aboutsummaryrefslogtreecommitdiff
path: root/src/ringct/rctOps.cpp
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-01-06 19:49:52 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2019-01-22 23:17:31 +0000
commit99d946e6191056f747225d36a2408085624b516e (patch)
tree9b81751a703e40d188c26d035edb34e945e28422 /src/ringct/rctOps.cpp
parentringct: save 3 bytes on bulletproof size (diff)
downloadmonero-99d946e6191056f747225d36a2408085624b516e.tar.xz
ringct: encode 8 byte amount, saving 24 bytes per output
Found by knaccc
Diffstat (limited to '')
-rw-r--r--src/ringct/rctOps.cpp28
1 files changed, 24 insertions, 4 deletions
diff --git a/src/ringct/rctOps.cpp b/src/ringct/rctOps.cpp
index 0ec654af6..b28aa4fe6 100644
--- a/src/ringct/rctOps.cpp
+++ b/src/ringct/rctOps.cpp
@@ -670,18 +670,38 @@ namespace rct {
//Elliptic Curve Diffie Helman: encodes and decodes the amount b and mask a
// where C= aG + bH
- void ecdhEncode(ecdhTuple & unmasked, const key & sharedSec) {
+ static key ecdhHash(const key &k)
+ {
+ char data[38];
+ rct::key hash;
+ memcpy(data, "amount", 6);
+ memcpy(data + 6, &k, sizeof(k));
+ cn_fast_hash(hash, data, sizeof(data));
+ return hash;
+ }
+ static void xor8(key &v, const key &k)
+ {
+ for (int i = 0; i < 8; ++i)
+ v.bytes[i] ^= k.bytes[i];
+ }
+ void ecdhEncode(ecdhTuple & unmasked, const key & sharedSec, bool short_amount) {
key sharedSec1 = hash_to_scalar(sharedSec);
key sharedSec2 = hash_to_scalar(sharedSec1);
//encode
sc_add(unmasked.mask.bytes, unmasked.mask.bytes, sharedSec1.bytes);
- sc_add(unmasked.amount.bytes, unmasked.amount.bytes, sharedSec2.bytes);
+ if (short_amount)
+ xor8(unmasked.amount, ecdhHash(sharedSec));
+ else
+ sc_add(unmasked.amount.bytes, unmasked.amount.bytes, sharedSec2.bytes);
}
- void ecdhDecode(ecdhTuple & masked, const key & sharedSec) {
+ void ecdhDecode(ecdhTuple & masked, const key & sharedSec, bool short_amount) {
key sharedSec1 = hash_to_scalar(sharedSec);
key sharedSec2 = hash_to_scalar(sharedSec1);
//decode
sc_sub(masked.mask.bytes, masked.mask.bytes, sharedSec1.bytes);
- sc_sub(masked.amount.bytes, masked.amount.bytes, sharedSec2.bytes);
+ if (short_amount)
+ xor8(masked.amount, ecdhHash(sharedSec));
+ else
+ sc_sub(masked.amount.bytes, masked.amount.bytes, sharedSec2.bytes);
}
}