arnaucube
/
derosuite
mirror of https://github.com/arnaucube/derosuite.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16 Commits
1 Branch
0 Tags
68 MiB
Tree: 54d9934a3a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '54d9934a3a'
${ noResults }
derosuite/crypto/ringct/key.go

261 lines
6.5 KiB
Raw Normal View History

Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
updated paths of the derosuite package
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
Status update release 1
6 years ago
Derosuite Status Update Release 2
6 years ago
  1. // Copyright 2017-2018 DERO Project. All rights reserved.
  2. // Use of this source code in any form is governed by RESEARCH license.
  3. // license can be found in the LICENSE file.
  4. // GPG: 0F39 E425 8C65 3947 702A 8234 08B2 0360 A03A 9DE8
  5. //
  6. //
  7. // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
  8. // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  9. // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
  10. // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  11. // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  12. // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  13. // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  14. // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
  15. // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  17. package ringct
  19. import "io"
  20. import "fmt"
  21. import "crypto/rand"
  23. import "github.com/arnaucode/derosuite/crypto"
  25. const KeyLength = 32
  27. // Key can be a Scalar or a Point
  28. type Key [KeyLength]byte
  30. func (k Key) MarshalText() ([]byte, error) {
  31. return []byte(fmt.Sprintf("%x", k[:])), nil
  32. }
  34. func (k Key) String() string {
  35. return fmt.Sprintf("%x", k[:])
  36. }
  38. func (p *Key) FromBytes(b [KeyLength]byte) {
  39. *p = b
  40. }
  42. func (p *Key) ToBytes() (result [KeyLength]byte) {
  43. result = [KeyLength]byte(*p)
  44. return
  45. }
  47. func (p *Key) PubKey() (pubKey *Key) {
  48. point := new(ExtendedGroupElement)
  49. GeScalarMultBase(point, p)
  50. pubKey = new(Key)
  51. point.ToBytes(pubKey)
  52. return
  53. }
  55. // Creates a point on the Edwards Curve by hashing the key
  56. func (p *Key) HashToEC() (result *ExtendedGroupElement) {
  57. result = new(ExtendedGroupElement)
  58. var p1 ProjectiveGroupElement
  59. var p2 CompletedGroupElement
  60. h := Key(crypto.Keccak256(p[:]))
  61. p1.FromBytes(&h)
  62. GeMul8(&p2, &p1)
  63. p2.ToExtended(result)
  64. return
  65. }
  67. func (p *Key) HashToPoint() (result Key) {
  68. extended := p.HashToEC()
  69. extended.ToBytes(&result)
  70. return
  71. }
  72. func RandomScalar() (result *Key) {
  73. result = new(Key)
  74. var reduceFrom [KeyLength * 2]byte
  75. tmp := make([]byte, KeyLength*2)
  76. rand.Read(tmp)
  77. copy(reduceFrom[:], tmp)
  78. ScReduce(result, &reduceFrom)
  79. return
  80. }
  82. func NewKeyPair() (privKey *Key, pubKey *Key) {
  83. privKey = RandomScalar()
  84. pubKey = privKey.PubKey()
  85. return
  86. }
  88. func ParseKey(buf io.Reader) (result Key, err error) {
  89. key := make([]byte, KeyLength)
  90. if _, err = buf.Read(key); err != nil {
  91. return
  92. }
  93. copy(result[:], key)
  94. return
  95. }
  97. /*
  98. //does a * G where a is a scalar and G is the curve basepoint
  99. key scalarmultBase(const key & a) {
  100. ge_p3 point;
  101. key aG;
  102. sc_reduce32copy(aG.bytes, a.bytes); //do this beforehand
  103. ge_scalarmult_base(&point, aG.bytes);
  104. ge_p3_tobytes(aG.bytes, &point);
  105. return aG;
  106. }
  107. */
  108. //does a * G where a is a scalar and G is the curve basepoint
  110. func ScalarmultBase(a Key) (aG Key) {
  111. reduce32copy := a
  112. ScReduce32(&reduce32copy)
  113. point := new(ExtendedGroupElement)
  114. GeScalarMultBase(point, &a)
  115. point.ToBytes(&aG)
  116. return aG
  117. }
  119. // generates a key which can be used as private key or mask
  120. // this function is similiar to RandomScalar except for reduce32, TODO can we merge both
  121. func skGen() Key {
  122. skey := RandomScalar()
  123. ScReduce32(skey)
  124. return *skey
  125. }
  127. func (k *Key) ToExtended() (result *ExtendedGroupElement) {
  128. result = new(ExtendedGroupElement)
  129. result.FromBytes(k)
  130. return
  131. }
  133. // bothe the function resturn identity of the ed25519 curve
  134. func identity() (result *Key) {
  135. result = new(Key)
  136. result[0] = 1
  137. return
  138. }
  139. func CurveIdentity() (result Key) {
  140. result = Identity
  141. return result
  142. }
  144. func CurveOrder() (result Key) {
  145. result = L
  146. return result
  147. }
  149. // convert a uint64 to a scalar
  150. func d2h(val uint64) (result *Key) {
  151. result = new(Key)
  152. for i := 0; val > 0; i++ {
  153. result[i] = byte(val & 0xFF)
  154. val /= 256
  155. }
  156. return
  157. }
  159. //32 byte key to uint long long
  160. // if the key holds a value > 2^64
  161. // then the value in the first 8 bytes is returned
  162. func h2d(input Key) (value uint64) {
  163. for j := 7; j >= 0; j-- {
  164. value = (value*256 + uint64(input[j]))
  165. }
  166. return value
  167. }
  169. func HashToScalar(data ...[]byte) (result *Key) {
  170. result = new(Key)
  171. *result = Key(crypto.Keccak256(data...))
  172. ScReduce32(result)
  173. return
  174. }
  176. // does a * P where a is a scalar and P is an arbitrary point
  177. func ScalarMultKey(Point *Key, scalar *Key) (result *Key) {
  178. P := new(ExtendedGroupElement)
  179. P.FromBytes(Point)
  180. resultPoint := new(ProjectiveGroupElement)
  181. GeScalarMult(resultPoint, scalar, P)
  182. result = new(Key)
  183. resultPoint.ToBytes(result)
  184. return
  185. }
  187. // multiply a scalar by H (second curve point of Pedersen Commitment)
  188. func ScalarMultH(scalar *Key) (result *Key) {
  189. h := new(ExtendedGroupElement)
  190. h.FromBytes(&H)
  191. resultPoint := new(ProjectiveGroupElement)
  192. GeScalarMult(resultPoint, scalar, h)
  193. result = new(Key)
  194. resultPoint.ToBytes(result)
  195. return
  196. }
  198. // add two points together
  199. func AddKeys(sum, k1, k2 *Key) {
  200. a := k1.ToExtended()
  201. b := new(CachedGroupElement)
  202. k2.ToExtended().ToCached(b)
  203. c := new(CompletedGroupElement)
  204. geAdd(c, a, b)
  205. tmp := new(ExtendedGroupElement)
  206. c.ToExtended(tmp)
  207. tmp.ToBytes(sum)
  208. return
  209. }
  211. // compute a*G + b*B
  212. func AddKeys2(result, a, b, B *Key) {
  213. BPoint := B.ToExtended()
  214. RPoint := new(ProjectiveGroupElement)
  215. GeDoubleScalarMultVartime(RPoint, b, BPoint, a)
  216. RPoint.ToBytes(result)
  217. return
  218. }
  220. //addKeys3
  221. //aAbB = a*A + b*B where a, b are scalars, A, B are curve points
  222. //B must be input after applying "precomp"
  223. func AddKeys3(result *Key, a *Key, A *Key, b *Key, B_Precomputed *[8]CachedGroupElement) {
  224. A_Point := new(ExtendedGroupElement)
  225. A_Point.FromBytes(A)
  227. result_projective := new(ProjectiveGroupElement)
  228. GeDoubleScalarMultPrecompVartime(result_projective, a, A_Point, b, B_Precomputed)
  229. result_projective.ToBytes(result)
  231. }
  233. // subtract two points A - B
  234. func SubKeys(diff, k1, k2 *Key) {
  235. a := k1.ToExtended()
  236. b := new(CachedGroupElement)
  237. k2.ToExtended().ToCached(b)
  238. c := new(CompletedGroupElement)
  239. geSub(c, a, b)
  240. tmp := new(ExtendedGroupElement)
  241. c.ToExtended(tmp)
  242. tmp.ToBytes(diff)
  243. return
  244. }
  246. // this gives you a commitment from an amount
  247. // this is used to convert tx fee or miner tx amount to commitment
  248. func Commitment_From_Amount(amount uint64) Key {
  249. return *(ScalarMultH(d2h(amount)))
  250. }
  252. // this is used to convert miner tx commitment to mask
  253. // equivalent to rctOps.cpp zeroCommit
  254. func ZeroCommitment_From_Amount(amount uint64) Key {
  255. mask := *(identity())
  256. mask = ScalarmultBase(mask)
  257. am := d2h(amount)
  258. bH := ScalarMultH(am)
  259. AddKeys(&mask, &mask, bH)
  260. return mask
  261. }