def proveRctMG(pubs, inSk, outSk, outPk, index):
#pubs is a matrix of ctkeys [P, C]
#inSk is the keyvector of [x, mask] secret keys
#outMasks is a keyvector of masks for outputs
#outPk is a list of output ctkeys [P, C]
#index is secret index of where you are signing (integer)
#returns a list (mgsig) [ss, cc, II] where ss is keymatrix, cc is key, II is keyVector of keyimages
#so we are calling MLSAG2.MLSAG_Gen from here, we need a keymatrix made from pubs
#we also need a keyvector made from inSk
rows = len(pubs[0])
cols = len(pubs)
print("rows in mg", rows)
print("cols in mg", cols)
M = MLSAG2.keyMatrix(rows + 1, cols) #just a simple way to initialize a keymatrix, doesn't need to be random..
sk = MLSAG2.keyVector(rows + 1)
for j in range(0, cols):
M[j][rows] = MiniNero.identity()
sk[rows] = MiniNero.sc_0()
for i in range(0, rows):
sk[i] = inSk[i].dest #get the destination part
sk[rows] = MiniNero.sc_add_keys(sk[rows], inSk[i].mask) #add commitment part
for j in range(0, cols):
M[j][i] = pubs[j][i].dest # get the destination part
M[j][rows] = MiniNero.addKeys(M[j][rows], pubs[j][i].mask) #add commitment part
#next need to subtract the commitment part of all outputs..
for j in range(0, len(outSk)):
sk[rows] = MiniNero.sc_sub_keys(sk[rows], outSk[j].mask)
for i in range(0, len(outPk)):
M[j][rows] = MiniNero.subKeys(M[j][rows], outPk[i].mask) # subtract commitment part
MG = mgSig()
MG.II, MG.cc, MG.ss = MLSAG2.MLSAG_Gen(M, sk, index)
return MG #mgSig
def verRctMG(MG, pubs, outPk):
#mg is an mgsig (list [ss, cc, II] of keymatrix ss, keyvector II and key cc]
#pubs is a matrix of ctkeys [P, C]
#outPk is a list of output ctkeys [P, C] for the transaction
#returns true or false
rows = len(pubs[0])
cols = len(pubs)
M = MLSAG2.keyMatrix(rows + 1, cols) #just a simple way to initialize a keymatrix, doesn't need to be random..
for j in range(0, cols):
M[j][rows] = MiniNero.identity()
for i in range(0, rows):
for j in range(0, cols):
M[j][i] = pubs[j][i].dest # get the destination part
M[j][rows] = MiniNero.addKeys(M[j][rows], pubs[j][i].mask) #add commitment part
#next need to subtract the commitment part of all outputs..
for j in range(0, cols):
for i in range(0, len(outPk)):
M[j][rows] = MiniNero.subKeys(M[j][rows], outPk[i].mask) # subtract commitment part
return MLSAG2.MLSAG_Ver(M, MG.II, MG.cc, MG.ss)
def proveRctMG(pubs, inSk, outSk, outPk, index):
#pubs is a matrix of ctkeys [P, C]
#inSk is the keyvector of [x, mask] secret keys
#outMasks is a keyvector of masks for outputs
#outPk is a list of output ctkeys [P, C]
#index is secret index of where you are signing (integer)
#returns a list (mgsig) [ss, cc, II] where ss is keymatrix, cc is key, II is keyVector of keyimages
#so we are calling MLSAG2.MLSAG_Gen from here, we need a keymatrix made from pubs
#we also need a keyvector made from inSk
rows = len(pubs[0])
cols = len(pubs)
print("rows in mg", rows)
print("cols in mg", cols)
M = MLSAG2.keyMatrix(
rows + 1, cols
) #just a simple way to initialize a keymatrix, doesn't need to be random..
sk = MLSAG2.keyVector(rows + 1)
for j in range(0, cols):
M[j][rows] = MiniNero.identity()
sk[rows] = MiniNero.sc_0()
for i in range(0, rows):
sk[i] = inSk[i].dest #get the destination part
sk[rows] = MiniNero.sc_add_keys(sk[rows],
inSk[i].mask) #add commitment part
for j in range(0, cols):
M[j][i] = pubs[j][i].dest # get the destination part
M[j][rows] = MiniNero.addKeys(
M[j][rows], pubs[j][i].mask) #add commitment part
#next need to subtract the commitment part of all outputs..
for j in range(0, len(outSk)):
sk[rows] = MiniNero.sc_sub_keys(sk[rows], outSk[j].mask)
for i in range(0, len(outPk)):
M[j][rows] = MiniNero.subKeys(
M[j][rows], outPk[i].mask) # subtract commitment part
MG = mgSig()
MG.II, MG.cc, MG.ss = MLSAG2.MLSAG_Gen(M, sk, index)
return MG #mgSig
def verRctMG(MG, pubs, outPk):
#mg is an mgsig (list [ss, cc, II] of keymatrix ss, keyvector II and key cc]
#pubs is a matrix of ctkeys [P, C]
#outPk is a list of output ctkeys [P, C] for the transaction
#returns true or false
rows = len(pubs[0])
cols = len(pubs)
M = MLSAG2.keyMatrix(
rows + 1, cols
) #just a simple way to initialize a keymatrix, doesn't need to be random..
for j in range(0, cols):
M[j][rows] = MiniNero.identity()
for i in range(0, rows):
for j in range(0, cols):
M[j][i] = pubs[j][i].dest # get the destination part
M[j][rows] = MiniNero.addKeys(
M[j][rows], pubs[j][i].mask) #add commitment part
#next need to subtract the commitment part of all outputs..
for j in range(0, cols):
for i in range(0, len(outPk)):
M[j][rows] = MiniNero.subKeys(
M[j][rows], outPk[i].mask) # subtract commitment part
return MLSAG2.MLSAG_Ver(M, MG.II, MG.cc, MG.ss)
for i in range(0, N):
x[j][i] = PaperWallet.skGen()
P[j][i] = MiniNero.scalarmultBase(x[j][i])
sk[j] = x[j][ind]
print("x", x)
II, cc, ss = MLSAG.MLSAG_Sign(P, sk, ind)
print("Sig verified?", MLSAG.MLSAG_Ver(P, II, cc, ss) )
if sys.argv[1] == "MLSAG2":
#below is example usage. Uncomment each line for testing
rows = 3 #cols
cols = 3 #rows
ind = 1
x = MLSAG2.skmGen(rows, cols)
sk = x[ind]
P = MLSAG2.keyMatrix(rows, cols)
for i in range(0, cols):
P[i] = MLSAG2.vScalarMultBase(x[i])
II, cc, ss = MLSAG2.MLSAG_Gen(P, sk, ind)
print("I", II)
print("c0", cc)
print("s", ss)
print("Sig verified?", MLSAG2.MLSAG_Ver(P, II, cc, ss) )
if sys.argv[1]== "MLSAGc":
P = [["4a199991d80915f99870b702fb6b3fa7b127853c4ed12ac2bb071534b9b5dee6","86e2c2ec0262c465749fdb1940de954d87d1e6b96beda093bc185f329e157c53","e9e83e74299bd3cdad4c87c6548dba859680000740660d1f783486d4cafef79f"],["78656dbba0fdfd14fc99b4da8b73c81314b9e65eeaa4eac510ca4dd28bae63a0","987f7b1b498e6ec25ad2ce304300388396a374721a24602b16905eeeb9a42fb0","b1a9c583747a8815fa7a80452efb4f93042dc64db08b3d2f7ac5016ea2b882eb"],["d3ef77673ee441b2ca3b1f9e7f628df9f6306d89d8c5155c3c6ee4c9f5f51408","5423f77332aa6a015ddc70a82e27fe52c68ab47e08b5c07d03641194de4ea1fb","ec564efa1511f73f91649d942fff0921763e4be37ee114036bd584f7a8fb9fd9"]]
cc = "cd12f7147c6c01dee58be3338244b6f386806020e2d266a6aac68a4ab4bfb28b"
II = ["352d19bc0ab8b45241dc23c27c4598791d4e23cd370198aea8eee8c7b5eb7b1d","8e2bca011d5b1fadde79dee44329545ca903b7bd299c4719e7593ad096e96141","5c6fad47d9ec734dab1139c40d4f11482e3d1f76585643520697a17f687a5962"]
ss = [["e26f3115a50a2a25f1ec9582a4f4058f7f5c1b3f467cc38b0e882df7f93d6d0a","6b20f43b1f3c56ff3070b1a9a4612c808c35787a26243f5c046e283ff1b68f09","5091182154ad97d33c8210954b0570ccf95e8bedc5c6c193bde7d562bd9dc20a"],["ac297d01a6923e1c79d0fff82ecbfe0ae6ce515ef2b0dbc7e6b2f6542b99a404","c5371c10d7e7071ce3b3016db65bb29194e91a09cf428237fcf4037de74b5d03","a357b1453acd01fa101593994f60014f8ee7657921690bb4dfb0cfc41ef20802"],["a4a6ceb8454754ad32c987bcc56a03432155b47315f8805a3577a0470b0b330d","0ec6b71c2c6ba34d34bc3ea27e6813091fb3a90dc261a77fc9f46068bb1a3b09","41417b047353352e145fd3e65fe1e51e95081a64e9fda561060167e132c5e602"]]
rows = 3 #cols
for i in range(0, N):
x[j][i] = PaperWallet.skGen()
P[j][i] = MiniNero.scalarmultBase(x[j][i])
sk[j] = x[j][ind]
print("x", x)
II, cc, ss = MLSAG.MLSAG_Sign(P, sk, ind)
print("Sig verified?", MLSAG.MLSAG_Ver(P, II, cc, ss))
if sys.argv[1] == "MLSAG2":
#below is example usage. Uncomment each line for testing
rows = 3 #cols
cols = 3 #rows
ind = 1
x = MLSAG2.skmGen(rows, cols)
sk = x[ind]
P = MLSAG2.keyMatrix(rows, cols)
for i in range(0, cols):
P[i] = MLSAG2.vScalarMultBase(x[i])
II, cc, ss = MLSAG2.MLSAG_Gen(P, sk, ind)
print("I", II)
print("c0", cc)
print("s", ss)
print("Sig verified?", MLSAG2.MLSAG_Ver(P, II, cc, ss))
if sys.argv[1] == "MLSAGc":
P = [[
"4a199991d80915f99870b702fb6b3fa7b127853c4ed12ac2bb071534b9b5dee6",
"86e2c2ec0262c465749fdb1940de954d87d1e6b96beda093bc185f329e157c53",
"e9e83e74299bd3cdad4c87c6548dba859680000740660d1f783486d4cafef79f"
],
[