if !keyImageGe.FromBytes(&keyImageBytes) {`
			`result = false`
			`return`
			`}`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`var keyImagePre [8]CachedGroupElement`
			`GePrecompute(&keyImagePre, keyImageGe)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`toHash := prefixHash[:]`
added create signature 2017-05-11 02:56:17 +00:00			`var tmpS, sum [ScalarLength]byte`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`for i, pubKey := range pubKeys {`
added create signature 2017-05-11 02:56:17 +00:00			`rse := ringSignature[i]`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`if !ScValid(&rse.c) \|\| !ScValid(&rse.r) {`
Added all signature validity checks from monero/tests/crypto/tests.txt 2017-05-10 15:14:12 +00:00			`result = false`
			`return`
			`}`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`tmpE := new(ExtendedGroupElement)`
			`tmpP := new(ProjectiveGroupElement)`
added create signature 2017-05-11 02:56:17 +00:00			`pubKeyBytes := [PointLength]byte(pubKey)`
Added all signature validity checks from monero/tests/crypto/tests.txt 2017-05-10 15:14:12 +00:00			`if !tmpE.FromBytes(&pubKeyBytes) {`
			`result = false`
			`return`
			`}`
added create signature 2017-05-11 02:56:17 +00:00			`var tmpPBytes, tmpEBytes [PointLength]byte`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`GeDoubleScalarMultVartime(tmpP, &rse.c, tmpE, &rse.r)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`tmpP.ToBytes(&tmpPBytes)`
			`toHash = append(toHash, tmpPBytes[:]...)`
added create signature 2017-05-11 02:56:17 +00:00			`HashToEC(&pubKey, tmpE)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`tmpE.ToBytes(&tmpEBytes)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`GeDoubleScalarMultPrecompVartime(tmpP, &rse.r, tmpE, &rse.c, &keyImagePre)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`tmpP.ToBytes(&tmpPBytes)`
			`toHash = append(toHash, tmpPBytes[:]...)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`ScAdd(&sum, &sum, &rse.c)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`}`
added HashToScalar and tests 2017-05-10 04:18:37 +00:00			`tmpS = HashToScalar(toHash)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`ScSub(&sum, &tmpS, &sum)`
			`result = ScIsZero(&sum)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`return`
			`}`

			`/* Below are structs for the CT version */`

Initial Commit 2017-04-25 00:19:04 +00:00			`type Key [32]byte`

			`type ctKey struct {`
			`destination Key`
			`mask Key`
			`}`

			`type ecdhTuple struct {`
			`mask Key`
			`amount Key`
			`senderPk Key`
			`}`

			`type RingSignatureBase struct {`
			`ringSigType uint8`
			`message Key`
			`mixRing [][]ctKey`
			`pseudoOuts []Key`
			`ecdhInfo []ecdhTuple`
			`outPk []ctKey`
			`fee uint64`
			`}`

			`type Key64 [64]Key`

			`type boroSig struct {`
			`s0 Key64`
			`s1 Key64`
			`ee Key`
			`}`

			`type mgSig struct {`
			`ss [][]Key`
			`cc Key`
			`ii []Key`
			`}`

			`type rangeSig struct {`
			`asig boroSig`
			`ci Key64`
			`}`

			`type RctSigPrunable struct {`
			`rangeSigs []rangeSig`
			`MGs []mgSig`
			`}`

WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`type RingSignatureCT struct {`
Initial Commit 2017-04-25 00:19:04 +00:00			`RingSignatureBase`
			`RctSigPrunable`
			`}`