moneroutil/ringsignature.go

package moneroutil

import (
	"fmt"
	"io"
	"math/rand"
)

type RingSignatureElement struct {
	c *Key
	r *Key
}

type RingSignature []*RingSignatureElement

func (r *RingSignatureElement) Serialize() (result []byte) {
	result = make([]byte, 2*KeyLength)
	copy(result[:KeyLength], r.c[:])
	copy(result[KeyLength:2*KeyLength], r.r[:])
	return
}

func (r *RingSignature) Serialize() (result []byte) {
	result = make([]byte, len(*r)*KeyLength*2)
	for i := 0; i < len(*r); i++ {
		copy(result[i*KeyLength*2:(i+1)*KeyLength*2], (*r)[i].Serialize())
	}
	return
}

func NewRingSignatureElement() (r *RingSignatureElement) {
	r = &RingSignatureElement{
		c: new(Key),
		r: new(Key),
	}
	return
}

func ParseSignature(buf io.Reader) (result *RingSignatureElement, err error) {
	rse := NewRingSignatureElement()
	c := make([]byte, KeyLength)
	n, err := buf.Read(c)
	if err != nil {
		return
	}
	if n != KeyLength {
		err = fmt.Errorf("Not enough bytes for signature c")
		return
	}
	copy(rse.c[:], c)
	r := make([]byte, KeyLength)
	n, err = buf.Read(r)
	if err != nil {
		return
	}
	if n != KeyLength {
		err = fmt.Errorf("Not enough bytes for signature r")
		return
	}
	copy(rse.r[:], r)
	result = rse
	return
}

func ParseSignatures(mixinLengths []int, buf io.Reader) (signatures []RingSignature, err error) {
	// mixinLengths is the number of mixins at each input position
	sigs := make([]RingSignature, len(mixinLengths), len(mixinLengths))
	for i, nMixin := range mixinLengths {
		sigs[i] = make([]*RingSignatureElement, nMixin, nMixin)
		for j := 0; j < nMixin; j++ {
			sigs[i][j], err = ParseSignature(buf)
			if err != nil {
				return
			}
		}
	}
	signatures = sigs
	return
}

func HashToScalar(data ...[]byte) (result *Key) {
	result = new(Key)
	*result = Key(Keccak256(data...))
	ScReduce32(result)
	return
}

func CreateSignature(prefixHash *Hash, mixins []Key, privKey *Key) (keyImage Key, pubKeys []Key, sig RingSignature) {
	point := privKey.PubKey().HashToEC()
	keyImagePoint := new(ProjectiveGroupElement)
	GeScalarMult(keyImagePoint, privKey, point)
	// convert key Image point from Projective to Extended
	// in order to precompute
	keyImagePoint.ToBytes(&keyImage)
	keyImageGe := new(ExtendedGroupElement)
	keyImageGe.FromBytes(&keyImage)
	var keyImagePre [8]CachedGroupElement
	GePrecompute(&keyImagePre, keyImageGe)
	k := RandomScalar()
	pubKeys = make([]Key, len(mixins)+1)
	privIndex := rand.Intn(len(pubKeys))
	pubKeys[privIndex] = *privKey.PubKey()
	r := make([]*RingSignatureElement, len(pubKeys))
	sum := new(Key)
	toHash := prefixHash[:]
	for i := 0; i < len(pubKeys); i++ {
		tmpE := new(ExtendedGroupElement)
		tmpP := new(ProjectiveGroupElement)
		var tmpEBytes, tmpPBytes Key
		if i == privIndex {
			GeScalarMultBase(tmpE, k)
			tmpE.ToBytes(&tmpEBytes)
			toHash = append(toHash, tmpEBytes[:]...)
			tmpE = privKey.PubKey().HashToEC()
			GeScalarMult(tmpP, k, tmpE)
			tmpP.ToBytes(&tmpPBytes)
			toHash = append(toHash, tmpPBytes[:]...)
		} else {
			if i > privIndex {
				pubKeys[i] = mixins[i-1]
			} else {
				pubKeys[i] = mixins[i]
			}
			r[i] = &RingSignatureElement{
				c: RandomScalar(),
				r: RandomScalar(),
			}
			tmpE.FromBytes(&pubKeys[i])
			GeDoubleScalarMultVartime(tmpP, r[i].c, tmpE, r[i].r)
			tmpP.ToBytes(&tmpPBytes)
			toHash = append(toHash, tmpPBytes[:]...)
			tmpE = pubKeys[i].HashToEC()
			GeDoubleScalarMultPrecompVartime(tmpP, r[i].r, tmpE, r[i].c, &keyImagePre)
			tmpP.ToBytes(&tmpPBytes)
			toHash = append(toHash, tmpPBytes[:]...)
			ScAdd(sum, sum, r[i].c)
		}
	}
	h := HashToScalar(toHash)
	r[privIndex] = NewRingSignatureElement()
	ScSub(r[privIndex].c, h, sum)
	ScMulSub(r[privIndex].r, r[privIndex].c, privKey, k)
	sig = r
	return
}

func VerifySignature(prefixHash *Hash, keyImage *Key, pubKeys []Key, ringSignature RingSignature) (result bool) {
	keyImageGe := new(ExtendedGroupElement)
	if !keyImageGe.FromBytes(keyImage) {
		result = false
		return
	}
	var keyImagePre [8]CachedGroupElement
	GePrecompute(&keyImagePre, keyImageGe)
	toHash := prefixHash[:]
	tmpS, sum := new(Key), new(Key)
	for i, pubKey := range pubKeys {
		rse := ringSignature[i]
		if !ScValid(rse.c) || !ScValid(rse.r) {
			result = false
			return
		}
		tmpE := new(ExtendedGroupElement)
		tmpP := new(ProjectiveGroupElement)
		if !tmpE.FromBytes(&pubKey) {
			result = false
			return
		}
		var tmpPBytes, tmpEBytes Key
		GeDoubleScalarMultVartime(tmpP, rse.c, tmpE, rse.r)
		tmpP.ToBytes(&tmpPBytes)
		toHash = append(toHash, tmpPBytes[:]...)
		tmpE = pubKey.HashToEC()
		tmpE.ToBytes(&tmpEBytes)
		GeDoubleScalarMultPrecompVartime(tmpP, rse.r, tmpE, rse.c, &keyImagePre)
		tmpP.ToBytes(&tmpPBytes)
		toHash = append(toHash, tmpPBytes[:]...)
		ScAdd(sum, sum, rse.c)
	}
	tmpS = HashToScalar(toHash)
	ScSub(sum, tmpS, sum)
	result = ScIsZero(sum)
	return
}
Initial Commit 2017-04-25 00:19:04 +00:00			`package moneroutil`

WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`import (`
			`"fmt"`
refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`"io"`
			`"math/rand"`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`)`

			`type RingSignatureElement struct {`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`c *Key`
			`r *Key`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`}`

			`type RingSignature []*RingSignatureElement`

refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`func (r *RingSignatureElement) Serialize() (result []byte) {`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`result = make([]byte, 2*KeyLength)`
			`copy(result[:KeyLength], r.c[:])`
			`copy(result[KeyLength:2*KeyLength], r.r[:])`
added create signature 2017-05-11 02:56:17 +00:00			`return`
			`}`

			`func (r *RingSignature) Serialize() (result []byte) {`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`result = make([]byte, len(r)KeyLength*2)`
added create signature 2017-05-11 02:56:17 +00:00			`for i := 0; i < len(*r); i++ {`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`copy(result[iKeyLength2:(i+1)KeyLength2], (*r)[i].Serialize())`
			`}`
			`return`
			`}`

			`func NewRingSignatureElement() (r *RingSignatureElement) {`
			`r = &RingSignatureElement{`
			`c: new(Key),`
			`r: new(Key),`
added create signature 2017-05-11 02:56:17 +00:00			`}`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`return`
			`}`

refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`func ParseSignature(buf io.Reader) (result *RingSignatureElement, err error) {`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`rse := NewRingSignatureElement()`
			`c := make([]byte, KeyLength)`
refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`n, err := buf.Read(c)`
			`if err != nil {`
			`return`
			`}`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`if n != KeyLength {`
added HashToScalar and tests 2017-05-10 04:18:37 +00:00			`err = fmt.Errorf("Not enough bytes for signature c")`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`return`
			`}`
refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`copy(rse.c[:], c)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`r := make([]byte, KeyLength)`
refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`n, err = buf.Read(r)`
			`if err != nil {`
			`return`
			`}`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`if n != KeyLength {`
added HashToScalar and tests 2017-05-10 04:18:37 +00:00			`err = fmt.Errorf("Not enough bytes for signature r")`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`return`
			`}`
refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`copy(rse.r[:], r)`
			`result = rse`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`return`
			`}`

refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`func ParseSignatures(mixinLengths []int, buf io.Reader) (signatures []RingSignature, err error) {`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`// mixinLengths is the number of mixins at each input position`
			`sigs := make([]RingSignature, len(mixinLengths), len(mixinLengths))`
			`for i, nMixin := range mixinLengths {`
			`sigs[i] = make([]*RingSignatureElement, nMixin, nMixin)`
			`for j := 0; j < nMixin; j++ {`
			`sigs[i][j], err = ParseSignature(buf)`
			`if err != nil {`
			`return`
			`}`
			`}`
			`}`
			`signatures = sigs`
			`return`
			`}`

Refactor some key stuff 2017-05-14 00:36:32 +00:00			`func HashToScalar(data ...[]byte) (result *Key) {`
			`result = new(Key)`
			`*result = Key(Keccak256(data...))`
			`ScReduce32(result)`
added HashToScalar and tests 2017-05-10 04:18:37 +00:00			`return`
			`}`

Refactor some key stuff 2017-05-14 00:36:32 +00:00			`func CreateSignature(prefixHash Hash, mixins []Key, privKey Key) (keyImage Key, pubKeys []Key, sig RingSignature) {`
refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`point := privKey.PubKey().HashToEC()`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`keyImagePoint := new(ProjectiveGroupElement)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`GeScalarMult(keyImagePoint, privKey, point)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`// convert key Image point from Projective to Extended`
			`// in order to precompute`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`keyImagePoint.ToBytes(&keyImage)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`keyImageGe := new(ExtendedGroupElement)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`keyImageGe.FromBytes(&keyImage)`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`var keyImagePre [8]CachedGroupElement`
			`GePrecompute(&keyImagePre, keyImageGe)`
added create signature 2017-05-11 02:56:17 +00:00			`k := RandomScalar()`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`pubKeys = make([]Key, len(mixins)+1)`
refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`privIndex := rand.Intn(len(pubKeys))`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`pubKeys[privIndex] = *privKey.PubKey()`
added create signature 2017-05-11 02:56:17 +00:00			`r := make([]*RingSignatureElement, len(pubKeys))`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`sum := new(Key)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`toHash := prefixHash[:]`
			`for i := 0; i < len(pubKeys); i++ {`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`tmpE := new(ExtendedGroupElement)`
			`tmpP := new(ProjectiveGroupElement)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`var tmpEBytes, tmpPBytes Key`
added create signature 2017-05-11 02:56:17 +00:00			`if i == privIndex {`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`GeScalarMultBase(tmpE, k)`
added create signature 2017-05-11 02:56:17 +00:00			`tmpE.ToBytes(&tmpEBytes)`
			`toHash = append(toHash, tmpEBytes[:]...)`
refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`tmpE = privKey.PubKey().HashToEC()`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`GeScalarMult(tmpP, k, tmpE)`
added create signature 2017-05-11 02:56:17 +00:00			`tmpP.ToBytes(&tmpPBytes)`
			`toHash = append(toHash, tmpPBytes[:]...)`
			`} else {`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`if i > privIndex {`
			`pubKeys[i] = mixins[i-1]`
			`} else {`
			`pubKeys[i] = mixins[i]`
			`}`
added create signature 2017-05-11 02:56:17 +00:00			`r[i] = &RingSignatureElement{`
			`c: RandomScalar(),`
			`r: RandomScalar(),`
			`}`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`tmpE.FromBytes(&pubKeys[i])`
			`GeDoubleScalarMultVartime(tmpP, r[i].c, tmpE, r[i].r)`
added create signature 2017-05-11 02:56:17 +00:00			`tmpP.ToBytes(&tmpPBytes)`
			`toHash = append(toHash, tmpPBytes[:]...)`
refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`tmpE = pubKeys[i].HashToEC()`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`GeDoubleScalarMultPrecompVartime(tmpP, r[i].r, tmpE, r[i].c, &keyImagePre)`
added create signature 2017-05-11 02:56:17 +00:00			`tmpP.ToBytes(&tmpPBytes)`
			`toHash = append(toHash, tmpPBytes[:]...)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`ScAdd(sum, sum, r[i].c)`
added create signature 2017-05-11 02:56:17 +00:00			`}`
			`}`
			`h := HashToScalar(toHash)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`r[privIndex] = NewRingSignatureElement()`
			`ScSub(r[privIndex].c, h, sum)`
			`ScMulSub(r[privIndex].r, r[privIndex].c, privKey, k)`
moved key image logic into createsig 2017-05-11 15:22:38 +00:00			`sig = r`
added create signature 2017-05-11 02:56:17 +00:00			`return`
			`}`

Refactor some key stuff 2017-05-14 00:36:32 +00:00			`func VerifySignature(prefixHash Hash, keyImage Key, pubKeys []Key, ringSignature RingSignature) (result bool) {`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`keyImageGe := new(ExtendedGroupElement)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`if !keyImageGe.FromBytes(keyImage) {`
Added all signature validity checks from monero/tests/crypto/tests.txt 2017-05-10 15:14:12 +00:00			`result = false`
			`return`
			`}`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`var keyImagePre [8]CachedGroupElement`
			`GePrecompute(&keyImagePre, keyImageGe)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`toHash := prefixHash[:]`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`tmpS, sum := new(Key), new(Key)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`for i, pubKey := range pubKeys {`
added create signature 2017-05-11 02:56:17 +00:00			`rse := ringSignature[i]`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`if !ScValid(rse.c) \|\| !ScValid(rse.r) {`
Added all signature validity checks from monero/tests/crypto/tests.txt 2017-05-10 15:14:12 +00:00			`result = false`
			`return`
			`}`
moved edwards25519.go into this package 2017-05-11 15:28:30 +00:00			`tmpE := new(ExtendedGroupElement)`
			`tmpP := new(ProjectiveGroupElement)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`if !tmpE.FromBytes(&pubKey) {`
Added all signature validity checks from monero/tests/crypto/tests.txt 2017-05-10 15:14:12 +00:00			`result = false`
			`return`
			`}`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`var tmpPBytes, tmpEBytes Key`
			`GeDoubleScalarMultVartime(tmpP, rse.c, tmpE, rse.r)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`tmpP.ToBytes(&tmpPBytes)`
			`toHash = append(toHash, tmpPBytes[:]...)`
refactor and use interfaces! 2017-05-11 19:15:06 +00:00			`tmpE = pubKey.HashToEC()`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`tmpE.ToBytes(&tmpEBytes)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`GeDoubleScalarMultPrecompVartime(tmpP, rse.r, tmpE, rse.c, &keyImagePre)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`tmpP.ToBytes(&tmpPBytes)`
			`toHash = append(toHash, tmpPBytes[:]...)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`ScAdd(sum, sum, rse.c)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`}`
added HashToScalar and tests 2017-05-10 04:18:37 +00:00			`tmpS = HashToScalar(toHash)`
Refactor some key stuff 2017-05-14 00:36:32 +00:00			`ScSub(sum, tmpS, sum)`
			`result = ScIsZero(sum)`
WIP: getting ringsignatures to work 2017-05-05 03:11:50 +00:00			`return`
			`}`