carrot_core draft Nov 8

.gitmodules

@@ -14,3 +14,6 @@
 	path = external/supercop
 	url = https://github.com/monero-project/supercop
 	branch = monero
+[submodule "external/mx25519"]
+	path = external/mx25519
+	url = https://github.com/tevador/mx25519

CMakeLists.txt

@@ -377,6 +377,7 @@ if(NOT MANUAL_SUBMODULES)
     check_submodule(external/trezor-common)
     check_submodule(external/randomx)
     check_submodule(external/supercop)
+    check_submodule(external/mx25519)
   endif()
 endif()
 
@@ -463,7 +464,7 @@ elseif(CMAKE_SYSTEM_NAME MATCHES ".*BSDI.*")
   set(BSDI TRUE)
 endif()
 
-include_directories(external/rapidjson/include external/easylogging++ src contrib/epee/include external external/supercop/include)
+include_directories(external/rapidjson/include external/easylogging++ src contrib/epee/include external external/supercop/include external/mx25519/include)
 
 if(APPLE)
   cmake_policy(SET CMP0042 NEW)

external/CMakeLists.txt

@@ -70,3 +70,4 @@ add_subdirectory(db_drivers)
 add_subdirectory(easylogging++)
 add_subdirectory(qrcodegen)
 add_subdirectory(randomx EXCLUDE_FROM_ALL)
+add_subdirectory(mx25519)

src/CMakeLists.txt

@@ -83,6 +83,7 @@ endfunction ()
 include(Version)
 monero_add_library(version SOURCES ${CMAKE_BINARY_DIR}/version.cpp DEPENDS genversion)
 
+add_subdirectory(carrot_core)
 add_subdirectory(common)
 add_subdirectory(crypto)
 add_subdirectory(ringct)

src/carrot_core/CMakeLists.txt

@@ -0,0 +1,58 @@
+# Copyright (c) 2024, The Monero Project
+#
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification, are
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this list of
+#    conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice, this list
+#    of conditions and the following disclaimer in the documentation and/or other
+#    materials provided with the distribution.
+#
+# 3. Neither the name of the copyright holder nor the names of its contributors may be
+#    used to endorse or promote products derived from this software without specific
+#    prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+set(carrot_core_sources
+  account_secrets.cpp
+  address_utils.cpp
+  carrot_enote_scan.cpp
+  core_types.cpp
+  destination.cpp
+  enote_utils.cpp
+  hash_functions.cpp
+  payment_proposal.cpp)
+
+monero_find_all_headers(carrot_core_headers, "${CMAKE_CURRENT_SOURCE_DIR}")
+
+monero_add_library(carrot_core
+  ${carrot_core_sources}
+  ${carrot_core_headers})
+
+target_link_libraries(carrot_core
+  PUBLIC
+    cncrypto
+    epee
+    ringct
+    seraphis_crypto
+  PRIVATE
+    ${EXTRA_LIBRARIES})
+
+target_include_directories(carrot_core
+  PUBLIC
+    "${CMAKE_CURRENT_SOURCE_DIR}"
+  PRIVATE
+    ${Boost_INCLUDE_DIRS})

src/carrot_core/account_secrets.cpp

@@ -0,0 +1,102 @@
+// Copyright (c) 2022, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+//paired header
+#include "account_secrets.h"
+
+//local headers
+#include "config.h"
+#include "crypto/generators.h"
+#include "hash_functions.h"
+#include "ringct/rctOps.h"
+#include "transcript_fixed.h"
+
+//third party headers
+
+//standard headers
+
+#undef MONERO_DEFAULT_LOG_CATEGORY
+#define MONERO_DEFAULT_LOG_CATEGORY "carrot"
+
+namespace carrot
+{
+//-------------------------------------------------------------------------------------------------------------------
+void make_carrot_provespend_key(const crypto::secret_key &s_master,
+    crypto::secret_key &k_prove_spend_out)
+{
+    // k_ps = H_n(s_m)
+    const auto transcript = sp::make_fixed_transcript<CARROT_DOMAIN_SEP_PROVE_SPEND_KEY>();
+    derive_scalar(transcript.data(), transcript.size, &s_master, to_bytes(k_prove_spend_out));
+}
+//-------------------------------------------------------------------------------------------------------------------
+void make_carrot_viewbalance_secret(const crypto::secret_key &s_master,
+    crypto::secret_key &s_view_balance_out)
+{
+    // s_vb = H_32(s_m)
+    const auto transcript = sp::make_fixed_transcript<CARROT_DOMAIN_SEP_VIEW_BALANCE_SECRET>();
+    derive_bytes_32(transcript.data(), transcript.size, &s_master, to_bytes(s_view_balance_out));
+}
+//-------------------------------------------------------------------------------------------------------------------
+void make_carrot_generateimage_key(const crypto::secret_key &s_view_balance,
+    crypto::secret_key &k_generate_image_out)
+{
+    // k_gi = H_n(s_vb)
+    const auto transcript = sp::make_fixed_transcript<CARROT_DOMAIN_SEP_GENERATE_IMAGE_KEY>();
+    derive_scalar(transcript.data(), transcript.size, &s_view_balance, to_bytes(k_generate_image_out));
+}
+//-------------------------------------------------------------------------------------------------------------------
+void make_carrot_viewincoming_key(const crypto::secret_key &s_view_balance,
+    crypto::secret_key &k_view_out)
+{
+    // k_v = H_n(s_vb)
+    const auto transcript = sp::make_fixed_transcript<CARROT_DOMAIN_SEP_INCOMING_VIEW_KEY>();
+    derive_scalar(transcript.data(), transcript.size, &s_view_balance, to_bytes(k_view_out));
+}
+//-------------------------------------------------------------------------------------------------------------------
+void make_carrot_generateaddress_secret(const crypto::secret_key &s_view_balance,
+    crypto::secret_key &s_generate_address_out)
+{
+    // s_ga = H_32(s_vb)
+    const auto transcript = sp::make_fixed_transcript<CARROT_DOMAIN_SEP_GENERATE_ADDRESS_SECRET>();
+    derive_bytes_32(transcript.data(), transcript.size, &s_view_balance, to_bytes(s_generate_address_out));
+}
+//-------------------------------------------------------------------------------------------------------------------
+void make_carrot_spend_pubkey(const crypto::secret_key &k_generate_image,
+    const crypto::secret_key &k_prove_spend,
+    crypto::public_key &spend_pubkey_out)
+{
+    // k_ps T
+    rct::key tmp;
+    rct::scalarmultKey(tmp, rct::pk2rct(crypto::get_T()), rct::sk2rct(k_prove_spend));
+
+    // K_s = k_gi G + k_ps T
+    rct::addKeys1(tmp, rct::sk2rct(k_generate_image), tmp);
+    spend_pubkey_out = rct::rct2pk(tmp);
+}
+//-------------------------------------------------------------------------------------------------------------------
+} //namespace carrot

src/carrot_core/account_secrets.h

@@ -0,0 +1,103 @@
+// Copyright (c) 2022, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+////
+// Core implementation details for making Carrot privkeys, secrets, and pubkeys.
+// - Carrot is a specification for FCMP-RingCT compatible addressing
+//
+// references:
+// * https://github.com/jeffro256/carrot/blob/master/carrot.md
+///
+
+#pragma once
+
+//local headers
+#include "crypto/crypto.h"
+
+//third party headers
+
+//standard headers
+
+//forward declarations
+
+
+namespace carrot
+{
+
+/**
+* brief: make_carrot_provespend_key - prove-spend key, for signing input proofs to spend enotes
+*   k_ps = H_n(s_m)
+* param: s_master - s_m
+* outparam: k_prove_spend_out - k_ps
+*/
+void make_carrot_provespend_key(const crypto::secret_key &s_master,
+    crypto::secret_key &k_prove_spend_out);
+/**
+* brief: make_carrot_viewbalance_secret - view-balance secret, for viewing all balance information
+*   s_vb = H_n(s_m)
+* param: s_master - s_m
+* outparam: s_view_balance_out - s_vb
+*/
+void make_carrot_viewbalance_secret(const crypto::secret_key &s_master,
+    crypto::secret_key &s_view_balance_out);
+/**
+* brief: make_carrot_generateimage_key - generate-image key, for identifying enote spends
+*   k_gi = H_n(s_vb)
+* param: s_view_balance - s_vb
+* outparam: k_generate_image_out - k_gi
+*/
+void make_carrot_generateimage_key(const crypto::secret_key &s_view_balance,
+    crypto::secret_key &k_generate_image_out);
+/**
+* brief: make_carrot_viewincoming_key - view-incoming key, for identifying received external enotes
+*   k_v = H_n(s_vb)
+* param: s_view_balance - s_vb
+* outparam: k_view_out - k_v
+*/
+void make_carrot_viewincoming_key(const crypto::secret_key &s_view_balance,
+    crypto::secret_key &k_view_out);
+/**
+* brief: make_carrot_generateaddress_secret - generate-address secret, for generating addresses
+*   s_ga = H_32(s_vb)
+* param: s_view_balance - s_vb
+* outparam: s_generate_address_out - s_ga
+*/
+void make_carrot_generateaddress_secret(const crypto::secret_key &s_view_balance,
+    crypto::secret_key &s_generate_address_out);
+/**
+ * brief: make_carrot_spend_pubkey - base public spendkey for rerandomizable RingCT
+ *   K_s = k_gi G + k_ps T
+ * param: k_generate_image - k_gi
+ * param: k_prove_spend - k_ps
+ * outparam: spend_pubkey_out - K_s
+*/
+void make_carrot_spend_pubkey(const crypto::secret_key &k_generate_image,
+    const crypto::secret_key &k_prove_spend,
+    crypto::public_key &spend_pubkey_out);
+
+} //namespace carrot