From 729a9e0870797efc7c821ecc7f187c52ad771a35 Mon Sep 17 00:00:00 2001 From: jeffro256 Date: Sun, 8 Dec 2024 03:23:59 -0600 Subject: [PATCH] ringct: cleanup proveRctCLSAGSimple 1. Document parameters 2. Document inner variables 3. Remove dead variables 4. Remove unneseccary allocations --- src/ringct/rctSigs.cpp | 38 +++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/src/ringct/rctSigs.cpp b/src/ringct/rctSigs.cpp index 2d92ba05d4a..36af6032607 100644 --- a/src/ringct/rctSigs.cpp +++ b/src/ringct/rctSigs.cpp @@ -761,15 +761,22 @@ namespace rct { return result; } - clsag proveRctCLSAGSimple(const key &message, const ctkeyV &pubs, const ctkey &inSk, const key &a, const key &Cout, unsigned int index, hw::device &hwdev) { - //setup vars - size_t rows = 1; - size_t cols = pubs.size(); - CHECK_AND_ASSERT_THROW_MES(cols >= 1, "Empty pubs"); - keyV tmp(rows + 1); - keyV sk(rows + 1); - keyM M(cols, tmp); - + /** + * brief: proveRctCLSAGSimple - given a msg, mixring, pseudo out commitment, and private keys, make a CLSAG proof + * param: message - any message we want to sign, but normally a transaction body hash + * param: pubs - AKA mixring, a list of referenced output pubkey and amount commitment tuples { (K_o, C_a), ... } + * param: inSk - (x, c_a) where x is the privkey of pubs[index].dest and c_a is the blinding factor of pubs[index].mask + * param: c_out - the blinding factor for Cout + * param: Cout - AKA the "pseudo amount commitment" + * param: index - the index of our private keys in the mixring + * return: a CLSAG that proves someone with opening knowledge of K_o[k] and C_a[k] (k unknown) signed this message + */ + clsag proveRctCLSAGSimple(const key &message, const ctkeyV &pubs, const ctkey &inSk, const key &c_out, const key &Cout, unsigned int index, hw::device &hwdev) { + CHECK_AND_ASSERT_THROW_MES(!pubs.empty(), "Empty pubs"); + + // P: unmodified output pubkeys K_o + // C: commitments to zero C_0 = C_a - Cout + // C_nonzero: unmodified amount commitments C_a keyV P, C, C_nonzero; P.reserve(pubs.size()); C.reserve(pubs.size()); @@ -783,10 +790,15 @@ namespace rct { C.push_back(tmp); } - sk[0] = copy(inSk.dest); - sc_sub(sk[1].bytes, inSk.mask.bytes, a.bytes); - clsag result = CLSAG_Gen(message, P, sk[0], C, sk[1], C_nonzero, Cout, index, hwdev); - memwipe(sk.data(), sk.size() * sizeof(key)); + // zero_commit_sk: private key of "true" commitment to zero c_0 s.t. C_0[index] = c_0 * G + // c_0 = c_a - c_out where: + // c_a is the true amount commitment blinding factor and + // c_out is the blinding factor of the pseudo amount commitment C_out + key zero_commit_sk; + sc_sub(zero_commit_sk.bytes, inSk.mask.bytes, c_out.bytes); + + clsag result = CLSAG_Gen(message, P, inSk.dest, C, zero_commit_sk, C_nonzero, Cout, index, hwdev); + memwipe(&zero_commit_sk, sizeof(zero_commit_sk)); return result; }