diff options
| author | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-01-08 16:05:18 +0000 |
|---|---|---|
| committer | moneromooo-monero <moneromooo-monero@users.noreply.github.com> | 2019-01-22 23:17:39 +0000 |
| commit | 7d375981584e5ddac4ea6ad8879e2211d465b79d (patch) | |
| tree | 82341e77219309514ab8bc12d6c3bd65b60a2293 /src/ringct/rctOps.cpp | |
| parent | ringct: encode 8 byte amount, saving 24 bytes per output (diff) | |
| download | monero-7d375981584e5ddac4ea6ad8879e2211d465b79d.tar.xz | |
ringct: the commitment mask is now deterministic
saves space in the tx and is safe
Found by knaccc
Diffstat (limited to '')
| -rw-r--r-- | src/ringct/rctOps.cpp | 56 |
1 files changed, 38 insertions, 18 deletions
diff --git a/src/ringct/rctOps.cpp b/src/ringct/rctOps.cpp index b28aa4fe6..e39ba16fd 100644 --- a/src/ringct/rctOps.cpp +++ b/src/ringct/rctOps.cpp @@ -672,36 +672,56 @@ namespace rct { // where C= aG + bH static key ecdhHash(const key &k) { - char data[38]; - rct::key hash; - memcpy(data, "amount", 6); - memcpy(data + 6, &k, sizeof(k)); - cn_fast_hash(hash, data, sizeof(data)); - return hash; + char data[38]; + rct::key hash; + memcpy(data, "amount", 6); + memcpy(data + 6, &k, sizeof(k)); + cn_fast_hash(hash, data, sizeof(data)); + return hash; } static void xor8(key &v, const key &k) { - for (int i = 0; i < 8; ++i) - v.bytes[i] ^= k.bytes[i]; + for (int i = 0; i < 8; ++i) + v.bytes[i] ^= k.bytes[i]; + } + key genCommitmentMask(const key &sk) + { + char data[15 + sizeof(key)]; + memcpy(data, "commitment_mask", 15); + memcpy(data + 15, &sk, sizeof(sk)); + key scalar; + hash_to_scalar(scalar, data, sizeof(data)); + return scalar; } - void ecdhEncode(ecdhTuple & unmasked, const key & sharedSec, bool short_amount) { - key sharedSec1 = hash_to_scalar(sharedSec); - key sharedSec2 = hash_to_scalar(sharedSec1); + + void ecdhEncode(ecdhTuple & unmasked, const key & sharedSec, bool v2) { //encode - sc_add(unmasked.mask.bytes, unmasked.mask.bytes, sharedSec1.bytes); - if (short_amount) + if (v2) + { + unmasked.mask = zero(); xor8(unmasked.amount, ecdhHash(sharedSec)); + } else + { + key sharedSec1 = hash_to_scalar(sharedSec); + key sharedSec2 = hash_to_scalar(sharedSec1); + sc_add(unmasked.mask.bytes, unmasked.mask.bytes, sharedSec1.bytes); sc_add(unmasked.amount.bytes, unmasked.amount.bytes, sharedSec2.bytes); + } } - void ecdhDecode(ecdhTuple & masked, const key & sharedSec, bool short_amount) { - key sharedSec1 = hash_to_scalar(sharedSec); - key sharedSec2 = hash_to_scalar(sharedSec1); + void ecdhDecode(ecdhTuple & masked, const key & sharedSec, bool v2) { //decode - sc_sub(masked.mask.bytes, masked.mask.bytes, sharedSec1.bytes); - if (short_amount) + if (v2) + { + masked.mask = genCommitmentMask(sharedSec); xor8(masked.amount, ecdhHash(sharedSec)); + } else + { + key sharedSec1 = hash_to_scalar(sharedSec); + key sharedSec2 = hash_to_scalar(sharedSec1); + sc_sub(masked.mask.bytes, masked.mask.bytes, sharedSec1.bytes); sc_sub(masked.amount.bytes, masked.amount.bytes, sharedSec2.bytes); + } } } |