def prove_setup(self, sv, gamma, proof_v8=False):
utils.ensure(len(sv) == len(gamma), "|sv| != |gamma|")
utils.ensure(len(sv) > 0, "sv empty")
self.proof_sec = crypto.random_bytes(64)
self._det_mask_init()
gc.collect()
sv = [crypto.encodeint(x) for x in sv]
gamma = [crypto.encodeint(x) for x in gamma]
M, logM = 1, 0
while M <= _BP_M and M < len(sv):
logM += 1
M = 1 << logM
MN = M * _BP_N
V = _ensure_dst_keyvect(None, len(sv))
for i in range(len(sv)):
add_keys2(tmp_bf_0, gamma[i], sv[i], _XMR_H)
if not proof_v8:
scalarmult_key(tmp_bf_0, tmp_bf_0, _INV_EIGHT)
V.read(i, tmp_bf_0)
aL, aR = self.aX_vcts(sv, MN)
return M, logM, aL, aR, V, gamma
def _compute_tx_key(spend_key_private, tx_prefix_hash):
salt = crypto.random_bytes(32)
rand_mult_num = crypto.random_scalar()
rand_mult = crypto.encodeint(rand_mult_num)
tx_key = misc.compute_tx_key(spend_key_private, tx_prefix_hash, salt, rand_mult_num)
return tx_key, salt, rand_mult
def compute_enc_key_host(view_key_private: Sc25519,
tx_prefix_hash: bytes) -> Tuple[bytes, bytes]:
from apps.monero.xmr import crypto
salt = crypto.random_bytes(32)
passwd = crypto.keccak_2hash(
crypto.encodeint(view_key_private) + tx_prefix_hash)
tx_key = crypto.compute_hmac(salt, passwd)
return tx_key, salt
def _compute_tx_key(spend_key_private, tx_prefix_hash):
salt = crypto.random_bytes(32)
rand_mult_num = crypto.random_scalar()
rand_mult = crypto.encodeint(rand_mult_num)
rand_inp = crypto.sc_add(spend_key_private, rand_mult_num)
passwd = crypto.keccak_2hash(crypto.encodeint(rand_inp) + tx_prefix_hash)
tx_key = crypto.compute_hmac(salt, passwd)
return tx_key, salt, rand_mult
async def _init_step(s, ctx, msg):
s.creds = await misc.get_creds(ctx, msg.address_n, msg.network_type)
await confirms.require_confirm_keyimage_sync(ctx)
s.num_outputs = msg.num
s.expected_hash = msg.hash
s.enc_key = crypto.random_bytes(32)
for sub in msg.subs:
monero.compute_subaddresses(s.creds, sub.account, sub.minor_indices,
s.subaddresses)
return MoneroKeyImageExportInitAck()
