def MLSAG_Gen(pk, xx, index ):
rows = len(xx)
cols = len(pk[0])
print("Generating MG sig of size ", rows, "x", cols)
c= [None] * cols
alpha = skvGen(rows)
I = keyImageV(xx)
L = keyMatrix(rows, cols)
R = keyMatrix(rows, cols)
s = keyMatrix(rows, cols)
m = ''.join(pk[0])
for i in range(1, cols):
m = m + ''.join(pk[i])
L[index] = [MiniNero.scalarmultBase(aa) for aa in alpha] #L = aG
Hi = hashKeyVector(pk[index])
R[index] = [MiniNero.scalarmultKey(Hi[ii], alpha[ii]) for ii in range(0, rows)] #R = aI
oldi = index
i = (index + 1) % cols
c[i] = MiniNero.cn_fast_hash(m+''.join(L[oldi]) + ''.join(R[oldi]))
while i != index:
s[i] = skvGen(rows)
L[i] = [MiniNero.addKeys1(s[i][j], c[i], pk[i][j]) for j in range(0, rows)]
Hi = hashKeyVector(pk[i])
R[i] = [MiniNero.addKeys2( s[i][j], Hi[j], c[i], I[j]) for j in range(0, rows)]
oldi = i
i = (i + 1) % cols
c[i] = MiniNero.cn_fast_hash(m+''.join(L[oldi]) + ''.join(R[oldi]))
print("L", L)
print("R", R)
s[index] = [MiniNero.sc_mulsub_keys(alpha[j], c[index], xx[j]) for j in range(0, rows)] #alpha - c * x
return I, c[0], s
def LLW_Sig(pk, xx, index):
n = len(pk)
print("Generating LLW sig of length ", n)
L = [None] * n
R = [None] * n
c = [None] * n
s = [PaperWallet.skGen() for i in range(0, n)]
HP = [MiniNero.hashToPoint_ct(i) for i in pk]
pj = ''.join(pk)
keyimage = keyImage(xx) #ok
s[index] = MiniNero.mul_8(s[index])
L[index] = MiniNero.scalarmultBase(s[index])
R[index] = MiniNero.scalarmultKey(HP[index], s[index]) #aH
j = (index + 1) % n
c[j] = MiniNero.cn_fast_hash(pj + L[index] + R[index])
while j != index:
L[j] = MiniNero.addKeys(MiniNero.scalarmultBase(s[j]),
MiniNero.scalarmultKey(pk[j],
c[j])) #Lj = sG + cxG
R[j] = MiniNero.addKeys(MiniNero.scalarmultKey(HP[j], s[j]),
MiniNero.scalarmultKey(keyimage,
c[j])) #Rj = sH + cxH
cj = (j + 1) % n
c[cj] = MiniNero.cn_fast_hash(pj + L[j] +
R[j]) #c j+1 = H(pk + Lj + Rj
j = cj #increment j
s[index] = MiniNero.sc_mulsub_keys(s[index], c[index],
xx) #si = a - c x so a = s + c x
print("sigma = ", keyimage, c[0], s[:])
return keyimage, c[0], s[:]
def ecdhDecode(masked, receiverSk):
rv = ecdhTuple()
#compute shared secret
sharedSec1 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(masked.senderPk, receiverSk))
sharedSec2 = MiniNero.cn_fast_hash(sharedSec1)
#encode
rv.mask = MiniNero.sc_sub_keys(masked.mask, sharedSec1)
rv.amount = MiniNero.sc_sub_keys(masked.amount, sharedSec1)
return rv
def ecdhEncode(unmasked, receiverPk):
rv = ecdhTuple()
#compute shared secret
esk, rv.senderPk = PaperWallet.skpkGen()
sharedSec1 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(receiverPk, esk))
sharedSec2 = MiniNero.cn_fast_hash(sharedSec1)
#encode
rv.mask = MiniNero.sc_add_keys(unmasked.mask, sharedSec1)
rv.amount = MiniNero.sc_add_keys(unmasked.amount, sharedSec1)
return rv
def ecdhDecode(masked, receiverSk):
rv = ecdhTuple()
#compute shared secret
sharedSec1 = MiniNero.cn_fast_hash(
MiniNero.scalarmultKey(masked.senderPk, receiverSk))
sharedSec2 = MiniNero.cn_fast_hash(sharedSec1)
#encode
rv.mask = MiniNero.sc_sub_keys(masked.mask, sharedSec1)
rv.amount = MiniNero.sc_sub_keys(masked.amount, sharedSec1)
return rv
def ecdhEncode(unmasked, receiverPk):
rv = ecdhTuple()
#compute shared secret
esk, rv.senderPk = PaperWallet.skpkGen()
sharedSec1 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(receiverPk, esk));
sharedSec2 = MiniNero.cn_fast_hash(sharedSec1)
#encode
rv.mask = MiniNero.sc_add_keys(unmasked.mask, sharedSec1)
rv.amount = MiniNero.sc_add_keys(unmasked.amount, sharedSec1)
return rv
def VerSchnorrNonLinkable(P1, P2, L1, s1, s2):
c2 = MiniNero.cn_fast_hash(L1)
L2 = MiniNero.addKeys(MiniNero.scalarmultBase(s2), MiniNero.scalarmultKey(P2, c2))
c1 = MiniNero.cn_fast_hash(L2)
L1p = MiniNero.addKeys(MiniNero.scalarmultBase(s1), MiniNero.scalarmultKey(P1, c1))
if L1 == L1p:
print"Verified"
return 0
else:
print "Didn't verify"
print(L1,"!=", L1p)
return -1
def VerSchnorrNonLinkable(P1, P2, L1, s1, s2):
c2 = MiniNero.cn_fast_hash(L1)
L2 = MiniNero.addKeys(MiniNero.scalarmultBase(s2),
MiniNero.scalarmultKey(P2, c2))
c1 = MiniNero.cn_fast_hash(L2)
L1p = MiniNero.addKeys(MiniNero.scalarmultBase(s1),
MiniNero.scalarmultKey(P1, c1))
if L1 == L1p:
print "Verified"
return 0
else:
print "Didn't verify"
print(L1, "!=", L1p)
return -1
def MLSAG_Ver(pk, keyimage, c1, s ):
rows = len(pk)
cols = len(pk[0])
print("verifying MLSAG sig of dimensions ",rows ,"x ", cols)
L = [[None]*cols]
R = [[None]*cols]
pj = ''.join(pk[0])
for i in range(1, rows):
L.append([None] * cols)
R.append([None] * cols)
pj = pj + ''.join(pk[i])
c= [None]*(cols+1) #you do an extra one, and then check the wrap around
HP = [[MiniNero.hashToPoint_cn(i) for i in pk[0]]]
for j in range(1, rows):
HP.append([MiniNero.hashToPoint_cn(i) for i in pk[j]])
c[0] = c1
j = 0
while j < cols:
tohash = pj
for i in range(0, rows):
L[i][j] = MiniNero.addKeys(MiniNero.scalarmultBase(s[i][j]), MiniNero.scalarmultKey(pk[i][j], c[j]))
R[i][j] = MiniNero.addKeys(MiniNero.scalarmultKey(HP[i][j], s[i][j]), MiniNero.scalarmultKey(keyimage[i], c[j]))
tohash = tohash + L[i][j] + R[i][j]
j = j + 1
c[j] = MiniNero.cn_fast_hash(tohash)
rv = (c[0] == c[cols])
print("c", c)
print("sig verifies?", rv)
return rv
def MLSAG_Ver(pk, I, c0, s ):
rows = len(pk)
cols = len(pk[0])
print("verifying MG sig of dimensions ",rows ,"x ", cols)
c= [None] * (cols + 1)
c[0] = c0
L = keyMatrix(rows, cols)
R = keyMatrix(rows, cols)
m = ''.join(pk[0])
for i in range(1, cols):
m = m + ''.join(pk[i])
i = 0
while i < cols:
L[i] = [MiniNero.addKeys1(s[i][j], c[i], pk[i][j]) for j in range(0, rows)]
Hi = hashKeyVector(pk[i])
R[i] = [MiniNero.addKeys2( s[i][j], Hi[j], c[i], I[j]) for j in range(0, rows)]
oldi = i
i = i + 1
c[i] = MiniNero.cn_fast_hash(m+''.join(L[oldi]) + ''.join(R[oldi]))
print("L", L)
print("R", R)
print("c", c)
return (c0 == c[cols])
def VerSchnorr(hash_prefix, pub, r, c):
#hash_prefix = binascii.hexlify(prefix)
check1 = MiniNero.toPoint(pub)
comm = MiniNero.addKeys(MiniNero.scalarmultKey(pub,c), MiniNero.scalarmultBase(r))
c2 = MiniNero.cn_fast_hash(hash_prefix + pub + comm)
print(MiniNero.sc_sub_keys(c, c2) == "0000000000000000000000000000000000000000000000000000000000000000")
return (MiniNero.sc_sub_keys(c, c2) == "0000000000000000000000000000000000000000000000000000000000000000")
def MLSAG_Ver(pk, I, c0, s):
rows = len(pk[0])
cols = len(pk)
print("verifying MG sig of dimensions ", rows, "x ", cols)
c = [None] * (cols + 1)
c[0] = c0
L = keyMatrix(rows, cols)
R = keyMatrix(rows, cols)
m = ''.join(pk[0])
for i in range(1, cols):
m = m + ''.join(pk[i])
i = 0
while i < cols:
L[i] = [
MiniNero.addKeys1(s[i][j], c[i], pk[i][j]) for j in range(0, rows)
]
Hi = hashKeyVector(pk[i])
R[i] = [
MiniNero.addKeys2(s[i][j], Hi[j], c[i], I[j])
for j in range(0, rows)
]
oldi = i
i = i + 1
c[i] = MiniNero.cn_fast_hash(m + ''.join(L[oldi]) + ''.join(R[oldi]))
print("L", L)
print("R", R)
print("c", c)
return (c0 == c[cols])
def MLSAG_Gen(pk, xx, index):
rows = len(xx)
cols = len(pk)
print("Generating MG sig of size ", rows, "x", cols)
print("index is:", index)
print("checking if I can actually sign")
print(pk[index])
print([MiniNero.scalarmultBase(x) for x in xx])
c = [None] * cols
alpha = skvGen(rows)
I = keyImageV(xx)
L = keyMatrix(rows, cols)
R = keyMatrix(rows, cols)
s = keyMatrix(rows, cols)
m = ''.join(pk[0])
for i in range(1, cols):
m = m + ''.join(pk[i])
L[index] = [MiniNero.scalarmultBase(aa) for aa in alpha] #L = aG
Hi = hashKeyVector(pk[index])
R[index] = [
MiniNero.scalarmultKey(Hi[ii], alpha[ii]) for ii in range(0, rows)
] #R = aI
oldi = index
i = (index + 1) % cols
c[i] = MiniNero.cn_fast_hash(m + ''.join(L[oldi]) + ''.join(R[oldi]))
while i != index:
s[i] = skvGen(rows)
L[i] = [
MiniNero.addKeys1(s[i][j], c[i], pk[i][j]) for j in range(0, rows)
]
Hi = hashKeyVector(pk[i])
R[i] = [
MiniNero.addKeys2(s[i][j], Hi[j], c[i], I[j])
for j in range(0, rows)
]
oldi = i
i = (i + 1) % cols
c[i] = MiniNero.cn_fast_hash(m + ''.join(L[oldi]) + ''.join(R[oldi]))
print("L", L)
print("R", R)
s[index] = [
MiniNero.sc_mulsub_keys(alpha[j], c[index], xx[j])
for j in range(0, rows)
] #alpha - c * x
return I, c[0], s
def GenSchnorrNonLinkable(x, P1, P2, index):
if index == 0:
a = PaperWallet.skGen()
L1 = MiniNero.scalarmultBase(a)
s2 = PaperWallet.skGen()
c2 = MiniNero.cn_fast_hash(L1)
L2 = MiniNero.addKeys(MiniNero.scalarmultBase(s2), MiniNero.scalarmultKey(P2, c2))
c1 = MiniNero.cn_fast_hash(L2)
s1 = MiniNero.sc_mulsub_keys(a, x, c1)
if index == 1:
a = PaperWallet.skGen()
L2 = MiniNero.scalarmultBase(a)
s1 = PaperWallet.skGen()
c1 = MiniNero.cn_fast_hash(L2)
L1 = MiniNero.addKeys(MiniNero.scalarmultBase(s1), MiniNero.scalarmultKey(P1, c1))
c2 = MiniNero.cn_fast_hash(L1)
s2 = MiniNero.sc_mulsub_keys(a, x, c2)
return L1, s1, s2,
def deterministicVK():
while True:
print('.'),
tmp = MiniNero.intToHex(rand.getrandbits(64 *
8)) # 8 bits to a byte ...
sk = MiniNero.sc_reduce_key(MiniNero.cn_fast_hash(tmp))
#s = "3c817618dcbfed122a64e592bb441d73300da9123686224a84e0eab1f075117e"; for testing
#sk = MiniNero.sc_reduce_key(s)
vk = MiniNero.getViewMM(sk) #note this is the sc_reduced version..
worked = 1
try:
MiniNero.toPoint(vk)
except:
worked = 0
print("bad vk")
if vk == MiniNero.sc_reduce_key(
vk) and worked == 1: #already reduced + vk on curve
break
print("found keys")
print("secret spend key:", sk)
print("secret view key:", vk)
vk2 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(vk, 2))
print("secret view key2:", vk2)
vk3 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(vk, 3))
print("secret view key3:", vk3)
pk = MiniNero.publicFromSecret(sk)
print("public spend key:", pk)
pvk = MiniNero.publicFromSecret(vk)
print("public view key:", pvk)
pvk2 = MiniNero.publicFromSecret(vk2)
print("public view key2:", pvk2)
pvk3 = MiniNero.publicFromSecret(vk3)
print("public view key3:", pvk3)
addr = MiniNero.getAddrMM(sk)
print("in future this will get all addresses")
print("receiving address", addr)
wl = mnemonic.mn_encode(s)
cks = MiniNero.electrumChecksum(wl)
print(cks)
print("mnemonic:", wl + " " + cks)
def VerASNL(P1, P2, L1, s2, s):
#Aggregate Schnorr Non-Linkable
print("Verifying Aggregate Schnorr Non-linkable Ring Signature")
n = len(P1)
LHS = MiniNero.scalarmultBase(MiniNero.intToHex(0))
RHS = MiniNero.scalarmultBase(s)
for j in range(0, n):
c2 = MiniNero.cn_fast_hash(L1[j])
L2 = MiniNero.addKeys(MiniNero.scalarmultBase(s2[j]), MiniNero.scalarmultKey(P2[j], c2))
LHS = MiniNero.addKeys(LHS, L1[j])
c1 = MiniNero.cn_fast_hash(L2)
RHS = MiniNero.addKeys(RHS, MiniNero.scalarmultKey(P1[j], c1))
if LHS == RHS:
print"Verified"
return 0
else:
print "Didn't verify"
print(LHS,"!=", RHS)
return -1
def deterministicVK():
while True:
print("."),
tmp = MiniNero.intToHex(rand.getrandbits(64 * 8)) # 8 bits to a byte ...
sk = MiniNero.sc_reduce_key(MiniNero.cn_fast_hash(tmp))
# s = "3c817618dcbfed122a64e592bb441d73300da9123686224a84e0eab1f075117e"; for testing
# sk = MiniNero.sc_reduce_key(s)
vk = MiniNero.getViewMM(sk) # note this is the sc_reduced version..
worked = 1
try:
MiniNero.toPoint(vk)
except:
worked = 0
print("bad vk")
if vk == MiniNero.sc_reduce_key(vk) and worked == 1: # already reduced + vk on curve
break
print("found keys")
print("secret spend key:", sk)
print("secret view key:", vk)
vk2 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(vk, 2))
print("secret view key2:", vk2)
vk3 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(vk, 3))
print("secret view key3:", vk3)
pk = MiniNero.publicFromSecret(sk)
print("public spend key:", pk)
pvk = MiniNero.publicFromSecret(vk)
print("public view key:", pvk)
pvk2 = MiniNero.publicFromSecret(vk2)
print("public view key2:", pvk2)
pvk3 = MiniNero.publicFromSecret(vk3)
print("public view key3:", pvk3)
addr = MiniNero.getAddrMM(sk)
print("in future this will get all addresses")
print("receiving address", addr)
wl = mnemonic.mn_encode(s)
cks = MiniNero.electrumChecksum(wl)
print(cks)
print("mnemonic:", wl + " " + cks)
def GenSchnorrNonLinkable(x, P1, P2, index):
if index == 0:
a = PaperWallet.skGen()
L1 = MiniNero.scalarmultBase(a)
s2 = PaperWallet.skGen()
c2 = MiniNero.cn_fast_hash(L1)
L2 = MiniNero.addKeys(MiniNero.scalarmultBase(s2),
MiniNero.scalarmultKey(P2, c2))
c1 = MiniNero.cn_fast_hash(L2)
s1 = MiniNero.sc_mulsub_keys(a, x, c1)
if index == 1:
a = PaperWallet.skGen()
L2 = MiniNero.scalarmultBase(a)
s1 = PaperWallet.skGen()
c1 = MiniNero.cn_fast_hash(L2)
L1 = MiniNero.addKeys(MiniNero.scalarmultBase(s1),
MiniNero.scalarmultKey(P1, c1))
c2 = MiniNero.cn_fast_hash(L1)
s2 = MiniNero.sc_mulsub_keys(a, x, c2)
return L1, s1, s2,
def VerSchnorr(hash_prefix, pub, r, c):
#hash_prefix = binascii.hexlify(prefix)
check1 = MiniNero.toPoint(pub)
comm = MiniNero.addKeys(MiniNero.scalarmultKey(pub, c),
MiniNero.scalarmultBase(r))
c2 = MiniNero.cn_fast_hash(hash_prefix + pub + comm)
print(
MiniNero.sc_sub_keys(c, c2) ==
"0000000000000000000000000000000000000000000000000000000000000000")
return (MiniNero.sc_sub_keys(c, c2) ==
"0000000000000000000000000000000000000000000000000000000000000000")
def VerASNL(P1, P2, L1, s2, s):
#Aggregate Schnorr Non-Linkable
print("Verifying Aggregate Schnorr Non-linkable Ring Signature")
n = len(P1)
LHS = MiniNero.scalarmultBase(MiniNero.intToHex(0))
RHS = MiniNero.scalarmultBase(s)
for j in range(0, n):
c2 = MiniNero.cn_fast_hash(L1[j])
L2 = MiniNero.addKeys(MiniNero.scalarmultBase(s2[j]),
MiniNero.scalarmultKey(P2[j], c2))
LHS = MiniNero.addKeys(LHS, L1[j])
c1 = MiniNero.cn_fast_hash(L2)
RHS = MiniNero.addKeys(RHS, MiniNero.scalarmultKey(P1[j], c1))
if LHS == RHS:
print "Verified"
return 0
else:
print "Didn't verify"
print(LHS, "!=", RHS)
return -1
def GenSchnorr(hash_prefix, pub, sec, k):
#modified from original algorithm to match Monero better
#see the ag schnorr pdf for original alg.
#Note in Monero, hash prefix is always 32 bytes..
#hash_prefix = binascii.hexlify(prefix)
#k = PaperWallet.skGen() #comment for testing
comm = MiniNero.scalarmultBase(k)
print("comm", "hash_prefix", comm, hash_prefix)
if MiniNero.scalarmultBase(sec) != pub:
print"error in genSchnorr"
return -1
if MiniNero.sc_check(sec) == False:
print "fail in geSchnorr"
return -1
c = MiniNero.sc_reduce_key(MiniNero.cn_fast_hash(hash_prefix + pub + comm))
r = MiniNero.sc_sub_keys(k, MiniNero.sc_mul_keys(c, sec))
#uncomment to test malleability
c = MiniNero.sc_reduce_key(MiniNero.cn_fast_hash(hash_prefix + pub + comm))
r = MiniNero.sc_unreduce_key(MiniNero.sc_sub_keys(k, MiniNero.sc_mul_keys(c, sec)))
return r, c
def GenSchnorr(hash_prefix, pub, sec, k):
#modified from original algorithm to match ByteRub better
#see the ag schnorr pdf for original alg.
#Note in ByteRub, hash prefix is always 32 bytes..
#hash_prefix = binascii.hexlify(prefix)
#k = PaperWallet.skGen() #comment for testing
comm = MiniNero.scalarmultBase(k)
print("comm", "hash_prefix", comm, hash_prefix)
if MiniNero.scalarmultBase(sec) != pub:
print "error in genSchnorr"
return -1
if MiniNero.sc_check(sec) == False:
print "fail in geSchnorr"
return -1
c = MiniNero.sc_reduce_key(MiniNero.cn_fast_hash(hash_prefix + pub + comm))
r = MiniNero.sc_sub_keys(k, MiniNero.sc_mul_keys(c, sec))
#uncomment to test malleability
c = MiniNero.sc_reduce_key(MiniNero.cn_fast_hash(hash_prefix + pub + comm))
r = MiniNero.sc_unreduce_key(
MiniNero.sc_sub_keys(k, MiniNero.sc_mul_keys(c, sec)))
return r, c
def MLSAG_Sign(pk, xx, index):
rows = len(xx)
cols = len(pk[0])
print("Generating MLSAG sig of dimensions ",rows ,"x ", cols)
L = [[None] * cols] #list of keyvectors? except it's indexed by cols... it's kind of internal actually
R = [[None] * cols]
s = [[PaperWallet.skGen() for i in range(0, cols)] ] #first index is rows, second is cols, wonder if I should switch that..
HP = [[MiniNero.hashToPoint_cn(i) for i in pk[0]]]
pj = ''.join(pk[0])
for i in range(1, rows):
L.append([None] * cols)
R.append([None] * cols)
s.append([PaperWallet.skGen() for j in range(0, cols)])
HP.append([MiniNero.hashToPoint_cn(j) for j in pk[i]])
pj = pj + ''.join(pk[i])
c= [None] * cols #1-dimensional
keyimage = keyImage(xx, rows) #ok
for i in range(0, rows):
L[i][index] = MiniNero.scalarmultBase(s[i][index]) #aG
R[i][index] = MiniNero.scalarmultKey(HP[i][index], s[i][index]) #aH
j = (index + 1) % cols
tohash = pj
for i in range(0, rows):
tohash = tohash + L[i][index] + R[i][index]
c[j] = MiniNero.cn_fast_hash(tohash)
while j != index:
tohash = pj
for i in range(0, rows):
L[i][j] = MiniNero.addKeys(MiniNero.scalarmultBase(s[i][j]), MiniNero.scalarmultKey(pk[i][j], c[j])) #Lj = sG + cxG
R[i][j] = MiniNero.addKeys(MiniNero.scalarmultKey(HP[i][j], s[i][j]), MiniNero.scalarmultKey(keyimage[i], c[j])) #Rj = sH + cxH
tohash = tohash + L[i][j] + R[i][j]
j = (j + 1) % cols
c[j] = MiniNero.cn_fast_hash(tohash)
for i in range(0, rows):
s[i][index] = MiniNero.sc_mulsub_keys(s[i][index], c[index], xx[i]) #si = a - c x so a = s + c x
return keyimage, c[0], s
def LLW_Sig(pk, xx, index ):
n = len(pk)
print("Generating LLW sig of length ", n)
L = [None] * n
R = [None] * n
c= [None] * n
s = [PaperWallet.skGen() for i in range(0, n)]
HP = [MiniNero.hashToPoint_ct(i) for i in pk]
pj = ''.join(pk)
keyimage = keyImage(xx) #ok
s[index] = MiniNero.mul_8(s[index])
L[index] = MiniNero.scalarmultBase(s[index])
R[index] = MiniNero.scalarmultKey(HP[index], s[index]) #aH
j = (index + 1) % n
c[j] = MiniNero.cn_fast_hash(pj+L[index]+R[index])
while j != index:
L[j] = MiniNero.addKeys(MiniNero.scalarmultBase(s[j]), MiniNero.scalarmultKey(pk[j], c[j])) #Lj = sG + cxG
R[j] = MiniNero.addKeys(MiniNero.scalarmultKey(HP[j], s[j]), MiniNero.scalarmultKey(keyimage, c[j])) #Rj = sH + cxH
cj = (j + 1) % n
c[cj] = MiniNero.cn_fast_hash(pj + L[j] + R[j]) #c j+1 = H(pk + Lj + Rj
j = cj #increment j
s[index] = MiniNero.sc_mulsub_keys(s[index], c[index], xx) #si = a - c x so a = s + c x
print("sigma = ", keyimage, c[0], s[:])
return keyimage, c[0], s[:]
def LLW_Ver(pk, keyimage, c1, s):
n= len(pk) #ok
print("verifying LLW sig of length", n)
L = [None]*n
R = [None]*n
c= [None]*(n+1)
pj = ''.join(pk)
HP = [MiniNero.hashToPoint_ct(i) for i in pk]
c[0] = c1
j = 0
while j < n:
L[j] = MiniNero.addKeys(MiniNero.scalarmultBase(s[j]), MiniNero.scalarmultKey(pk[j], c[j]))
R[j] = MiniNero.addKeys(MiniNero.scalarmultKey(HP[j], s[j]), MiniNero.scalarmultKey(keyimage, c[j]))
cj = j + 1
c[cj] = MiniNero.cn_fast_hash(pj + L[j] + R[j])
j = cj
rv = (c[0] == c[n])
print("sig verifies complete", rv)
print("c", c)
print("L", L)
print("R", R)
return rv
def LLW_Ver(pk, keyimage, c1, s):
n = len(pk) #ok
print("verifying LLW sig of length", n)
L = [None] * n
R = [None] * n
c = [None] * (n + 1)
pj = ''.join(pk)
HP = [MiniNero.hashToPoint_ct(i) for i in pk]
c[0] = c1
j = 0
while j < n:
L[j] = MiniNero.addKeys(MiniNero.scalarmultBase(s[j]),
MiniNero.scalarmultKey(pk[j], c[j]))
R[j] = MiniNero.addKeys(MiniNero.scalarmultKey(HP[j], s[j]),
MiniNero.scalarmultKey(keyimage, c[j]))
cj = j + 1
c[cj] = MiniNero.cn_fast_hash(pj + L[j] + R[j])
j = cj
rv = (c[0] == c[n])
print("sig verifies complete", rv)
print("c", c)
print("L", L)
print("R", R)
return rv
#you += hash(pubkey || index) to both the private scalar and public point
#<tacotime> [02:35:38] so to get priv_i and pub_i
#<tacotime> [02:36:06] priv_i = (priv + hash) mod N
#<tacotime> [02:37:17] pub_i = (pub + scalarbasemult(hash))
import MiniNero
import PaperWallet
sk, vk, pk, pvk, addr, wl, cks = PaperWallet.keysBoth()
print("making keychain")
for i in range(1, 600):
index = MiniNero.intToHex(i)
has = MiniNero.cn_fast_hash(pk + index)
sk1 = MiniNero.sc_add_keys(sk, has)
pk1 = MiniNero.addKeys(pk, MiniNero.scalarmultBase(has))
pk1_check = MiniNero.publicFromSecret(sk1)
print("Check", pk1== pk1_check)
print(sk1)
#print("i, sk, pk", i, sk1, pk1)
def ecdhRetrieve(x, pk):
sspub = MiniNero.scalarmultKey(pk, x)
ss1 = MiniNero.cn_fast_hash(sspub)
ss2 = MiniNero.cn_fast_hash(ss1)
return ss1, ss2
def cnHashOfFile(filepath):
#c.f. github.com/ShenNoether/btcProof sha256OfFile
bin_data = open(filepath, 'rb').read()
hex_data = binascii.hexlify(bin_data)
print(hex_data)
return MiniNero.cn_fast_hash(hex_data)
print(aG)
print(MiniNero.scalarmultKey(aG, a))
if sys.argv[1] == "add":
#once it's good
A = PaperWallet.pkGen()
A = "75819750158570adc58ad6f932c3704661d6cd8eafd3a14818293a17790fbf71"
B = PaperWallet.pkGen()
B = "5fbc56c82c6e40596c673e301b63e100f08b97723ead425ed38f2b55c7a6454f"
AB = MiniNero.addKeys(A, B)
Translator.hexToC(A)
Translator.hexToC(B)
print(AB)
AAB = MiniNero.addKeys(AB, A)
print("AAB", AAB)
print("hash")
print(MiniNero.sc_reduce_key(MiniNero.cn_fast_hash(A)))
aAbB = MiniNero.addKeys(MiniNero.scalarmultKey(A, A), MiniNero.scalarmultKey(B, B))
print("testing addKeys3")
print(aAbB)
if sys.argv[1] == "rs":
#once it's good
sk = MiniNero.randomScalar()
if sys.argv[1] == "mn":
#checking decoding mnemonic
#seed = "code elope foiled knapsack abyss fishing wayside also joining auburn robot sonic inquest obnoxious pact gave smash itches fierce darted owed queen pool fruit auburn"
seed = "down hairy tattoo ointment austere lush fossil symptoms vary sonic ultimate onslaught pioneer aerial kept linen unnoticed ahead weavers injury buzzer inquest justice nightly symptoms"
seed = "unzip festival cease fences value anchor waking tomorrow ritual hookup guarded antics cease"
sk = MiniNero.recoverSK(seed)
print("sk", sk)
print("addr my monero", MiniNero.getAddr(sk))
def ecdhGen(P):
ephembytes, ephempub = PaperWallet.skpkGen()
sspub = MiniNero.scalarmultKey(P, ephembytes) # (receiver pub) * (sender ecdh sk)
ss1 = MiniNero.cn_fast_hash(sspub)
ss2 = MiniNero.cn_fast_hash(ss1)
return ephembytes, ephempub, ss1, ss2
#you += hash(pubkey || index) to both the private scalar and public point
#<tacotime> [02:35:38] so to get priv_i and pub_i
#<tacotime> [02:36:06] priv_i = (priv + hash) mod N
#<tacotime> [02:37:17] pub_i = (pub + scalarbasemult(hash))
import MiniNero
import PaperWallet
sk, vk, pk, pvk, addr, wl, cks = PaperWallet.keysBoth()
print("making keychain")
for i in range(1, 600):
index = MiniNero.intToHex(i)
has = MiniNero.cn_fast_hash(pk + index)
sk1 = MiniNero.sc_add_keys(sk, has)
pk1 = MiniNero.addKeys(pk, MiniNero.scalarmultBase(has))
pk1_check = MiniNero.publicFromSecret(sk1)
print("Check", pk1 == pk1_check)
print(sk1)
#print("i, sk, pk", i, sk1, pk1)
def ecdhRetrieve(x, pk): sspub = MiniNero.scalarmultKey(pk, x) ss1 = MiniNero.cn_fast_hash(sspub) ss2 = MiniNero.cn_fast_hash(ss1) return ss1, ss2
def ecdhGen(P): ephembytes, ephempub = PaperWallet.skpkGen() sspub = MiniNero.scalarmultKey(P, ephembytes) #(receiver pub) * (sender ecdh sk) ss1 = MiniNero.cn_fast_hash(sspub) ss2 = MiniNero.cn_fast_hash(ss1) return ephembytes, ephempub, ss1, ss2
print(aG)
print(MiniNero.scalarmultKey(aG, a))
if sys.argv[1] == "add":
#once it's good
A = PaperWallet.pkGen()
A = "75819750158570adc58ad6f932c3704661d6cd8eafd3a14818293a17790fbf71"
B = PaperWallet.pkGen()
B = "5fbc56c82c6e40596c673e301b63e100f08b97723ead425ed38f2b55c7a6454f"
AB = MiniNero.addKeys(A, B)
Translator.hexToC(A)
Translator.hexToC(B)
print(AB)
AAB = MiniNero.addKeys(AB, A)
print("AAB", AAB)
print("hash")
print(MiniNero.sc_reduce_key(MiniNero.cn_fast_hash(A)))
aAbB = MiniNero.addKeys(MiniNero.scalarmultKey(A, A),
MiniNero.scalarmultKey(B, B))
print("testing addKeys3")
print(aAbB)
if sys.argv[1] == "rs":
#once it's good
sk = MiniNero.randomScalar()
if sys.argv[1] == "mn":
#checking decoding mnemonic
#seed = "code elope foiled knapsack abyss fishing wayside also joining auburn robot sonic inquest obnoxious pact gave smash itches fierce darted owed queen pool fruit auburn"
seed = "down hairy tattoo ointment austere lush fossil symptoms vary sonic ultimate onslaught pioneer aerial kept linen unnoticed ahead weavers injury buzzer inquest justice nightly symptoms"
seed = "unzip festival cease fences value anchor waking tomorrow ritual hookup guarded antics cease"
sk = MiniNero.recoverSK(seed)
print("sk", sk)