CLSAG signatures

4 files changed, 196 insertions, 4 deletions

diff --git a/tests/performance_tests/crypto_ops.h b/tests/performance_tests/crypto_ops.h
index ae00bb517..9db2e413a 100644
--- a/tests/performance_tests/crypto_ops.h
+++ b/tests/performance_tests/crypto_ops.h
@@ -51,11 +51,15 @@ enum test_op
   op_scalarmult8_p3,
   op_ge_dsm_precomp,
   op_ge_double_scalarmult_base_vartime,
+  op_ge_triple_scalarmult_base_vartime,
   op_ge_double_scalarmult_precomp_vartime,
+  op_ge_triple_scalarmult_precomp_vartime,
   op_ge_double_scalarmult_precomp_vartime2,
   op_addKeys2,
   op_addKeys3,
   op_addKeys3_2,
+  op_addKeys_aGbBcC,
+  op_addKeys_aAbBcC,
   op_isInMainSubgroup,
   op_zeroCommitUncached,
 };
@@ -70,15 +74,20 @@ public:
   {
     scalar0 = rct::skGen();
     scalar1 = rct::skGen();
+    scalar2 = rct::skGen();
     point0 = rct::scalarmultBase(rct::skGen());
     point1 = rct::scalarmultBase(rct::skGen());
+    point2 = rct::scalarmultBase(rct::skGen());
     if (ge_frombytes_vartime(&p3_0, point0.bytes) != 0)
       return false;
     if (ge_frombytes_vartime(&p3_1, point1.bytes) != 0)
       return false;
+    if (ge_frombytes_vartime(&p3_2, point2.bytes) != 0)
+      return false;
     ge_p3_to_cached(&cached, &p3_0);
     rct::precomp(precomp0, point0);
     rct::precomp(precomp1, point1);
+    rct::precomp(precomp2, point2);
     return true;
   }
 
@@ -109,11 +118,15 @@ public:
       case op_scalarmult8_p3: rct::scalarmult8(p3_0,point0); break;
       case op_ge_dsm_precomp: ge_dsm_precomp(dsmp, &p3_0); break;
       case op_ge_double_scalarmult_base_vartime: ge_double_scalarmult_base_vartime(&tmp_p2, scalar0.bytes, &p3_0, scalar1.bytes); break;
+      case op_ge_triple_scalarmult_base_vartime: ge_triple_scalarmult_base_vartime(&tmp_p2, scalar0.bytes, scalar1.bytes, precomp1, scalar2.bytes, precomp2); break;
       case op_ge_double_scalarmult_precomp_vartime: ge_double_scalarmult_precomp_vartime(&tmp_p2, scalar0.bytes, &p3_0, scalar1.bytes, precomp0); break;
+      case op_ge_triple_scalarmult_precomp_vartime: ge_triple_scalarmult_precomp_vartime(&tmp_p2, scalar0.bytes, precomp0, scalar1.bytes, precomp1, scalar2.bytes, precomp2); break;
       case op_ge_double_scalarmult_precomp_vartime2: ge_double_scalarmult_precomp_vartime2(&tmp_p2, scalar0.bytes, precomp0, scalar1.bytes, precomp1); break;
       case op_addKeys2: rct::addKeys2(key, scalar0, scalar1, point0); break;
       case op_addKeys3: rct::addKeys3(key, scalar0, point0, scalar1, precomp1); break;
       case op_addKeys3_2: rct::addKeys3(key, scalar0, precomp0, scalar1, precomp1); break;
+      case op_addKeys_aGbBcC: rct::addKeys_aGbBcC(key, scalar0, scalar1, precomp1, scalar2, precomp2); break;
+      case op_addKeys_aAbBcC: rct::addKeys_aAbBcC(key, scalar0, precomp0, scalar1, precomp1, scalar2, precomp2); break;
       case op_isInMainSubgroup: rct::isInMainSubgroup(point0); break;
       case op_zeroCommitUncached: rct::zeroCommit(9001); break;
       case op_zeroCommitCached: rct::zeroCommit(9000); break;
@@ -123,9 +136,9 @@ public:
   }
 
 private:
-  rct::key scalar0, scalar1;
-  rct::key point0, point1;
-  ge_p3 p3_0, p3_1;
+  rct::key scalar0, scalar1, scalar2;
+  rct::key point0, point1, point2;
+  ge_p3 p3_0, p3_1, p3_2;
   ge_cached cached;
-  ge_dsmp precomp0, precomp1;
+  ge_dsmp precomp0, precomp1, precomp2;
 };
diff --git a/tests/performance_tests/main.cpp b/tests/performance_tests/main.cpp
index ca0528e16..b0cec464c 100644
--- a/tests/performance_tests/main.cpp
+++ b/tests/performance_tests/main.cpp
@@ -60,6 +60,8 @@
 #include "bulletproof.h"
 #include "crypto_ops.h"
 #include "multiexp.h"
+#include "sig_mlsag.h"
+#include "sig_clsag.h"
 
 namespace po = boost::program_options;
 
@@ -213,6 +215,9 @@ int main(int argc, char** argv)
   TEST_PERFORMANCE1(filter, p, test_cn_fast_hash, 32);
   TEST_PERFORMANCE1(filter, p, test_cn_fast_hash, 16384);
 
+  TEST_PERFORMANCE2(filter, p, test_sig_mlsag, 11, true); // MLSAG verification
+  TEST_PERFORMANCE3(filter, p, test_sig_clsag, 11, true, 0); // CLSAG verification
+
   TEST_PERFORMANCE2(filter, p, test_ringct_mlsag, 11, false);
   TEST_PERFORMANCE2(filter, p, test_ringct_mlsag, 11, true);
 
@@ -257,11 +262,15 @@ int main(int argc, char** argv)
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_scalarmult8_p3);
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_dsm_precomp);
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_double_scalarmult_base_vartime);
+  TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_triple_scalarmult_base_vartime);
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_double_scalarmult_precomp_vartime);
+  TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_triple_scalarmult_precomp_vartime);
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_double_scalarmult_precomp_vartime2);
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_addKeys2);
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_addKeys3);
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_addKeys3_2);
+  TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_addKeys_aGbBcC);
+  TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_addKeys_aAbBcC);
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_isInMainSubgroup);
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_zeroCommitUncached);
   TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_zeroCommitCached);
diff --git a/tests/performance_tests/sig_clsag.h b/tests/performance_tests/sig_clsag.h
new file mode 100644
index 000000000..0873fa520
--- /dev/null
+++ b/tests/performance_tests/sig_clsag.h
@@ -0,0 +1,83 @@
+// Copyright (c) 2014-2019, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// 
+// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+
+#pragma once
+
+#include "ringct/rctSigs.h"
+#include "cryptonote_basic/cryptonote_basic.h"
+
+#include "single_tx_test_base.h"
+
+template<size_t ring_size, bool ver, size_t index>
+class test_sig_clsag : public single_tx_test_base
+{
+public:
+  static const size_t n = ring_size;
+  static const size_t loop_count = 1000;
+  static const size_t l = index;
+
+  bool init()
+  {
+    if (!single_tx_test_base::init())
+      return false;
+
+    p = rct::skGen();
+    z = rct::skGen();
+    P = rct::skvGen(n);
+    C = rct::skvGen(n);
+    for (size_t i = 0 ; i < n; i++)
+    {
+        P[i] = rct::scalarmultBase(P[i]);
+        C[i] = rct::scalarmultBase(C[i]);
+    }
+    P[l] = rct::scalarmultBase(p);
+    C[l] = rct::scalarmultBase(z);
+    
+    sig = CLSAG_Gen(rct::identity(),P,p,C,z,l,NULL);
+
+    return true;
+  }
+
+  bool test()
+  {
+    if (ver)
+      return CLSAG_Ver(rct::identity(),P,C,sig);
+    else
+      CLSAG_Gen(rct::identity(),P,p,C,z,l,NULL);
+    return true;
+  }
+
+private:
+  rct::key p;
+  rct::key z;
+  rct::keyV P;
+  rct::keyV C;
+  rct::clsag sig;
+};
diff --git a/tests/performance_tests/sig_mlsag.h b/tests/performance_tests/sig_mlsag.h
new file mode 100644
index 000000000..fc987fcf5
--- /dev/null
+++ b/tests/performance_tests/sig_mlsag.h
@@ -0,0 +1,87 @@
+// Copyright (c) 2014-2019, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// 
+// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+
+#pragma once
+
+#include "ringct/rctSigs.h"
+#include "cryptonote_basic/cryptonote_basic.h"
+
+#include "single_tx_test_base.h"
+
+template<size_t ring_size, bool ver>
+class test_sig_mlsag : public single_tx_test_base
+{
+public:
+  static const size_t cols = ring_size;
+  static const size_t rows = 2; // 1 spend + 1 commitment
+  static const size_t loop_count = 1000;
+
+  bool init()
+  {
+    if (!single_tx_test_base::init())
+      return false;
+
+    rct::keyV xtmp = rct::skvGen(rows);
+    rct::keyM xm = rct::keyMInit(rows, cols);// = [[None]*N] #just used to generate test public keys
+    sk = rct::skvGen(rows);
+    P  = rct::keyMInit(rows, cols);// = keyM[[None]*N] #stores the public keys;
+    ind = 0; // fixed spend index
+    for (size_t j = 0 ; j < rows ; j++)
+    {
+        for (size_t i = 0 ; i < cols ; i++)
+        {
+            xm[i][j] = rct::skGen();
+            P[i][j] = rct::scalarmultBase(xm[i][j]);
+        }
+    }
+    for (size_t j = 0 ; j < rows ; j++)
+    {
+        sk[j] = xm[ind][j];
+    }
+    IIccss = MLSAG_Gen(rct::identity(), P, sk, NULL, NULL, ind, rows-1, hw::get_device("default"));
+
+    return true;
+  }
+
+  bool test()
+  {
+    if (ver)
+      return MLSAG_Ver(rct::identity(), P, IIccss, rows-1);
+    else
+      MLSAG_Gen(rct::identity(), P, sk, NULL, NULL, ind, rows-1, hw::get_device("default"));
+    return true;
+  }
+
+private:
+  rct::keyV sk;
+  rct::keyM P;
+  size_t ind;
+  rct::mgSig IIccss;
+};