def sumCiExp(Cis, Exp): #Cis is a vector #Exp is a vector CSum = MiniNero.identity() for i in range(0, len(Cis)): CSum = MiniNero.addKeys(CSum, MiniNero.scalarmultKey(Cis[i], MiniNero.intToHex(10 ** Exp[i]))) return CSum
def out_commitments(values): #do this first n = len(values) values2 = [None] * n for i in range(0, n): values2[i] = [MiniNero.intToHex(j) for j in binary(MiniNero.hexToInt(values[i]))] #returns a list of commitments C_i = y_iG + value_i * H for outputs (these masks are created randomly) masks = [None] * n sumMasks = [None] * n for i in range(0, n): masks[i] = [PaperWallet.skGen() for jj in values2[i]] #binary decomposition for range proofs (could also use another base) sumMasks[i] = MiniNero.intToHex(sum([MiniNero.hexToInt(a) for a in masks[i]])) #sum is what actually goes into the ring.. C = [None] * n for i in range(0, n): C[i] = MiniNero.addKeys(MiniNero.scalarmultBase(sumMasks[i]), MiniNero.scalarmultKey(H_ct, values[i])) return C, masks, sumMasks, values2
def genRct(inSk, inPk, destinations, amounts, mixin): #inputs: #inSk is signers secret ctkeyvector #inPk is signers public ctkeyvector #destinations is a keyvector of output addresses #amounts is a list of amounts corresponding to above output addresses #mixin is an integer which is the desired mixin #outputs: #rctSig is a list [ rangesigs, MG, mixRing, ecdhInfo, outPk] #rangesigs is a list of one rangeproof for each output #MG is the mgsig [ss, cc, II] #mixRing is a ctkeyMatrix #ecdhInfo is a list of masks / amounts for each output #outPk is a vector of ctkeys (since we have computed the commitment for each amount) rv = rctSig() rv.outPk = ctkeyV( len(destinations)) rv.rangeSigs = [None] * len(destinations) outSk = ctkeyV(len(destinations)) rv.ecdhInfo = [None] * len(destinations) for i in range(0, len(destinations)): rv.ecdhInfo[i] = ecdhTuple() rv.outPk[i] = ctkey() rv.outPk[i].dest = destinations[i] rv.outPk[i].mask, outSk[i].mask, rv.rangeSigs[i] = proveRange(amounts[i]) #do ecdhinfo encode / decode rv.ecdhInfo[i].mask = outSk[i].mask rv.ecdhInfo[i].amount = MiniNero.intToHex(amounts[i]) rv.ecdhInfo[i] = ecdhEncode(rv.ecdhInfo[i], destinations[i]) rv.mixRing, index = populateFromBlockchain(inPk, mixin) rv.MG = proveRctMG(rv.mixRing, inSk, outSk, rv.outPk, index) return rv
def genRangeProof(b, digits): bb = binary(b, digits) #gives binary form of bb in "digits" binary digits print("b, b in binary", b, bb) ai = [None] * len(bb) Ci = [None] * len(bb) CiH = [None] * len(bb) #this is like Ci - 2^i H a = MiniNero.intToHex(0) ii = [None] * len(bb) indi = [None] * len(bb) for i in range(0, len(bb)): ai[i] = PaperWallet.skGen() a = MiniNero.addScalars(a, ai[i]) #creating the total mask since you have to pass this to receiver... Ci[i] = MiniNero.addKeys(MiniNero.scalarmultBase(ai[i]), MiniNero.scalarmultKey(getHForCT(), MiniNero.intToHex(bb[i] * 2 ** i))) CiH[i] = MiniNero.subKeys(Ci[i], MiniNero.scalarmultKey(getHForCT(), MiniNero.intToHex(2 ** i))) L1, s2, s = AggregateSchnorr.GenASNL(ai, Ci, CiH, bb) return sumCi(Ci), Ci, L1, s2, s, a
def genRct(inSk, inPk, destinations, amounts, mixin): #inputs: #inSk is signers secret ctkeyvector #inPk is signers public ctkeyvector #destinations is a keyvector of output addresses #amounts is a list of amounts corresponding to above output addresses #mixin is an integer which is the desired mixin #outputs: #rctSig is a list [ rangesigs, MG, mixRing, ecdhInfo, outPk] #rangesigs is a list of one rangeproof for each output #MG is the mgsig [ss, cc, II] #mixRing is a ctkeyMatrix #ecdhInfo is a list of masks / amounts for each output #outPk is a vector of ctkeys (since we have computed the commitment for each amount) rv = rctSig() rv.outPk = ctkeyV(len(destinations)) rv.rangeSigs = [None] * len(destinations) outSk = ctkeyV(len(destinations)) rv.ecdhInfo = [None] * len(destinations) for i in range(0, len(destinations)): rv.ecdhInfo[i] = ecdhTuple() rv.outPk[i] = ctkey() rv.outPk[i].dest = destinations[i] rv.outPk[i].mask, outSk[i].mask, rv.rangeSigs[i] = proveRange( amounts[i]) #do ecdhinfo encode / decode rv.ecdhInfo[i].mask = outSk[i].mask rv.ecdhInfo[i].amount = MiniNero.intToHex(amounts[i]) rv.ecdhInfo[i] = ecdhEncode(rv.ecdhInfo[i], destinations[i]) rv.mixRing, index = populateFromBlockchain(inPk, mixin) rv.MG = proveRctMG(rv.mixRing, inSk, outSk, rv.outPk, index) return rv
def ctskpkGen(amount): sk = ctkey() pk = ctkey() sk.dest, pk.dest = PaperWallet.skpkGen() sk.mask, pk.mask = PaperWallet.skpkGen() am = MiniNero.intToHex(amount) aH = MiniNero.scalarmultKey(getHForCT(), am) pk.mask = MiniNero.addKeys(pk.mask, aH) return sk, pk
def ctskpkGen(amount): sk = ctkey() pk = ctkey() sk.dest, pk.dest = PaperWallet.skpkGen() sk.mask, pk.mask = PaperWallet.skpkGen() am = MiniNero.intToHex(amount) aH = MiniNero.scalarmultKey(getHForCT(), am) pk.mask = MiniNero.addKeys(pk.mask, aH) return sk, pk
def sumCiExp(Cis, Exp): #Cis is a vector #Exp is a vector CSum = MiniNero.identity() for i in range(0, len(Cis)): CSum = MiniNero.addKeys( CSum, MiniNero.scalarmultKey(Cis[i], MiniNero.intToHex(10**Exp[i]))) return CSum
def in_commitments(input_value, sk, masks): #for now, assume there is one input, generalized after get that working sum_masks = MiniNero.intToHex(sum([MiniNero.hexToInt(a) for a in masks])) z = MiniNero.sc_sub_keys(sk, sum_masks) # z + sum of input mask values = sk C = MiniNero.addKeys(MiniNero.scalarmultBase(sk), MiniNero.scalarmultKey( H_ct, input_value)) #input_value = sum output values return C, z #z is the sk you need to sign for this commitment
def getH2ForCT(): A = MiniNero.publicFromInt(1) HPow2 = MiniNero.hashToPoint_ct(A) two = MiniNero.intToHex(2) H2 = [None] * ATOMS for i in range(0, ATOMS): #Translator.hexToCComma(HPow2) H2[i] = HPow2 HPow2 = MiniNero.scalarmultKey(HPow2, two) return H2
def getH2ForCT(): A = MiniNero.publicFromInt(1) HPow2 = MiniNero.hashToPoint_ct(A) two = MiniNero.intToHex(2) H2 = [None] * 64 for i in range(0, 64): Translator.hexToCComma(HPow2) H2[i] = HPow2 HPow2 = MiniNero.scalarmultKey(HPow2, two) return H2
def verRangeProof(Ci, L1, s2, s): n = len( Ci ) #note there will be some fixed length eventually so you can't just get the top digit CiH = [None] * n for i in range(0, n): CiH[i] = MiniNero.subKeys( Ci[i], MiniNero.scalarmultKey(getHForCT(), MiniNero.intToHex(2**i))) return ASNL.VerASNL(Ci, CiH, L1, s2, s)
def out_commitments(values): #do this first n = len(values) values2 = [None] * n for i in range(0, n): values2[i] = [ MiniNero.intToHex(j) for j in binary(MiniNero.hexToInt(values[i])) ] #returns a list of commitments C_i = y_iG + value_i * H for outputs (these masks are created randomly) masks = [None] * n sumMasks = [None] * n for i in range(0, n): masks[i] = [ PaperWallet.skGen() for jj in values2[i] ] #binary decomposition for range proofs (could also use another base) sumMasks[i] = MiniNero.intToHex( sum([MiniNero.hexToInt(a) for a in masks[i] ])) #sum is what actually goes into the ring.. C = [None] * n for i in range(0, n): C[i] = MiniNero.addKeys(MiniNero.scalarmultBase(sumMasks[i]), MiniNero.scalarmultKey(H_ct, values[i])) return C, masks, sumMasks, values2
def genRangeProof(b, digits): bb = binary(b, digits) #gives binary form of bb in "digits" binary digits print("b, b in binary", b, bb) ai = [None] * len(bb) Ci = [None] * len(bb) CiH = [None] * len(bb) #this is like Ci - 2^i H a = MiniNero.intToHex(0) ii = [None] * len(bb) indi = [None] * len(bb) for i in range(0, len(bb)): ai[i] = PaperWallet.skGen() a = MiniNero.addScalars( a, ai[i] ) #creating the total mask since you have to pass this to receiver... Ci[i] = MiniNero.addKeys( MiniNero.scalarmultBase(ai[i]), MiniNero.scalarmultKey(getHForCT(), MiniNero.intToHex(bb[i] * 2**i))) CiH[i] = MiniNero.subKeys( Ci[i], MiniNero.scalarmultKey(getHForCT(), MiniNero.intToHex(2**i))) L1, s2, s = ASNL.GenASNL(ai, Ci, CiH, bb) return sumCi(Ci), Ci, L1, s2, s, a
def GenASNL(x, P1, P2, indices): #Aggregate Schnorr Non-Linkable #x, P1, P2, are key vectors here, but actually you #indices specifices which column of the given row of the key vector you sign. #the key vector with the first or second key n = len(x) print("Generating Aggregate Schnorr Non-linkable Ring Signature") L1 = [None] * n s1 = [None] * n s2 = [None] * n s = MiniNero.intToHex(0) for j in range(0, n): L1[j], s1[j], s2[j] = GenSchnorrNonLinkable(x[j], P1[j], P2[j], indices[j]) s = MiniNero.sc_add_keys(s, s1[j]) return L1, s2, s
def GenASNL(x, P1, P2, indices): #Aggregate Schnorr Non-Linkable #x, P1, P2, are key vectors here, but actually you #indices specifices which column of the given row of the key vector you sign. #the key vector with the first or second key n = len(x) print("Generating Aggregate Schnorr Non-linkable Ring Signature") L1 = [None] * n s1 = [None] * n s2 = [None] * n s = MiniNero.intToHex(0) for j in range(0, n): L1[j], s1[j], s2[j] = GenSchnorrNonLinkable(x[j], P1[j], P2[j], indices[j]) s = MiniNero.sc_add_keys(s, s1[j]) return L1, s2, s
def deterministicVK(): while True: print('.'), tmp = MiniNero.intToHex(rand.getrandbits(64 * 8)) # 8 bits to a byte ... sk = MiniNero.sc_reduce_key(MiniNero.cn_fast_hash(tmp)) #s = "3c817618dcbfed122a64e592bb441d73300da9123686224a84e0eab1f075117e"; for testing #sk = MiniNero.sc_reduce_key(s) vk = MiniNero.getViewMM(sk) #note this is the sc_reduced version.. worked = 1 try: MiniNero.toPoint(vk) except: worked = 0 print("bad vk") if vk == MiniNero.sc_reduce_key( vk) and worked == 1: #already reduced + vk on curve break print("found keys") print("secret spend key:", sk) print("secret view key:", vk) vk2 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(vk, 2)) print("secret view key2:", vk2) vk3 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(vk, 3)) print("secret view key3:", vk3) pk = MiniNero.publicFromSecret(sk) print("public spend key:", pk) pvk = MiniNero.publicFromSecret(vk) print("public view key:", pvk) pvk2 = MiniNero.publicFromSecret(vk2) print("public view key2:", pvk2) pvk3 = MiniNero.publicFromSecret(vk3) print("public view key3:", pvk3) addr = MiniNero.getAddrMM(sk) print("in future this will get all addresses") print("receiving address", addr) wl = mnemonic.mn_encode(s) cks = MiniNero.electrumChecksum(wl) print(cks) print("mnemonic:", wl + " " + cks)
def VerASNL(P1, P2, L1, s2, s): #Aggregate Schnorr Non-Linkable print("Verifying Aggregate Schnorr Non-linkable Ring Signature") n = len(P1) LHS = MiniNero.scalarmultBase(MiniNero.intToHex(0)) RHS = MiniNero.scalarmultBase(s) for j in range(0, n): c2 = MiniNero.cn_fast_hash(L1[j]) L2 = MiniNero.addKeys(MiniNero.scalarmultBase(s2[j]), MiniNero.scalarmultKey(P2[j], c2)) LHS = MiniNero.addKeys(LHS, L1[j]) c1 = MiniNero.cn_fast_hash(L2) RHS = MiniNero.addKeys(RHS, MiniNero.scalarmultKey(P1[j], c1)) if LHS == RHS: print"Verified" return 0 else: print "Didn't verify" print(LHS,"!=", RHS) return -1
def deterministicVK(): while True: print("."), tmp = MiniNero.intToHex(rand.getrandbits(64 * 8)) # 8 bits to a byte ... sk = MiniNero.sc_reduce_key(MiniNero.cn_fast_hash(tmp)) # s = "3c817618dcbfed122a64e592bb441d73300da9123686224a84e0eab1f075117e"; for testing # sk = MiniNero.sc_reduce_key(s) vk = MiniNero.getViewMM(sk) # note this is the sc_reduced version.. worked = 1 try: MiniNero.toPoint(vk) except: worked = 0 print("bad vk") if vk == MiniNero.sc_reduce_key(vk) and worked == 1: # already reduced + vk on curve break print("found keys") print("secret spend key:", sk) print("secret view key:", vk) vk2 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(vk, 2)) print("secret view key2:", vk2) vk3 = MiniNero.cn_fast_hash(MiniNero.scalarmultKey(vk, 3)) print("secret view key3:", vk3) pk = MiniNero.publicFromSecret(sk) print("public spend key:", pk) pvk = MiniNero.publicFromSecret(vk) print("public view key:", pvk) pvk2 = MiniNero.publicFromSecret(vk2) print("public view key2:", pvk2) pvk3 = MiniNero.publicFromSecret(vk3) print("public view key3:", pvk3) addr = MiniNero.getAddrMM(sk) print("in future this will get all addresses") print("receiving address", addr) wl = mnemonic.mn_encode(s) cks = MiniNero.electrumChecksum(wl) print(cks) print("mnemonic:", wl + " " + cks)
def VerASNL(P1, P2, L1, s2, s): #Aggregate Schnorr Non-Linkable print("Verifying Aggregate Schnorr Non-linkable Ring Signature") n = len(P1) LHS = MiniNero.scalarmultBase(MiniNero.intToHex(0)) RHS = MiniNero.scalarmultBase(s) for j in range(0, n): c2 = MiniNero.cn_fast_hash(L1[j]) L2 = MiniNero.addKeys(MiniNero.scalarmultBase(s2[j]), MiniNero.scalarmultKey(P2[j], c2)) LHS = MiniNero.addKeys(LHS, L1[j]) c1 = MiniNero.cn_fast_hash(L2) RHS = MiniNero.addKeys(RHS, MiniNero.scalarmultKey(P1[j], c1)) if LHS == RHS: print "Verified" return 0 else: print "Didn't verify" print(LHS, "!=", RHS) return -1
print("verifying range proofs of outputs") RingCT.verRangeProof(Cib, L1b, s2b, sb) RingCT.verRangeProof(Cic, L1c, s2c, sc) x, P1 = PaperWallet.skpkGen() P2 = PaperWallet.pkGen() C2 = PaperWallet.pkGen() #some random commitment grabbed from the blockchain ind = 0 Ca = RingCT.sumCi(Cia) Cb = RingCT.sumCi(Cib) Cc = RingCT.sumCi(Cic) sk = [x, MiniNero.sc_sub_keys(ska, MiniNero.sc_add_keys(skb, skc))] pk = [[P1, P2], [MiniNero.subKeys(Ca, MiniNero.addKeys(Cb, Cc)), MiniNero.subKeys(C2, MiniNero.addKeys(Cb, Cc)) ] ] II, cc, ssVal = MLSAG.MLSAG_Sign(pk, sk, ind) print("Sig verified?", MLSAG.MLSAG_Ver(pk, II, cc, ssVal) ) print("Finding received amount corresponding to Cib") RingCT.ComputeReceivedAmount(pe, sr, MiniNero.addScalars(ss1, skb),MiniNero.addScalars(ss2, MiniNero.intToHex(b)), Cib, 9) print("Finding received amount corresponding to Cic") RingCT.ComputeReceivedAmount(pe, sr, MiniNero.addScalars(ss1, skc), MiniNero.addScalars(ss2, MiniNero.intToHex(c)), Cic, 9) if sys.argv[1] == "MLSAG": #below is example usage. Uncomment each line for testing N = 3 #cols R = 3 #rows x = [[None]*N] #just used to generate test public keys sk = [None] * R #vector of secret keys P = [[None]*N] #stores the public keys ind = 2 for j in range(0, R): if j > 0: x.append([None]*N) P.append([None]*N)
def in_commitments(input_value, sk, masks): #for now, assume there is one input, generalized after get that working sum_masks = MiniNero.intToHex(sum([MiniNero.hexToInt(a) for a in masks])) z = MiniNero.sc_sub_keys(sk, sum_masks) # z + sum of input mask values = sk C = MiniNero.addKeys(MiniNero.scalarmultBase(sk), MiniNero.scalarmultKey(H_ct, input_value)) #input_value = sum output values return C, z #z is the sk you need to sign for this commitment
def pkGen(): #The point of this is in testing functions where you need some arbitrary public key to test against return MiniNero.scalarmultBase(MiniNero.intToHex( 8 * (rand.getrandbits(64 * 8)) % l))
print("verifying range proofs of outputs") RingCT.verRangeProof(Cib, L1b, s2b, sb) RingCT.verRangeProof(Cic, L1c, s2c, sc) x, P1 = PaperWallet.skpkGen() P2 = PaperWallet.pkGen() C2 = PaperWallet.pkGen() #some random commitment grabbed from the blockchain ind = 0 Ca = RingCT.sumCi(Cia) Cb = RingCT.sumCi(Cib) Cc = RingCT.sumCi(Cic) sk = [x, MiniNero.sc_sub_keys(ska, MiniNero.sc_add_keys(skb, skc))] pk = [[P1, P2], [MiniNero.subKeys(Ca, MiniNero.addKeys(Cb, Cc)), MiniNero.subKeys(C2, MiniNero.addKeys(Cb, Cc)) ] ] II, cc, ssVal = MLSAG.MLSAG_Sign(pk, sk, ind) print("Sig verified?", MLSAG.MLSAG_Ver(pk, II, cc, ssVal) ) print("Finding received amount corresponding to Cib") RingCT.ComputeReceivedAmount(pe, sr, MiniNero.addScalars(ss1, skb),MiniNero.addScalars(ss2, MiniNero.intToHex(b)), Cib, 9) print("Finding received amount corresponding to Cic") RingCT.ComputeReceivedAmount(pe, sr, MiniNero.addScalars(ss1, skc), MiniNero.addScalars(ss2, MiniNero.intToHex(c)), Cic, 9) if sys.argv[1] == "MLSAG": #below is example usage. Uncomment each line for testing N = 3 #cols R = 3 #rows x = [[None]*N] #just used to generate test public keys sk = [None] * R #vector of secret keys P = [[None]*N] #stores the public keys ind = 2 for j in range(0, R): if j > 0: x.append([None]*N) P.append([None]*N)
def skGen(): return MiniNero.intToHex( 8 * (rand.getrandbits(64 * 8)) % l)
def skGen(): return MiniNero.intToHex(8 * (rand.getrandbits(64 * 8)) % l)
def pkGen(): #The point of this is in testing functions where you need some arbitrary public key to test against return MiniNero.scalarmultBase( MiniNero.intToHex(8 * (rand.getrandbits(64 * 8)) % l))
q = 2**255 - 19 l = 2**252 + 27742317777372353535851937790883648493 import MiniNero import PaperWallet a = 3655169758690262480859172686034352748701568204867449275194046101565641063400 b = 2196281112309589493539510630657048805544016132079821556435431458072258858680 c = 1680308020000391016811131033972168547846809685867129675902005632340344199616 d = 3102886190919558838979092227453570755967767872654511102581747930112259050736 e = a + b + c + d print(e, e % l) pk = MiniNero.publicFromSecret(MiniNero.intToHex(e)) pka = MiniNero.publicFromSecret(MiniNero.intToHex(a)) pkb = MiniNero.publicFromSecret(MiniNero.intToHex(b)) pkc = MiniNero.publicFromSecret(MiniNero.intToHex(c)) pkd = MiniNero.publicFromSecret(MiniNero.intToHex(d)) A = MiniNero.addKeys(pka, pkb) B = MiniNero.addKeys(A, pkc) C = MiniNero.addKeys(B, pkd) print(C) print(pk)
#you += hash(pubkey || index) to both the private scalar and public point #<tacotime> [02:35:38] so to get priv_i and pub_i #<tacotime> [02:36:06] priv_i = (priv + hash) mod N #<tacotime> [02:37:17] pub_i = (pub + scalarbasemult(hash)) import MiniNero import PaperWallet sk, vk, pk, pvk, addr, wl, cks = PaperWallet.keysBoth() print("making keychain") for i in range(1, 600): index = MiniNero.intToHex(i) has = MiniNero.cn_fast_hash(pk + index) sk1 = MiniNero.sc_add_keys(sk, has) pk1 = MiniNero.addKeys(pk, MiniNero.scalarmultBase(has)) pk1_check = MiniNero.publicFromSecret(sk1) print("Check", pk1 == pk1_check) print(sk1) #print("i, sk, pk", i, sk1, pk1)
def point_compress(P): zinv = modp_inv(P[2]) x = P[0] * zinv % p y = P[1] * zinv % p return MiniNero.intToHex(y | ((x & 1) << 255) )
ind = 0 Ca = RingCT.sumCi(Cia) Cb = RingCT.sumCi(Cib) Cc = RingCT.sumCi(Cic) sk = [x, MiniNero.sc_sub_keys(ska, MiniNero.sc_add_keys(skb, skc))] pk = [[P1, P2], [ MiniNero.subKeys(Ca, MiniNero.addKeys(Cb, Cc)), MiniNero.subKeys(C2, MiniNero.addKeys(Cb, Cc)) ]] II, cc, ssVal = MLSAG.MLSAG_Sign(pk, sk, ind) print("Sig verified?", MLSAG.MLSAG_Ver(pk, II, cc, ssVal)) print("Finding received amount corresponding to Cib") RingCT.ComputeReceivedAmount( pe, sr, MiniNero.addScalars(ss1, skb), MiniNero.addScalars(ss2, MiniNero.intToHex(b)), Cib, 9) print("Finding received amount corresponding to Cic") RingCT.ComputeReceivedAmount( pe, sr, MiniNero.addScalars(ss1, skc), MiniNero.addScalars(ss2, MiniNero.intToHex(c)), Cic, 9) if sys.argv[1] == "MLSAG": #below is example usage. Uncomment each line for testing N = 3 #cols R = 3 #rows x = [[None] * N] #just used to generate test public keys sk = [None] * R #vector of secret keys P = [[None] * N] #stores the public keys ind = 2 for j in range(0, R): if j > 0:
def verRangeProof(Ci, L1, s2, s): n = len(Ci) #note there will be some fixed length eventually so you can't just get the top digit CiH = [None] * n for i in range(0, n): CiH[i] = MiniNero.subKeys(Ci[i], MiniNero.scalarmultKey(getHForCT(), MiniNero.intToHex(2 ** i))) return AggregateSchnorr.VerASNL(Ci, CiH, L1, s2, s)
MiniNero.scalarmultKey(H_ct, C_out_i[i])) # masks_i * G + C_out_i * H C_i_prime = MiniNero.subKeys(C_i, H_ct) #C_i - H C_is[i] = [C_i_prime, C_i] print("generating LLWsig for range proof from Cis, masks, couts", C_is[i], masks_i[i], C_out_i[i]) I_Proofs[i], c0s[i], ss[i] = LLW_Sigs.LLW_Sig( C_is[i], masks_i[i], MiniNero.hexToInt(C_out_i[i])) #ring sig on the above, with sk masks_i return I_Proofs, c0s, ss, C_is H_ct = getHForCT() print("H", H_ct) a = MiniNero.intToHex(49) b1 = MiniNero.intToHex(30) b2 = MiniNero.intToHex(20) x_priv = PaperWallet.skGen() #our private key x_commit = PaperWallet.skGen() # our private commitment key #x_commit = x_priv #do with x_priv = x_commit first... , then modify by adding another mask Pk1 = MiniNero.scalarmultBase(x_priv) #our public key Pk2 = MiniNero.scalarmultBase(PaperWallet.skGen()) #other sk (we don't know it print("xpriv, Pk1, Pk2", x_priv, Pk1, Pk2) C_out, out_masks, sumMasks, values2 = out_commitments([b1, b2]) #testing rangeProofs print("testing range proofs") I_proofs, c0s, ss, Ci_s = rangeProof(values2[0], out_masks[0]) print("Iproofs, c0s, ss", I_proofs, c0s, ss)
#you += hash(pubkey || index) to both the private scalar and public point #<tacotime> [02:35:38] so to get priv_i and pub_i #<tacotime> [02:36:06] priv_i = (priv + hash) mod N #<tacotime> [02:37:17] pub_i = (pub + scalarbasemult(hash)) import MiniNero import PaperWallet sk, vk, pk, pvk, addr, wl, cks = PaperWallet.keysBoth() print("making keychain") for i in range(1, 600): index = MiniNero.intToHex(i) has = MiniNero.cn_fast_hash(pk + index) sk1 = MiniNero.sc_add_keys(sk, has) pk1 = MiniNero.addKeys(pk, MiniNero.scalarmultBase(has)) pk1_check = MiniNero.publicFromSecret(sk1) print("Check", pk1== pk1_check) print(sk1) #print("i, sk, pk", i, sk1, pk1)
c0s = [None] * n ss = [None] * n C_is = [None] * n for i in range(0, n): C_i = MiniNero.addKeys(MiniNero.scalarmultBase(masks_i[i]), MiniNero.scalarmultKey(H_ct, C_out_i[i])) # masks_i * G + C_out_i * H C_i_prime = MiniNero.subKeys(C_i, H_ct) #C_i - H C_is[i] = [C_i_prime, C_i] print("generating LLWsig for range proof from Cis, masks, couts", C_is[i], masks_i[i], C_out_i[i]) I_Proofs[i], c0s[i], ss[i] = LLW_Sigs.LLW_Sig(C_is[i], masks_i[i], MiniNero.hexToInt(C_out_i[i])) #ring sig on the above, with sk masks_i return I_Proofs, c0s, ss, C_is H_ct = getHForCT() print("H", H_ct) a = MiniNero.intToHex(49) b1 = MiniNero.intToHex(30) b2 = MiniNero.intToHex(20) x_priv = PaperWallet.skGen() #our private key x_commit = PaperWallet.skGen() # our private commitment key #x_commit = x_priv #do with x_priv = x_commit first... , then modify by adding another mask Pk1 = MiniNero.scalarmultBase(x_priv) #our public key Pk2 = MiniNero.scalarmultBase(PaperWallet.skGen()) #other sk (we don't know it print("xpriv, Pk1, Pk2", x_priv, Pk1, Pk2) C_out, out_masks, sumMasks, values2 = out_commitments([b1, b2]) #testing rangeProofs print("testing range proofs") I_proofs, c0s, ss, Ci_s = rangeProof(values2[0], out_masks[0]) print("Iproofs, c0s, ss", I_proofs, c0s, ss)