moved key image logic into createsig

2017-05-11 08:22:38 -07:00 · 2017-05-11 08:22:38 -07:00 · a4a0550e76
parent c6fae917ec
commit a4a0550e76
2 changed files with 65 additions and 30 deletions
--- a/ringsignature.go
+++ b/ringsignature.go
@ -4,6 +4,7 @@ import (
 	"bytes"
 	"crypto/rand"
 	"fmt"
+	mathrand "math/rand"

 	"github.com/paxos-bankchain/ed25519/edwards25519"
 )
@ -32,6 +33,38 @@ func RandomScalar() (result [ScalarLength]byte) {
 	return
 }

+func (p *PrivKey) FromBytes(b [ScalarLength]byte) {
+	*p = b
+}
+
+func (p *PrivKey) ToBytes() (result [ScalarLength]byte) {
+	result = [32]byte(*p)
+	return
+}
+
+func (p *PrivKey) PubKey() (pubKey *PubKey) {
+	secret := p.ToBytes()
+	point := new(edwards25519.ExtendedGroupElement)
+	edwards25519.GeScalarMultBase(point, &secret)
+	pubKeyBytes := new([PointLength]byte)
+	point.ToBytes(pubKeyBytes)
+	pubKey = (*PubKey)(pubKeyBytes)
+	return
+}
+
+func (p *PubKey) ToBytes() (result [PointLength]byte) {
+	result = [PointLength]byte(*p)
+	return
+}
+
+func NewKeyPair() (privKey *PrivKey, pubKey *PubKey) {
+	privKey = new(PrivKey)
+	pubKey = new(PubKey)
+	privKey.FromBytes(RandomScalar())
+	pubKey = privKey.PubKey()
+	return
+}
+
 func (s *RingSignatureElement) Serialize() (result []byte) {
 	result = make([]byte, 2*ScalarLength)
 	copy(result, s.c[:])
@ -96,17 +129,29 @@ func HashToScalar(data ...[]byte) (result [ScalarLength]byte) {
 	return
 }

-func CreateSignature(prefixHash *Hash, keyImage *PubKey, pubKeys []PubKey, privateKey PrivKey, privIndex int) (result RingSignature) {
+func CreateSignature(prefixHash *Hash, mixins []PubKey, privKey *PrivKey) (keyImage PubKey, pubKeys []PubKey, sig RingSignature) {
+	point := new(edwards25519.ExtendedGroupElement)
+	HashToEC(privKey.PubKey(), point)
+	privKeyBytes := privKey.ToBytes()
+	keyImagePoint := new(edwards25519.ProjectiveGroupElement)
+	edwards25519.GeScalarMult(keyImagePoint, &privKeyBytes, point)
+	var keyImageBytes [PointLength]byte
+	// convert key Image point from Projective to Extended
+	// in order to precompute
+	keyImagePoint.ToBytes(&keyImageBytes)
 	keyImageGe := new(edwards25519.ExtendedGroupElement)
-	keyImageBytes := [PointLength]byte(*keyImage)
 	keyImageGe.FromBytes(&keyImageBytes)
+	keyImage = PubKey(keyImageBytes)
 	var keyImagePre [8]edwards25519.CachedGroupElement
 	edwards25519.GePrecompute(&keyImagePre, keyImageGe)
-	var sum [ScalarLength]byte
 	k := RandomScalar()
-	toHash := prefixHash[:]
+	pubKeys = make([]PubKey, len(mixins)+1)
+	privIndex := mathrand.Intn(len(pubKeys))
+	pubKeys[privIndex] = *privKey.PubKey()
 	r := make([]*RingSignatureElement, len(pubKeys))
-	for i, pubKey := range pubKeys {
+	var sum [ScalarLength]byte
+	toHash := prefixHash[:]
+	for i := 0; i < len(pubKeys); i++ {
 		tmpE := new(edwards25519.ExtendedGroupElement)
 		tmpP := new(edwards25519.ProjectiveGroupElement)
 		var tmpEBytes, tmpPBytes [PointLength]byte
@ -114,21 +159,26 @@ func CreateSignature(prefixHash *Hash, keyImage *PubKey, pubKeys []PubKey, priva
 			edwards25519.GeScalarMultBase(tmpE, &k)
 			tmpE.ToBytes(&tmpEBytes)
 			toHash = append(toHash, tmpEBytes[:]...)
-			HashToEC(&pubKey, tmpE)
+			HashToEC(privKey.PubKey(), tmpE)
 			edwards25519.GeScalarMult(tmpP, &k, tmpE)
 			tmpP.ToBytes(&tmpPBytes)
 			toHash = append(toHash, tmpPBytes[:]...)
 		} else {
+			if i > privIndex {
+				pubKeys[i] = mixins[i-1]
+			} else {
+				pubKeys[i] = mixins[i]
+			}
 			r[i] = &RingSignatureElement{
 				c: RandomScalar(),
 				r: RandomScalar(),
 			}
-			pubKeyBytes := [PointLength]byte(pubKey)
+			pubKeyBytes := pubKeys[i].ToBytes()
 			tmpE.FromBytes(&pubKeyBytes)
 			edwards25519.GeDoubleScalarMultVartime(tmpP, &r[i].c, tmpE, &r[i].r)
 			tmpP.ToBytes(&tmpPBytes)
 			toHash = append(toHash, tmpPBytes[:]...)
-			HashToEC(&pubKey, tmpE)
+			HashToEC(&pubKeys[i], tmpE)
 			edwards25519.GeDoubleScalarMultPrecompVartime(tmpP, &r[i].r, tmpE, &r[i].c, &keyImagePre)
 			tmpP.ToBytes(&tmpPBytes)
 			toHash = append(toHash, tmpPBytes[:]...)
@ -138,9 +188,9 @@ func CreateSignature(prefixHash *Hash, keyImage *PubKey, pubKeys []PubKey, priva
 	h := HashToScalar(toHash)
 	r[privIndex] = new(RingSignatureElement)
 	edwards25519.ScSub(&r[privIndex].c, &h, &sum)
-	scalar := [32]byte(privateKey)
+	scalar := privKey.ToBytes()
 	edwards25519.ScMulSub(&r[privIndex].r, &r[privIndex].c, &scalar, &k)
-	result = r
+	sig = r
 	return
 }

--- a/ringsignature_test.go
+++ b/ringsignature_test.go
@ -1818,28 +1818,13 @@ func TestCreateSignature(t *testing.T) {
 	numMixins := 10
 	for i := 0; i < numTries; i++ {
 		hash := Hash(RandomScalar())
-		privKeyBytes := RandomScalar()
-		privKey := PrivKey(privKeyBytes)
-		pubKeys := make([]PubKey, numMixins+1)
-		point := new(edwards25519.ExtendedGroupElement)
+		privKey, _ := NewKeyPair()
+		mixins := make([]PubKey, numMixins)
 		for j := 0; j < numMixins; j++ {
-			secret := RandomScalar()
-			edwards25519.GeScalarMultBase(point, &secret)
-			var pub [32]byte
-			point.ToBytes(&pub)
-			pubKeys[j] = PubKey(pub)
+			_, pk := NewKeyPair()
+			mixins[j] = *pk
 		}
-		keyImagePoint := new(edwards25519.ProjectiveGroupElement)
-		edwards25519.GeScalarMultBase(point, &privKeyBytes)
-		var pubKey, keyImageBytes [32]byte
-		point.ToBytes(&pubKey)
-		pubKeys[numMixins] = pubKey
-		pk := PubKey(pubKey)
-		HashToEC(&pk, point)
-		edwards25519.GeScalarMult(keyImagePoint, &privKeyBytes, point)
-		keyImagePoint.ToBytes(&keyImageBytes)
-		keyImage := PubKey(keyImageBytes)
-		sig := CreateSignature(&hash, &keyImage, pubKeys, privKey, numMixins)
+		keyImage, pubKeys, sig := CreateSignature(&hash, mixins, privKey)
 		if !VerifySignature(&hash, &keyImage, pubKeys, sig) {
 			var pubKeyStr string
 			for _, pk := range pubKeys {