Example #1
0
def genRCTSig(sk_x, sk_in, sk_out, Pk, CIn, COut, ExpIn, ExpOut, index):
    #sk_x is private keys of addresses (vector)
    #sk_in is masks of input commitments (vector)
    #sk_out is masks of output commitments (vector)
    #Pk is public key list (2d array)
    #CIn is input commitments (2d array)
    #COut is output commitments (vector)
    #ExpIn is exponents for the input commitments (2d array)
    #so each row of this is going to correspond to a column in the actual mlsag..
    #ExpOut is exponents for the output commitments
    #index is the secret index
    sk = sk_x[:]
    sk.append(
        MiniNero.sc_sub_keys(MiniNero.sc_add(sk_in, ExpIn[index]),
                             MiniNero.sc_add(sk_out, ExpOut)))
    CRow = [None] * len(CIn)  #commitments row of public keys Cin - Cout
    COutSum = sumCiExp(COut, ExpOut)  #Cout1*10^i_1 + Cout2 * 10^{i_2}..
    tmp = MiniNero.identity()
    pk = [None] * (len(sk_x) + 1)  #generalize later...
    pk[0] = Pk
    for i in range(0, len(CIn)):
        CRow[i] = MiniNero.subKeys(sumCiExp(CIn[i], ExpIn[i]), COutSum)
    pk[1] = CRow
    II, cc, ssVal = MLSAG.MLSAG_Sign(pk, sk, index)
    return pk, II, cc, ssVal
Example #2
0
def proveRctMG(pubs, inSk, outSk, outPk, index):
    #pubs is a matrix of ctkeys [P, C] 
    #inSk is the keyvector of [x, mask] secret keys
    #outMasks is a keyvector of masks for outputs
    #outPk is a list of output ctkeys [P, C]
    #index is secret index of where you are signing (integer)
    #returns a list (mgsig) [ss, cc, II] where ss is keymatrix, cc is key, II is keyVector of keyimages
    
    #so we are calling MLSAG2.MLSAG_Gen from here, we need a keymatrix made from pubs
    #we also need a keyvector made from inSk
    rows = len(pubs[0])
    cols = len(pubs)
    print("rows in mg", rows)
    print("cols in mg", cols)
    M = MLSAG2.keyMatrix(rows + 1, cols) #just a simple way to initialize a keymatrix, doesn't need to be random..
    sk = MLSAG2.keyVector(rows + 1)
    
    for j in range(0, cols):
        M[j][rows] = MiniNero.identity()
    sk[rows] = MiniNero.sc_0()
    for i in range(0, rows): 
        sk[i] = inSk[i].dest #get the destination part
        sk[rows] = MiniNero.sc_add_keys(sk[rows], inSk[i].mask) #add commitment part
        for j in range(0, cols):
            M[j][i] = pubs[j][i].dest # get the destination part
            M[j][rows] = MiniNero.addKeys(M[j][rows], pubs[j][i].mask) #add commitment part
    #next need to subtract the commitment part of all outputs..
    for j in range(0, len(outSk)):
        sk[rows] = MiniNero.sc_sub_keys(sk[rows], outSk[j].mask)
        for i in range(0, len(outPk)):
            M[j][rows] = MiniNero.subKeys(M[j][rows], outPk[i].mask) # subtract commitment part
    MG = mgSig()
    MG.II, MG.cc, MG.ss = MLSAG2.MLSAG_Gen(M, sk, index)
    
    return MG #mgSig
Example #3
0
def sumCiExp(Cis, Exp):
    #Cis is a vector
    #Exp is a vector
    CSum = MiniNero.identity()
    for i in range(0, len(Cis)):
        CSum = MiniNero.addKeys(CSum, MiniNero.scalarmultKey(Cis[i], MiniNero.intToHex(10 ** Exp[i])))
    return CSum
Example #4
0
def sumCiExp(Cis, Exp):
    #Cis is a vector
    #Exp is a vector
    CSum = MiniNero.identity()
    for i in range(0, len(Cis)):
        CSum = MiniNero.addKeys(
            CSum, MiniNero.scalarmultKey(Cis[i],
                                         MiniNero.intToHex(10**Exp[i])))
    return CSum
Example #5
0
def verRctMG(MG, pubs, outPk):
    #mg is an mgsig (list [ss, cc, II] of keymatrix ss, keyvector II and key cc]
    #pubs is a matrix of ctkeys [P, C]
    #outPk is a list of output ctkeys [P, C] for the transaction
    #returns true or false
    rows = len(pubs[0])
    cols = len(pubs)
    M = MLSAG2.keyMatrix(rows + 1, cols) #just a simple way to initialize a keymatrix, doesn't need to be random..
    for j in range(0, cols):
        M[j][rows] = MiniNero.identity()
    for i in range(0, rows): 
        for j in range(0, cols):
            M[j][i] = pubs[j][i].dest # get the destination part
            M[j][rows] = MiniNero.addKeys(M[j][rows], pubs[j][i].mask) #add commitment part
    #next need to subtract the commitment part of all outputs..
    for j in range(0, cols):
        for i in range(0, len(outPk)):
            M[j][rows] = MiniNero.subKeys(M[j][rows], outPk[i].mask) # subtract commitment part        
    return MLSAG2.MLSAG_Ver(M, MG.II, MG.cc, MG.ss)
Example #6
0
def decodeRct(rv, sk, i):
    #inputs:
    #rctSig is a list [ rangesigs, MG, mixRing, ecdhInfo, outPk] 
    #rangesigs is a list of one rangeproof for each output
    #MG is the mgsig [ss, cc, II] 
    #mixRing is a ctkeyMatrix 
    #ecdhInfo is a list of masks / amounts for each output
    #outPk is a vector of ctkeys (since we have computed the commitment for each amount)    
    #sk is the secret key of the receiver
    #i is the index of the receiver in the rctSig (in case of multiple destinations)
    #outputs: 
    #the amount received
    decodedTuple = ecdhDecode(rv.ecdhInfo[i], sk)
    mask = decodedTuple.mask
    amount = decodedTuple.amount
    C = rv.outPk[i].mask
    H = getHForCT()
    Ctmp = MiniNero.addKeys(MiniNero.scalarmultBase(mask), MiniNero.scalarmultKey(H, amount))
    if (MiniNero.subKeys(C, Ctmp) != MiniNero.identity()): 
        print("warning, amount decoded incorrectly, will be unable to spend")
    return MiniNero.hexToInt(amount)
Example #7
0
def proveRctMG(pubs, inSk, outSk, outPk, index):
    #pubs is a matrix of ctkeys [P, C]
    #inSk is the keyvector of [x, mask] secret keys
    #outMasks is a keyvector of masks for outputs
    #outPk is a list of output ctkeys [P, C]
    #index is secret index of where you are signing (integer)
    #returns a list (mgsig) [ss, cc, II] where ss is keymatrix, cc is key, II is keyVector of keyimages

    #so we are calling MLSAG2.MLSAG_Gen from here, we need a keymatrix made from pubs
    #we also need a keyvector made from inSk
    rows = len(pubs[0])
    cols = len(pubs)
    print("rows in mg", rows)
    print("cols in mg", cols)
    M = MLSAG2.keyMatrix(
        rows + 1, cols
    )  #just a simple way to initialize a keymatrix, doesn't need to be random..
    sk = MLSAG2.keyVector(rows + 1)

    for j in range(0, cols):
        M[j][rows] = MiniNero.identity()
    sk[rows] = MiniNero.sc_0()
    for i in range(0, rows):
        sk[i] = inSk[i].dest  #get the destination part
        sk[rows] = MiniNero.sc_add_keys(sk[rows],
                                        inSk[i].mask)  #add commitment part
        for j in range(0, cols):
            M[j][i] = pubs[j][i].dest  # get the destination part
            M[j][rows] = MiniNero.addKeys(
                M[j][rows], pubs[j][i].mask)  #add commitment part
    #next need to subtract the commitment part of all outputs..
    for j in range(0, len(outSk)):
        sk[rows] = MiniNero.sc_sub_keys(sk[rows], outSk[j].mask)
        for i in range(0, len(outPk)):
            M[j][rows] = MiniNero.subKeys(
                M[j][rows], outPk[i].mask)  # subtract commitment part
    MG = mgSig()
    MG.II, MG.cc, MG.ss = MLSAG2.MLSAG_Gen(M, sk, index)

    return MG  #mgSig
Example #8
0
def decodeRct(rv, sk, i):
    #inputs:
    #rctSig is a list [ rangesigs, MG, mixRing, ecdhInfo, outPk]
    #rangesigs is a list of one rangeproof for each output
    #MG is the mgsig [ss, cc, II]
    #mixRing is a ctkeyMatrix
    #ecdhInfo is a list of masks / amounts for each output
    #outPk is a vector of ctkeys (since we have computed the commitment for each amount)
    #sk is the secret key of the receiver
    #i is the index of the receiver in the rctSig (in case of multiple destinations)
    #outputs:
    #the amount received
    decodedTuple = ecdhDecode(rv.ecdhInfo[i], sk)
    mask = decodedTuple.mask
    amount = decodedTuple.amount
    C = rv.outPk[i].mask
    H = getHForCT()
    Ctmp = MiniNero.addKeys(MiniNero.scalarmultBase(mask),
                            MiniNero.scalarmultKey(H, amount))
    if (MiniNero.subKeys(C, Ctmp) != MiniNero.identity()):
        print("warning, amount decoded incorrectly, will be unable to spend")
    return MiniNero.hexToInt(amount)
Example #9
0
def verRctMG(MG, pubs, outPk):
    #mg is an mgsig (list [ss, cc, II] of keymatrix ss, keyvector II and key cc]
    #pubs is a matrix of ctkeys [P, C]
    #outPk is a list of output ctkeys [P, C] for the transaction
    #returns true or false
    rows = len(pubs[0])
    cols = len(pubs)
    M = MLSAG2.keyMatrix(
        rows + 1, cols
    )  #just a simple way to initialize a keymatrix, doesn't need to be random..
    for j in range(0, cols):
        M[j][rows] = MiniNero.identity()
    for i in range(0, rows):
        for j in range(0, cols):
            M[j][i] = pubs[j][i].dest  # get the destination part
            M[j][rows] = MiniNero.addKeys(
                M[j][rows], pubs[j][i].mask)  #add commitment part
    #next need to subtract the commitment part of all outputs..
    for j in range(0, cols):
        for i in range(0, len(outPk)):
            M[j][rows] = MiniNero.subKeys(
                M[j][rows], outPk[i].mask)  # subtract commitment part
    return MLSAG2.MLSAG_Ver(M, MG.II, MG.cc, MG.ss)
Example #10
0
def genRCTSig(sk_x, sk_in, sk_out, Pk, CIn, COut, ExpIn, ExpOut, index):
    #sk_x is private keys of addresses (vector)
    #sk_in is masks of input commitments (vector)
    #sk_out is masks of output commitments (vector)
    #Pk is public key list (2d array)
    #CIn is input commitments (2d array)
    #COut is output commitments (vector)
    #ExpIn is exponents for the input commitments (2d array)
    #so each row of this is going to correspond to a column in the actual mlsag..
    #ExpOut is exponents for the output commitments
    #index is the secret index
    sk = sk_x[:]
    sk.append(MiniNero.sc_sub_keys(MiniNero.sc_add(sk_in, ExpIn[index]), MiniNero.sc_add(sk_out, ExpOut)))
    CRow = [None] * len(CIn) #commitments row of public keys Cin - Cout
    COutSum = sumCiExp(COut, ExpOut) #Cout1*10^i_1 + Cout2 * 10^{i_2}..
    tmp = MiniNero.identity()
    pk = [None] * (len(sk_x) + 1) #generalize later...
    pk[0] = Pk
    for i in range(0, len(CIn)):
        CRow[i] = MiniNero.subKeys(sumCiExp(CIn[i], ExpIn[i]), COutSum) 
    pk[1] = CRow
    II, cc, ssVal = MLSAG.MLSAG_Sign(pk, sk, index)
    return pk, II, cc, ssVal
Example #11
0
def sumCi(Cis):
    CSum = MiniNero.identity()
    for i in Cis:
        CSum = MiniNero.addKeys(CSum, i)
    return CSum
Example #12
0
import MLSAG2
import LLW_Sigs
import RingCT
import Crypto.Random.random as rand
import Translator
import binascii


b = 256
q = 2**255 - 19
l = 2**252 + 27742317777372353535851937790883648493


if len(sys.argv) >= 2:
    if sys.argv[1] == "id":
        Translator.hexToC(MiniNero.identity())

    if sys.argv[1] == "smult":
        a= "87a61352d86f5cb0e9d227542b6b4870b9a327d082d15ea64e0494b9a896c1ac"
        aG = MiniNero.scalarmultBase(a)
        print(aG)
        print(MiniNero.scalarmultKey(aG, a))
    if sys.argv[1] == "add":
        #once it's good
        A = PaperWallet.pkGen()
        A = "75819750158570adc58ad6f932c3704661d6cd8eafd3a14818293a17790fbf71"
        B = PaperWallet.pkGen()
        B = "5fbc56c82c6e40596c673e301b63e100f08b97723ead425ed38f2b55c7a6454f"
        AB = MiniNero.addKeys(A, B)
        Translator.hexToC(A)
        Translator.hexToC(B)
Example #13
0
def sumCi(Cis):
    CSum = MiniNero.identity()
    for i in Cis:
        CSum = MiniNero.addKeys(CSum, i)
    return CSum
Example #14
0
import ASNL
import MLSAG
import MLSAG2
import LLW_Sigs
import RingCT
import Crypto.Random.random as rand
import Translator
import binascii

b = 256
q = 2**255 - 19
l = 2**252 + 27742317777372353535851937790883648493

if len(sys.argv) >= 2:
    if sys.argv[1] == "id":
        Translator.hexToC(MiniNero.identity())

    if sys.argv[1] == "smult":
        a = "87a61352d86f5cb0e9d227542b6b4870b9a327d082d15ea64e0494b9a896c1ac"
        aG = MiniNero.scalarmultBase(a)
        print(aG)
        print(MiniNero.scalarmultKey(aG, a))
    if sys.argv[1] == "add":
        #once it's good
        A = PaperWallet.pkGen()
        A = "75819750158570adc58ad6f932c3704661d6cd8eafd3a14818293a17790fbf71"
        B = PaperWallet.pkGen()
        B = "5fbc56c82c6e40596c673e301b63e100f08b97723ead425ed38f2b55c7a6454f"
        AB = MiniNero.addKeys(A, B)
        Translator.hexToC(A)
        Translator.hexToC(B)