Exemple #1
0
def out_commitments(values):
    #do this first
    n = len(values)
    values2 = [None] * n
    for i in range(0, n):
        values2[i] = [MiniNero.intToHex(j) for j in binary(MiniNero.hexToInt(values[i]))]
    #returns a list of commitments C_i = y_iG + value_i * H for outputs (these masks are created randomly)
    masks = [None] * n 
    sumMasks = [None] * n
    for i in range(0, n):
        masks[i] = [PaperWallet.skGen() for jj in values2[i]] #binary decomposition for range proofs (could also use another base)
        sumMasks[i] = MiniNero.intToHex(sum([MiniNero.hexToInt(a) for a in masks[i]])) #sum is what actually goes into the ring..
    C = [None] * n
    for i in range(0, n):
        C[i] = MiniNero.addKeys(MiniNero.scalarmultBase(sumMasks[i]), MiniNero.scalarmultKey(H_ct, values[i]))
    return C, masks, sumMasks, values2
Exemple #2
0
def in_commitments(input_value, sk, masks):
    #for now, assume there is one input, generalized after get that working
    sum_masks = MiniNero.intToHex(sum([MiniNero.hexToInt(a) for a in masks]))
    z = MiniNero.sc_sub_keys(sk,
                             sum_masks)  # z +  sum of input mask values = sk
    C = MiniNero.addKeys(MiniNero.scalarmultBase(sk),
                         MiniNero.scalarmultKey(
                             H_ct,
                             input_value))  #input_value = sum output values
    return C, z  #z is the sk you need to sign for this commitment
Exemple #3
0
def point_decompress(s):
    #if len(s) != 32:
        #raise Exception("Invalid input length for decompression")
    #y = int.from_bytes(s, "little")
    y = MiniNero.hexToInt(s)
    sign = y >> 255
    y &= (1 << 255) - 1

    x = recover_x(y, sign)
    if x is None:
        return None
    else:
        return (x, y, 1, x*y % p)
Exemple #4
0
def out_commitments(values):
    #do this first
    n = len(values)
    values2 = [None] * n
    for i in range(0, n):
        values2[i] = [
            MiniNero.intToHex(j) for j in binary(MiniNero.hexToInt(values[i]))
        ]
    #returns a list of commitments C_i = y_iG + value_i * H for outputs (these masks are created randomly)
    masks = [None] * n
    sumMasks = [None] * n
    for i in range(0, n):
        masks[i] = [
            PaperWallet.skGen() for jj in values2[i]
        ]  #binary decomposition for range proofs (could also use another base)
        sumMasks[i] = MiniNero.intToHex(
            sum([MiniNero.hexToInt(a) for a in masks[i]
                 ]))  #sum is what actually goes into the ring..
    C = [None] * n
    for i in range(0, n):
        C[i] = MiniNero.addKeys(MiniNero.scalarmultBase(sumMasks[i]),
                                MiniNero.scalarmultKey(H_ct, values[i]))
    return C, masks, sumMasks, values2
Exemple #5
0
def rangeProof(C_out_i, masks_i):
    n = len(masks_i)
    I_Proofs = [None] * n
    c0s = [None] * n
    ss = [None] * n
    C_is = [None] * n
    for i in range(0, n):
        C_i = MiniNero.addKeys(MiniNero.scalarmultBase(masks_i[i]), MiniNero.scalarmultKey(H_ct, C_out_i[i])) # masks_i * G + C_out_i * H
        C_i_prime = MiniNero.subKeys(C_i, H_ct) #C_i - H
        C_is[i] = [C_i_prime, C_i]
        print("generating LLWsig for range proof from Cis, masks, couts", C_is[i], masks_i[i], C_out_i[i])
        I_Proofs[i], c0s[i], ss[i] = LLW_Sigs.LLW_Sig(C_is[i], masks_i[i], MiniNero.hexToInt(C_out_i[i]))
        #ring sig on the above, with sk masks_i
    return I_Proofs, c0s, ss, C_is
Exemple #6
0
def ComputeReceivedAmount(senderEphemPk, receiverSK, maskedMask, maskedAmount, Ci, exponent):
    ss1, ss2 = ecdh.ecdhretrieve(receiverSK, senderEphemPk)
    mask = MiniNero.sc_sub_keys(maskedMask, ss1)
    CSum = sumCi(Ci)
    bH = MiniNero.subKeys(CSum, MiniNero.scalarmultBase(mask)) #bH = C - aG
    b = MiniNero.sc_sub_keys(maskedAmount, ss2)
    print("received amount:", 10 ** exponent * MiniNero.hexToInt(b))
    H = getHForCT()
    bHTent = MiniNero.scalarmultKey(H, b)
    print(bHTent,"=?", bH)
    if bHTent != bH:
        print("wrong amount sent!")
        return -1
    return 0
Exemple #7
0
def ComputeReceivedAmount(senderEphemPk, receiverSK, maskedMask, maskedAmount,
                          Ci, exponent):
    ss1, ss2 = Ecdh.ecdhRetrieve(receiverSK, senderEphemPk)
    mask = MiniNero.sc_sub_keys(maskedMask, ss1)
    CSum = sumCi(Ci)
    bH = MiniNero.subKeys(CSum, MiniNero.scalarmultBase(mask))  #bH = C - aG
    b = MiniNero.sc_sub_keys(maskedAmount, ss2)
    print("received amount:", 10**exponent * MiniNero.hexToInt(b))
    H = getHForCT()
    bHTent = MiniNero.scalarmultKey(H, b)
    print(bHTent, "=?", bH)
    if bHTent != bH:
        print("wrong amount sent!")
        return -1
    return 0
Exemple #8
0
def rangeProof(C_out_i, masks_i):
    n = len(masks_i)
    I_Proofs = [None] * n
    c0s = [None] * n
    ss = [None] * n
    C_is = [None] * n
    for i in range(0, n):
        C_i = MiniNero.addKeys(
            MiniNero.scalarmultBase(masks_i[i]),
            MiniNero.scalarmultKey(H_ct,
                                   C_out_i[i]))  # masks_i * G + C_out_i * H
        C_i_prime = MiniNero.subKeys(C_i, H_ct)  #C_i - H
        C_is[i] = [C_i_prime, C_i]
        print("generating LLWsig for range proof from Cis, masks, couts",
              C_is[i], masks_i[i], C_out_i[i])
        I_Proofs[i], c0s[i], ss[i] = LLW_Sigs.LLW_Sig(
            C_is[i], masks_i[i], MiniNero.hexToInt(C_out_i[i]))
        #ring sig on the above, with sk masks_i
    return I_Proofs, c0s, ss, C_is
Exemple #9
0
def decodeRct(rv, sk, i):
    #inputs:
    #rctSig is a list [ rangesigs, MG, mixRing, ecdhInfo, outPk] 
    #rangesigs is a list of one rangeproof for each output
    #MG is the mgsig [ss, cc, II] 
    #mixRing is a ctkeyMatrix 
    #ecdhInfo is a list of masks / amounts for each output
    #outPk is a vector of ctkeys (since we have computed the commitment for each amount)    
    #sk is the secret key of the receiver
    #i is the index of the receiver in the rctSig (in case of multiple destinations)
    #outputs: 
    #the amount received
    decodedTuple = ecdhDecode(rv.ecdhInfo[i], sk)
    mask = decodedTuple.mask
    amount = decodedTuple.amount
    C = rv.outPk[i].mask
    H = getHForCT()
    Ctmp = MiniNero.addKeys(MiniNero.scalarmultBase(mask), MiniNero.scalarmultKey(H, amount))
    if (MiniNero.subKeys(C, Ctmp) != MiniNero.identity()): 
        print("warning, amount decoded incorrectly, will be unable to spend")
    return MiniNero.hexToInt(amount)
Exemple #10
0
def decodeRct(rv, sk, i):
    #inputs:
    #rctSig is a list [ rangesigs, MG, mixRing, ecdhInfo, outPk]
    #rangesigs is a list of one rangeproof for each output
    #MG is the mgsig [ss, cc, II]
    #mixRing is a ctkeyMatrix
    #ecdhInfo is a list of masks / amounts for each output
    #outPk is a vector of ctkeys (since we have computed the commitment for each amount)
    #sk is the secret key of the receiver
    #i is the index of the receiver in the rctSig (in case of multiple destinations)
    #outputs:
    #the amount received
    decodedTuple = ecdhDecode(rv.ecdhInfo[i], sk)
    mask = decodedTuple.mask
    amount = decodedTuple.amount
    C = rv.outPk[i].mask
    H = getHForCT()
    Ctmp = MiniNero.addKeys(MiniNero.scalarmultBase(mask),
                            MiniNero.scalarmultKey(H, amount))
    if (MiniNero.subKeys(C, Ctmp) != MiniNero.identity()):
        print("warning, amount decoded incorrectly, will be unable to spend")
    return MiniNero.hexToInt(amount)
Exemple #11
0
def Signature(m, sk):
  #note this seems to return nicely sized version of the signature
  #contrast with, i.e. tweetnacl..
  sk2 = ed25519.encodeint(MiniNero.hexToInt(sk))
  pk = ed25519.publickey(sk2)
  return binascii.hexlify(ed25519.signature(m, sk2, pk))
Exemple #12
0
def HexSigningPubKey(s):
  return binascii.hexlify(ed25519.publickey(ed25519.encodeint(MiniNero.hexToInt(s))))
Exemple #13
0
        t = "fifteen eels reorder sneeze fidget inbound onboard tufts lifestyle rounded lilac opened ascend fonts recipe copy android launching unquoted doctor lids reinvest syllabus five sneeze"
        t = "vinegar bubble bobsled southern godfather toolbox online hoax error pegs dice pamphlet knapsack erase lottery aside myth surfer exotic wipeout idled pelican cell tiger aside"
        t = "aquarium safety null huddle vastness ruined taken hamburger rhythm costume lion cupcake pouch auburn hashing vulture vitals pigment dangerous possible each salads segments fazed vulture"
        t = "aquarium safety null huddle vastness ruined taken hamburger rhythm costume lion cupcake pouch auburn hashing vulture vitals pigment dangerous possible each salads segments fazed vulture"

        t = raw_input("13 or 25 words?")
        a = MiniNero.electrumChecksum(t)
        print(a)
    if sys.argv[1] == "1224":
        #sohuld turn 12 word key to 24
        print("tbd")
        sk = "536313cc0a88457e3d3e5aadda8d204af20e480416cc522ebd5a67df00ce2503"
        print(MiniNero.getAddr(sk))
    if sys.argv[1] == "seed":
        seed = "3c817618dcbfed122a64e592bb441d73300da9123686224a84e0eab1f075117e";
        a = MiniNero.hexToInt(seed)
        b = a // l
        print(b)
    if sys.argv[1] == "HCT":
        for i in [1, 12, 123, 1234, 12345, 123456]:
            A = MiniNero.publicFromInt(i)
            print(i, MiniNero.hashToPoint_ct(A))
    if sys.argv[1] == "RingCTSimple":
        #see below for ring ct with sliding exponents
        exponent = 9
        H_ct = RingCT.getHForCT()
        print("H", H_ct)
        sr, Pr = PaperWallet.skpkGen() #receivers private/ public
        se, pe, ss1, ss2 = Ecdh.ecdhGen(Pr) #compute shared secret ss
        digits = 32 #in practice it could will be 32 (from .0001 monero to ~400k monero) all other amounts can be represented by full 64 if necessary, otherwise you can use the sliding implementation of RingCT given below.
        print("inputs")
def Signature(m, sk):
  sk2 = ed25519.encodeint(MiniNero.hexToInt(sk))
  pk = ed25519.publickey(sk2)
  return binascii.hexlify(ed25519.signature(m, sk2, pk))
def HexSigningPubKey(s):
  return binascii.hexlify(ed25519.publickey(ed25519.encodeint(MiniNero.hexToInt(s))))
def Signature(m, sk):
  #note this seems to return nicely sized version of the signature
  #contrast with, i.e. tweetnacl..
  sk2 = ed25519.encodeint(MiniNero.hexToInt(sk))
  pk = ed25519.publickey(sk2)
  return binascii.hexlify(ed25519.signature(m, sk2, pk))
def Signature(m, sk):
    sk2 = ed25519.encodeint(MiniNero.hexToInt(sk))
    pk = ed25519.publickey(sk2)
    return binascii.hexlify(ed25519.signature(m, sk2, pk))
Exemple #18
0
def in_commitments(input_value, sk, masks):
    #for now, assume there is one input, generalized after get that working
    sum_masks = MiniNero.intToHex(sum([MiniNero.hexToInt(a) for a in masks]))
    z = MiniNero.sc_sub_keys(sk, sum_masks) # z +  sum of input mask values = sk
    C = MiniNero.addKeys(MiniNero.scalarmultBase(sk), MiniNero.scalarmultKey(H_ct, input_value)) #input_value = sum output values
    return C, z #z is the sk you need to sign for this commitment
Exemple #19
0
        t = "fifteen eels reorder sneeze fidget inbound onboard tufts lifestyle rounded lilac opened ascend fonts recipe copy android launching unquoted doctor lids reinvest syllabus five sneeze"
        t = "vinegar bubble bobsled southern godfather toolbox online hoax error pegs dice pamphlet knapsack erase lottery aside myth surfer exotic wipeout idled pelican cell tiger aside"
        t = "aquarium safety null huddle vastness ruined taken hamburger rhythm costume lion cupcake pouch auburn hashing vulture vitals pigment dangerous possible each salads segments fazed vulture"
        t = "aquarium safety null huddle vastness ruined taken hamburger rhythm costume lion cupcake pouch auburn hashing vulture vitals pigment dangerous possible each salads segments fazed vulture"

        t = raw_input("13 or 25 words?")
        a = MiniNero.electrumChecksum(t)
        print(a)
    if sys.argv[1] == "1224":
        #sohuld turn 12 word key to 24
        print("tbd")
        sk = "536313cc0a88457e3d3e5aadda8d204af20e480416cc522ebd5a67df00ce2503"
        print(MiniNero.getAddr(sk))
    if sys.argv[1] == "seed":
        seed = "3c817618dcbfed122a64e592bb441d73300da9123686224a84e0eab1f075117e"
        a = MiniNero.hexToInt(seed)
        b = a // l
        print(b)
    if sys.argv[1] == "HCT":
        for i in [1, 12, 123, 1234, 12345, 123456]:
            A = MiniNero.publicFromInt(i)
            print(i, MiniNero.hashToPoint_ct(A))
    if sys.argv[1] == "RingCTSimple":
        #see below for ring ct with sliding exponents
        exponent = 9
        H_ct = RingCT.getHForCT()
        print("H", H_ct)
        sr, Pr = PaperWallet.skpkGen()  #receivers private/ public
        se, pe, ss1, ss2 = Ecdh.ecdhGen(Pr)  #compute shared secret ss
        digits = 32  #in practice it could will be 32 (from .0001 byterub to ~400k byterub) all other amounts can be represented by full 64 if necessary, otherwise you can use the sliding implementation of RingCT given below.
        print("inputs")