bulletproofs: add multi output bulletproofs to rct

4 files changed, 66 insertions, 3 deletions

diff --git a/tests/core_tests/multisig.cpp b/tests/core_tests/multisig.cpp
index 936a4b742..46cc0ff35 100644
--- a/tests/core_tests/multisig.cpp
+++ b/tests/core_tests/multisig.cpp
@@ -285,7 +285,7 @@ bool gen_multisig_tx_validation_base::generate_with(std::vector<test_event_entry
 #endif
   std::vector<crypto::secret_key> additional_tx_secret_keys;
   auto sources_copy = sources;
-  r = construct_tx_and_get_tx_key(miner_account[creator].get_keys(), subaddresses, sources, destinations, boost::none, std::vector<uint8_t>(), tx, 0, tx_key, additional_tx_secret_keys, true, false, msoutp);
+  r = construct_tx_and_get_tx_key(miner_account[creator].get_keys(), subaddresses, sources, destinations, boost::none, std::vector<uint8_t>(), tx, 0, tx_key, additional_tx_secret_keys, true, rct::RangeProofBorromean, msoutp);
   CHECK_AND_ASSERT_MES(r, false, "failed to construct transaction");
 
 #ifndef NO_MULTISIG
diff --git a/tests/performance_tests/check_tx_signature.h b/tests/performance_tests/check_tx_signature.h
index 93a8304be..693ea1866 100644
--- a/tests/performance_tests/check_tx_signature.h
+++ b/tests/performance_tests/check_tx_signature.h
@@ -72,7 +72,7 @@ public:
     std::vector<crypto::secret_key> additional_tx_keys;
     std::unordered_map<crypto::public_key, cryptonote::subaddress_index> subaddresses;
     subaddresses[this->m_miners[this->real_source_idx].get_keys().m_account_address.m_spend_public_key] = {0,0};
-    if (!construct_tx_and_get_tx_key(this->m_miners[this->real_source_idx].get_keys(), subaddresses, this->m_sources, destinations, cryptonote::account_public_address{}, std::vector<uint8_t>(), m_tx, 0, tx_key, additional_tx_keys, rct, bulletproof))
+    if (!construct_tx_and_get_tx_key(this->m_miners[this->real_source_idx].get_keys(), subaddresses, this->m_sources, destinations, cryptonote::account_public_address{}, std::vector<uint8_t>(), m_tx, 0, tx_key, additional_tx_keys, rct, bulletproof ? rct::RangeProofMultiOutputBulletproof : rct::RangeProofBorromean))
       return false;
 
     get_transaction_prefix_hash(m_tx, m_tx_prefix_hash);
diff --git a/tests/unit_tests/bulletproofs.cpp b/tests/unit_tests/bulletproofs.cpp
index d3b804530..183bb5167 100644
--- a/tests/unit_tests/bulletproofs.cpp
+++ b/tests/unit_tests/bulletproofs.cpp
@@ -31,7 +31,9 @@
 #include "gtest/gtest.h"
 
 #include "ringct/rctOps.h"
+#include "ringct/rctSigs.h"
 #include "ringct/bulletproofs.h"
+#include "device/device.hpp"
 #include "misc_log_ex.h"
 
 TEST(bulletproofs, valid_zero)
@@ -72,6 +74,67 @@ TEST(bulletproofs, valid_multi_random)
   }
 }
 
+TEST(bulletproofs, multi_splitting)
+{
+  rct::ctkeyV sc, pc;
+  rct::ctkey sctmp, pctmp;
+
+  std::tie(sctmp, pctmp) = rct::ctskpkGen(6000);
+  sc.push_back(sctmp);
+  pc.push_back(pctmp);
+
+  std::tie(sctmp, pctmp) = rct::ctskpkGen(7000);
+  sc.push_back(sctmp);
+  pc.push_back(pctmp);
+
+  const int mixin = 3, max_outputs = 16;
+
+  for (int n_outputs = 1; n_outputs <= max_outputs; ++n_outputs)
+  {
+    std::vector<uint64_t> amounts;
+    rct::keyV amount_keys;
+    rct::keyV destinations;
+    rct::key Sk, Pk;
+    uint64_t available = 6000 + 7000;
+    uint64_t amount;
+    rct::ctkeyM mixRing(mixin+1);
+
+    //add output
+    for (size_t i = 0; i < n_outputs; ++i)
+    {
+      amount = rct::randXmrAmount(available);
+      amounts.push_back(amount);
+      amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
+      rct::skpkGen(Sk, Pk);
+      destinations.push_back(Pk);
+      available -= amount;
+    }
+    if (!amounts.empty())
+      amounts.back() += available;
+
+    for (size_t j = 0; j <= mixin; ++j)
+    {
+      for (size_t i = 0; i < sc.size(); ++i)
+      {
+        if (j == 1)
+          mixRing[j].push_back(pc[i]);
+        else
+          mixRing[j].push_back({rct::scalarmultBase(rct::skGen()), rct::scalarmultBase(rct::skGen())});
+      }
+    }
+
+    rct::ctkeyV outSk;
+    rct::rctSig s = rct::genRct(rct::zero(), sc, destinations, amounts, mixRing, amount_keys, NULL, NULL, 1, outSk, rct::RangeProofMultiOutputBulletproof, hw::get_device("default"));
+    ASSERT_TRUE(rct::verRct(s));
+    for (size_t i = 0; i < n_outputs; ++i)
+    {
+      rct::key mask;
+      rct::decodeRct(s, amount_keys[i], i, mask, hw::get_device("default"));
+      ASSERT_TRUE(mask == outSk[i].mask);
+    }
+  }
+}
+
 
 TEST(bulletproofs, invalid_8)
 {
diff --git a/tests/unit_tests/json_serialization.cpp b/tests/unit_tests/json_serialization.cpp
index ac6b60846..234cb2c33 100644
--- a/tests/unit_tests/json_serialization.cpp
+++ b/tests/unit_tests/json_serialization.cpp
@@ -75,7 +75,7 @@ namespace
         std::unordered_map<crypto::public_key, cryptonote::subaddress_index> subaddresses;
         subaddresses[from.m_account_address.m_spend_public_key] = {0,0};
 
-        if (!cryptonote::construct_tx_and_get_tx_key(from, subaddresses, actual_sources, to, boost::none, {}, tx, 0, tx_key, extra_keys, rct, bulletproof))
+        if (!cryptonote::construct_tx_and_get_tx_key(from, subaddresses, actual_sources, to, boost::none, {}, tx, 0, tx_key, extra_keys, rct, bulletproof ? rct::RangeProofBulletproof : rct::RangeProofBorromean))
             throw std::runtime_error{"transaction construction error"};
 
         return tx;