def proveRange(amount): bb = d2b(amount, ATOMS) #gives binary form of bb in "digits" binary digits print("amount, amount in binary", amount, bb) ai = [None] * len(bb) Ci = [None] * len(bb) CiH = [None] * len(bb) #this is like Ci - 2^i H H2 = getH2ForCT() a = MiniNero.sc_0() ii = [None] * len(bb) indi = [None] * len(bb) for i in range(0, ATOMS): ai[i] = PaperWallet.skGen() a = MiniNero.addScalars( a, ai[i] ) #creating the total mask since you have to pass this to receiver... if bb[i] == 0: Ci[i] = MiniNero.scalarmultBase(ai[i]) if bb[i] == 1: Ci[i] = MiniNero.addKeys(MiniNero.scalarmultBase(ai[i]), H2[i]) CiH[i] = MiniNero.subKeys(Ci[i], H2[i]) A = asnlSig() A.L1, A.s2, A.s = AggregateSchnorr.GenASNL(ai, Ci, CiH, bb) R = rangeSig() R.asig = A R.Ci = Ci mask = a C = sumCi(Ci) return C, mask, R
def proveRange(amount): bb = d2b(amount, ATOMS) #gives binary form of bb in "digits" binary digits print("amount, amount in binary", amount, bb) ai = [None] * len(bb) Ci = [None] * len(bb) CiH = [None] * len(bb) #this is like Ci - 2^i H H2 = getH2ForCT() a = MiniNero.sc_0() ii = [None] * len(bb) indi = [None] * len(bb) for i in range(0, ATOMS): ai[i] = PaperWallet.skGen() a = MiniNero.addScalars(a, ai[i]) #creating the total mask since you have to pass this to receiver... if bb[i] == 0: Ci[i] = MiniNero.scalarmultBase(ai[i]) if bb[i] == 1: Ci[i] = MiniNero.addKeys(MiniNero.scalarmultBase(ai[i]), H2[i]) CiH[i] = MiniNero.subKeys(Ci[i], H2[i]) A = asnlSig() A.L1, A.s2, A.s = AggregateSchnorr.GenASNL(ai, Ci, CiH, bb) R = rangeSig() R.asig = A R.Ci = Ci mask = a C = sumCi(Ci) return C, mask, R
def LLW_Sig(pk, xx, index): n = len(pk) print("Generating LLW sig of length ", n) L = [None] * n R = [None] * n c = [None] * n s = [PaperWallet.skGen() for i in range(0, n)] HP = [MiniNero.hashToPoint_ct(i) for i in pk] pj = ''.join(pk) keyimage = keyImage(xx) #ok s[index] = MiniNero.mul_8(s[index]) L[index] = MiniNero.scalarmultBase(s[index]) R[index] = MiniNero.scalarmultKey(HP[index], s[index]) #aH j = (index + 1) % n c[j] = MiniNero.cn_fast_hash(pj + L[index] + R[index]) while j != index: L[j] = MiniNero.addKeys(MiniNero.scalarmultBase(s[j]), MiniNero.scalarmultKey(pk[j], c[j])) #Lj = sG + cxG R[j] = MiniNero.addKeys(MiniNero.scalarmultKey(HP[j], s[j]), MiniNero.scalarmultKey(keyimage, c[j])) #Rj = sH + cxH cj = (j + 1) % n c[cj] = MiniNero.cn_fast_hash(pj + L[j] + R[j]) #c j+1 = H(pk + Lj + Rj j = cj #increment j s[index] = MiniNero.sc_mulsub_keys(s[index], c[index], xx) #si = a - c x so a = s + c x print("sigma = ", keyimage, c[0], s[:]) return keyimage, c[0], s[:]
def GenSchnorrNonLinkable(x, P1, P2, index): if index == 0: a = PaperWallet.skGen() L1 = MiniNero.scalarmultBase(a) s2 = PaperWallet.skGen() c2 = MiniNero.cn_fast_hash(L1) L2 = MiniNero.addKeys(MiniNero.scalarmultBase(s2), MiniNero.scalarmultKey(P2, c2)) c1 = MiniNero.cn_fast_hash(L2) s1 = MiniNero.sc_mulsub_keys(a, x, c1) if index == 1: a = PaperWallet.skGen() L2 = MiniNero.scalarmultBase(a) s1 = PaperWallet.skGen() c1 = MiniNero.cn_fast_hash(L2) L1 = MiniNero.addKeys(MiniNero.scalarmultBase(s1), MiniNero.scalarmultKey(P1, c1)) c2 = MiniNero.cn_fast_hash(L1) s2 = MiniNero.sc_mulsub_keys(a, x, c2) return L1, s1, s2,
def MLSAG_Sign(pk, xx, index): rows = len(xx) cols = len(pk[0]) print("Generating MLSAG sig of dimensions ",rows ,"x ", cols) L = [[None] * cols] #list of keyvectors? except it's indexed by cols... it's kind of internal actually R = [[None] * cols] s = [[PaperWallet.skGen() for i in range(0, cols)] ] #first index is rows, second is cols, wonder if I should switch that.. HP = [[MiniNero.hashToPoint_cn(i) for i in pk[0]]] pj = ''.join(pk[0]) for i in range(1, rows): L.append([None] * cols) R.append([None] * cols) s.append([PaperWallet.skGen() for j in range(0, cols)]) HP.append([MiniNero.hashToPoint_cn(j) for j in pk[i]]) pj = pj + ''.join(pk[i]) c= [None] * cols #1-dimensional keyimage = keyImage(xx, rows) #ok for i in range(0, rows): L[i][index] = MiniNero.scalarmultBase(s[i][index]) #aG R[i][index] = MiniNero.scalarmultKey(HP[i][index], s[i][index]) #aH j = (index + 1) % cols tohash = pj for i in range(0, rows): tohash = tohash + L[i][index] + R[i][index] c[j] = MiniNero.cn_fast_hash(tohash) while j != index: tohash = pj for i in range(0, rows): L[i][j] = MiniNero.addKeys(MiniNero.scalarmultBase(s[i][j]), MiniNero.scalarmultKey(pk[i][j], c[j])) #Lj = sG + cxG R[i][j] = MiniNero.addKeys(MiniNero.scalarmultKey(HP[i][j], s[i][j]), MiniNero.scalarmultKey(keyimage[i], c[j])) #Rj = sH + cxH tohash = tohash + L[i][j] + R[i][j] j = (j + 1) % cols c[j] = MiniNero.cn_fast_hash(tohash) for i in range(0, rows): s[i][index] = MiniNero.sc_mulsub_keys(s[i][index], c[index], xx[i]) #si = a - c x so a = s + c x return keyimage, c[0], s
def out_commitments(values): #do this first n = len(values) values2 = [None] * n for i in range(0, n): values2[i] = [MiniNero.intToHex(j) for j in binary(MiniNero.hexToInt(values[i]))] #returns a list of commitments C_i = y_iG + value_i * H for outputs (these masks are created randomly) masks = [None] * n sumMasks = [None] * n for i in range(0, n): masks[i] = [PaperWallet.skGen() for jj in values2[i]] #binary decomposition for range proofs (could also use another base) sumMasks[i] = MiniNero.intToHex(sum([MiniNero.hexToInt(a) for a in masks[i]])) #sum is what actually goes into the ring.. C = [None] * n for i in range(0, n): C[i] = MiniNero.addKeys(MiniNero.scalarmultBase(sumMasks[i]), MiniNero.scalarmultKey(H_ct, values[i])) return C, masks, sumMasks, values2
def genRangeProof(b, digits): bb = binary(b, digits) #gives binary form of bb in "digits" binary digits print("b, b in binary", b, bb) ai = [None] * len(bb) Ci = [None] * len(bb) CiH = [None] * len(bb) #this is like Ci - 2^i H a = MiniNero.intToHex(0) ii = [None] * len(bb) indi = [None] * len(bb) for i in range(0, len(bb)): ai[i] = PaperWallet.skGen() a = MiniNero.addScalars(a, ai[i]) #creating the total mask since you have to pass this to receiver... Ci[i] = MiniNero.addKeys(MiniNero.scalarmultBase(ai[i]), MiniNero.scalarmultKey(getHForCT(), MiniNero.intToHex(bb[i] * 2 ** i))) CiH[i] = MiniNero.subKeys(Ci[i], MiniNero.scalarmultKey(getHForCT(), MiniNero.intToHex(2 ** i))) L1, s2, s = AggregateSchnorr.GenASNL(ai, Ci, CiH, bb) return sumCi(Ci), Ci, L1, s2, s, a
def out_commitments(values): #do this first n = len(values) values2 = [None] * n for i in range(0, n): values2[i] = [ MiniNero.intToHex(j) for j in binary(MiniNero.hexToInt(values[i])) ] #returns a list of commitments C_i = y_iG + value_i * H for outputs (these masks are created randomly) masks = [None] * n sumMasks = [None] * n for i in range(0, n): masks[i] = [ PaperWallet.skGen() for jj in values2[i] ] #binary decomposition for range proofs (could also use another base) sumMasks[i] = MiniNero.intToHex( sum([MiniNero.hexToInt(a) for a in masks[i] ])) #sum is what actually goes into the ring.. C = [None] * n for i in range(0, n): C[i] = MiniNero.addKeys(MiniNero.scalarmultBase(sumMasks[i]), MiniNero.scalarmultKey(H_ct, values[i])) return C, masks, sumMasks, values2
def genRangeProof(b, digits): bb = binary(b, digits) #gives binary form of bb in "digits" binary digits print("b, b in binary", b, bb) ai = [None] * len(bb) Ci = [None] * len(bb) CiH = [None] * len(bb) #this is like Ci - 2^i H a = MiniNero.intToHex(0) ii = [None] * len(bb) indi = [None] * len(bb) for i in range(0, len(bb)): ai[i] = PaperWallet.skGen() a = MiniNero.addScalars( a, ai[i] ) #creating the total mask since you have to pass this to receiver... Ci[i] = MiniNero.addKeys( MiniNero.scalarmultBase(ai[i]), MiniNero.scalarmultKey(getHForCT(), MiniNero.intToHex(bb[i] * 2**i))) CiH[i] = MiniNero.subKeys( Ci[i], MiniNero.scalarmultKey(getHForCT(), MiniNero.intToHex(2**i))) L1, s2, s = ASNL.GenASNL(ai, Ci, CiH, bb) return sumCi(Ci), Ci, L1, s2, s, a
def LLW_Sig(pk, xx, index ): n = len(pk) print("Generating LLW sig of length ", n) L = [None] * n R = [None] * n c= [None] * n s = [PaperWallet.skGen() for i in range(0, n)] HP = [MiniNero.hashToPoint_ct(i) for i in pk] pj = ''.join(pk) keyimage = keyImage(xx) #ok s[index] = MiniNero.mul_8(s[index]) L[index] = MiniNero.scalarmultBase(s[index]) R[index] = MiniNero.scalarmultKey(HP[index], s[index]) #aH j = (index + 1) % n c[j] = MiniNero.cn_fast_hash(pj+L[index]+R[index]) while j != index: L[j] = MiniNero.addKeys(MiniNero.scalarmultBase(s[j]), MiniNero.scalarmultKey(pk[j], c[j])) #Lj = sG + cxG R[j] = MiniNero.addKeys(MiniNero.scalarmultKey(HP[j], s[j]), MiniNero.scalarmultKey(keyimage, c[j])) #Rj = sH + cxH cj = (j + 1) % n c[cj] = MiniNero.cn_fast_hash(pj + L[j] + R[j]) #c j+1 = H(pk + Lj + Rj j = cj #increment j s[index] = MiniNero.sc_mulsub_keys(s[index], c[index], xx) #si = a - c x so a = s + c x print("sigma = ", keyimage, c[0], s[:]) return keyimage, c[0], s[:]
print(ASNL.VerSchnorrNonLinkable(P1, P2, L1, s1, s2)) print("") print("This one should NOT verify!") print(ASNL.VerSchnorrNonLinkable(P1, P3, L1, s1, s2)) #ASNL true one, false one, C != sum Ci, and one out of the range.. print("\n\n\nTesting ASNL") N = 10 x = [None] * N P1 = [None] * N P2 = [None] * N indi = [None] * N for j in range(0, N): indi[j] = rand.getrandbits(1) x[j] = PaperWallet.skGen() if indi[j] == 0: P1[j] = MiniNero.scalarmultBase(x[j]) P2[j] = PaperWallet.pkGen() else: P2[j] = MiniNero.scalarmultBase(x[j]) P1[j] = PaperWallet.pkGen() L1, s2, s = ASNL.GenASNL(x, P1, P2, indi) #true one print("This one should verify!") ASNL.VerASNL(P1, P2, L1, s2, s) #false one indi[3] = (indi[3] + 1) % 2 print("") print("This one should NOT verify!")
for i in range(0, n): C_i = MiniNero.addKeys(MiniNero.scalarmultBase(masks_i[i]), MiniNero.scalarmultKey(H_ct, C_out_i[i])) # masks_i * G + C_out_i * H C_i_prime = MiniNero.subKeys(C_i, H_ct) #C_i - H C_is[i] = [C_i_prime, C_i] print("generating LLWsig for range proof from Cis, masks, couts", C_is[i], masks_i[i], C_out_i[i]) I_Proofs[i], c0s[i], ss[i] = LLW_Sigs.LLW_Sig(C_is[i], masks_i[i], MiniNero.hexToInt(C_out_i[i])) #ring sig on the above, with sk masks_i return I_Proofs, c0s, ss, C_is H_ct = getHForCT() print("H", H_ct) a = MiniNero.intToHex(49) b1 = MiniNero.intToHex(30) b2 = MiniNero.intToHex(20) x_priv = PaperWallet.skGen() #our private key x_commit = PaperWallet.skGen() # our private commitment key #x_commit = x_priv #do with x_priv = x_commit first... , then modify by adding another mask Pk1 = MiniNero.scalarmultBase(x_priv) #our public key Pk2 = MiniNero.scalarmultBase(PaperWallet.skGen()) #other sk (we don't know it print("xpriv, Pk1, Pk2", x_priv, Pk1, Pk2) C_out, out_masks, sumMasks, values2 = out_commitments([b1, b2]) #testing rangeProofs print("testing range proofs") I_proofs, c0s, ss, Ci_s = rangeProof(values2[0], out_masks[0]) print("Iproofs, c0s, ss", I_proofs, c0s, ss) print("C_out, outmasks", C_out, sumMasks) C_in, z = in_commitments(a, x_commit, sumMasks)
xmr_addr = destination xmr_pid = pid bitmonerod.send(xmr_addr, float(xmr_amount), xmr_pid, 3) return ('sent') if __name__ == '__main__': #check if api pubkey is created, if not create it: if(os.path.isfile('MiniNeroPubKey.py')): from MiniNeroPubKey import * try: MiniNeroPk except NameError: MiniNeroSk= PaperWallet.skGen() MiniNeroPk= HexSigningPubKey(MiniNeroSk) print("Your new api secret key is:") print(MiniNeroSk) print("You should save this in a password manager") print("Your pubkey will be stored in MiniNeroPubKey.py") f = open('MiniNeroPubKey.py', 'w') f.write("MiniNeroPk = \'"+MiniNeroPk+"\'") print("Your MiniNeroServer PubKey is:") print(MiniNeroPk) lasttime = 0 #Launch Cherry Server cherrypy.tree.mount( MiniNeroServer(), '/api/mininero',
C_is[i] = [C_i_prime, C_i] print("generating LLWsig for range proof from Cis, masks, couts", C_is[i], masks_i[i], C_out_i[i]) I_Proofs[i], c0s[i], ss[i] = LLW_Sigs.LLW_Sig( C_is[i], masks_i[i], MiniNero.hexToInt(C_out_i[i])) #ring sig on the above, with sk masks_i return I_Proofs, c0s, ss, C_is H_ct = getHForCT() print("H", H_ct) a = MiniNero.intToHex(49) b1 = MiniNero.intToHex(30) b2 = MiniNero.intToHex(20) x_priv = PaperWallet.skGen() #our private key x_commit = PaperWallet.skGen() # our private commitment key #x_commit = x_priv #do with x_priv = x_commit first... , then modify by adding another mask Pk1 = MiniNero.scalarmultBase(x_priv) #our public key Pk2 = MiniNero.scalarmultBase(PaperWallet.skGen()) #other sk (we don't know it print("xpriv, Pk1, Pk2", x_priv, Pk1, Pk2) C_out, out_masks, sumMasks, values2 = out_commitments([b1, b2]) #testing rangeProofs print("testing range proofs") I_proofs, c0s, ss, Ci_s = rangeProof(values2[0], out_masks[0]) print("Iproofs, c0s, ss", I_proofs, c0s, ss) print("C_out, outmasks", C_out, sumMasks) C_in, z = in_commitments(a, x_commit, sumMasks)
RingCT.ComputeReceivedAmount(pe, sr, MiniNero.addScalars(ss1, skc), MiniNero.addScalars(ss2, MiniNero.intToHex(c)), Cic, 9) if sys.argv[1] == "MLSAG": #below is example usage. Uncomment each line for testing N = 3 #cols R = 3 #rows x = [[None]*N] #just used to generate test public keys sk = [None] * R #vector of secret keys P = [[None]*N] #stores the public keys ind = 2 for j in range(0, R): if j > 0: x.append([None]*N) P.append([None]*N) for i in range(0, N): x[j][i] = PaperWallet.skGen() P[j][i] = MiniNero.scalarmultBase(x[j][i]) sk[j] = x[j][ind] print("Private key x: ", x) print("Public key P: ", P) II, cc, ss = MLSAG.MLSAG_Sign(P, sk, ind) print("MLSAG Signature:", II, cc, ss) print("Sig verified?", MLSAG.MLSAG_Ver(P, II, cc, ss) ) if sys.argv[1] == "MLSAG2": #below is example usage. Uncomment each line for testing rows = 3 #cols cols = 3 #rows ind = 1 x = MLSAG2.skmGen(rows, cols) sk = x[ind]
RingCT.ComputeReceivedAmount(pe, sr, MiniNero.addScalars(ss1, skc), MiniNero.addScalars(ss2, MiniNero.intToHex(c)), Cic, 9) if sys.argv[1] == "MLSAG": #below is example usage. Uncomment each line for testing N = 3 #cols R = 3 #rows x = [[None]*N] #just used to generate test public keys sk = [None] * R #vector of secret keys P = [[None]*N] #stores the public keys ind = 2 for j in range(0, R): if j > 0: x.append([None]*N) P.append([None]*N) for i in range(0, N): x[j][i] = PaperWallet.skGen() P[j][i] = MiniNero.scalarmultBase(x[j][i]) sk[j] = x[j][ind] print("x", x) II, cc, ss = MLSAG.MLSAG_Sign(P, sk, ind) print("Sig verified?", MLSAG.MLSAG_Ver(P, II, cc, ss) ) if sys.argv[1] == "MLSAG2": #below is example usage. Uncomment each line for testing rows = 3 #cols cols = 3 #rows ind = 1 x = MLSAG2.skmGen(rows, cols) sk = x[ind] P = MLSAG2.keyMatrix(rows, cols) for i in range(0, cols):
if (ver) : #create xmr2 order async, return uuid uuid, xmr_amount, xmr_addr, xmr_pid = SimpleXMR2.btc2xmr(destination, amount) bitmonerod.send(xmr_addr, float(xmr_amount), xmr_pid, 3) return ('order uuid: '+uuid) if __name__ == '__main__': #check if api pubkey is created, if not create it: if(os.path.isfile('MiniNeroPubKey.py')): from MiniNeroPubKey import * try: MiniNeroPk except NameError: MiniNeroSk= PaperWallet.skGen() MiniNeroPk= HexSigningPubKey(MiniNeroSk) print("Your new api secret key is:") print(MiniNeroSk) print("You should save this in a password manager") print("Your pubkey will be stored in MiniNeroPubKey.py") f = open('MiniNeroPubKey.py', 'w') f.write("MiniNeroPk = \'"+MiniNeroPk+"\'") print("Your MiniNeroServer PubKey is:") print(MiniNeroPk) #Launch Cherry Server cherrypy.tree.mount( MiniNeroServer(), '/api/mininero', {'/': {'request.dispatch': cherrypy.dispatch.MethodDispatcher()}
def skvGen(n): return [PaperWallet.skGen() for i in range(0, n)]
MiniNero.addScalars(ss2, MiniNero.intToHex(c)), Cic, 9) if sys.argv[1] == "MLSAG": #below is example usage. Uncomment each line for testing N = 3 #cols R = 3 #rows x = [[None] * N] #just used to generate test public keys sk = [None] * R #vector of secret keys P = [[None] * N] #stores the public keys ind = 2 for j in range(0, R): if j > 0: x.append([None] * N) P.append([None] * N) for i in range(0, N): x[j][i] = PaperWallet.skGen() P[j][i] = MiniNero.scalarmultBase(x[j][i]) sk[j] = x[j][ind] print("x", x) II, cc, ss = MLSAG.MLSAG_Sign(P, sk, ind) print("Sig verified?", MLSAG.MLSAG_Ver(P, II, cc, ss)) if sys.argv[1] == "MLSAG2": #below is example usage. Uncomment each line for testing rows = 3 #cols cols = 3 #rows ind = 1 x = MLSAG2.skmGen(rows, cols) sk = x[ind] P = MLSAG2.keyMatrix(rows, cols) for i in range(0, cols):