aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorluigi1111 <luigi1111w@gmail.com>2016-11-17 23:27:00 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2016-12-04 21:54:16 +0000
commit46a0dcc1d2a31b41f5c75009d70476010f7fbacf (patch)
treeff11519c93267383ae6e879105852031379e81c1
parentringct: switch to Borromean signatures (diff)
downloadmonero-46a0dcc1d2a31b41f5c75009d70476010f7fbacf.tar.xz
ringct: luigi1111's changes to fix and speedup Borromean sigs
-rw-r--r--src/ringct/rctSigs.cpp31
-rw-r--r--tests/unit_tests/ringct.cpp12
2 files changed, 19 insertions, 24 deletions
diff --git a/src/ringct/rctSigs.cpp b/src/ringct/rctSigs.cpp
index fb67c77c4..fd068c4ea 100644
--- a/src/ringct/rctSigs.cpp
+++ b/src/ringct/rctSigs.cpp
@@ -58,29 +58,28 @@ namespace rct {
//Borromean (c.f. gmax/andytoshi's paper)
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices) {
- key64 L[2], c[2], s[2], alpha, P[2];
+ key64 L[2], alpha;
+ key c;
int naught = 0, prime = 0, ii = 0, jj=0;
+ boroSig bb;
for (ii = 0 ; ii < 64 ; ii++) {
naught = indices[ii]; prime = (indices[ii] + 1) % 2;
- copy(P[0][ii], P1[ii]); //could probably user pointers
- copy(P[1][ii], P2[ii]);
skGen(alpha[ii]);
scalarmultBase(L[naught][ii], alpha[ii]);
- c[prime][ii] = hash_to_scalar(L[naught][ii]);
- skGen(s[prime][ii]);
- addKeys2(L[prime][ii], s[prime][ii], c[prime][ii], P[prime][ii]);
+ if (naught == 0) {
+ skGen(bb.s1[ii]);
+ c = hash_to_scalar(L[naught][ii]);
+ addKeys2(L[prime][ii], bb.s1[ii], c, P2[ii]);
+ }
}
- boroSig bb;
- bb.ee = cn_fast_hash(L[1]); //or L[1]..
+ bb.ee = hash_to_scalar(L[1]); //or L[1]..
key LL, cc;
for (jj = 0 ; jj < 64 ; jj++) {
- naught = indices[jj]; prime = (indices[jj] + 1) % 2;
if (!indices[jj]) {
sc_mulsub(bb.s0[jj].bytes, x[jj].bytes, bb.ee.bytes, alpha[jj].bytes);
- copy(bb.s1[jj], s[1][jj]);
} else {
- copy(bb.s0[jj], s[0][jj]);
- addKeys2(LL, bb.s0[jj], bb.ee, P[0][jj]); //different L0
+ skGen(bb.s0[jj]);
+ addKeys2(LL, bb.s0[jj], bb.ee, P1[jj]); //different L0
cc = hash_to_scalar(LL);
sc_mulsub(bb.s1[jj].bytes, x[jj].bytes, cc.bytes, alpha[jj].bytes);
}
@@ -90,14 +89,14 @@ namespace rct {
//see above.
bool verifyBorromean(const boroSig &bb, const key64 P1, const key64 P2) {
- key64 Lv1, chash; key LL;
+ key64 Lv1; key chash, LL;
int ii = 0;
for (ii = 0 ; ii < 64 ; ii++) {
addKeys2(LL, bb.s0[ii], bb.ee, P1[ii]);
- chash[ii] = hash_to_scalar(LL);
- addKeys2(Lv1[ii], bb.s1[ii], chash[ii], P2[ii]);
+ chash = hash_to_scalar(LL);
+ addKeys2(Lv1[ii], bb.s1[ii], chash, P2[ii]);
}
- key eeComputed = cn_fast_hash(Lv1); //hash function fine
+ key eeComputed = hash_to_scalar(Lv1); //hash function fine
return equalKeys(eeComputed, bb.ee);
}
diff --git a/tests/unit_tests/ringct.cpp b/tests/unit_tests/ringct.cpp
index 5ab77d4aa..f6409d1ae 100644
--- a/tests/unit_tests/ringct.cpp
+++ b/tests/unit_tests/ringct.cpp
@@ -57,19 +57,15 @@ TEST(ringct, Borromean)
xv[j] = skGen();
if ( (int)indi[j] == 0 ) {
- P1v[j] = scalarmultBase(xv[j]);
- P2v[j] = pkGen();
-
+ scalarmultBase(P1v[j], xv[j]);
} else {
-
- P2v[j] = scalarmultBase(xv[j]);
- P1v[j] = pkGen();
-
+ addKeys1(P1v[j], xv[j], H2[j]);
}
+ subKeys(P2v[j], P1v[j], H2[j]);
}
//#true one
- boro bb = genBorromean(xv, P1v, P2v, indi);
+ boroSig bb = genBorromean(xv, P1v, P2v, indi);
ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
//#false one