bulletproofs: add multi output bulletproofs to rct

2024-08-15 01:03:23 +00:00 · 2018-01-17 21:50:03 +00:00 · 2018-01-17 21:50:03 +00:00 · 9ce9f8caf6
commit 9ce9f8caf6
parent f34e2e20bd
13 changed files with 247 additions and 97 deletions
--- a/tests/core_tests/multisig.cpp
+++ b/tests/core_tests/multisig.cpp
@ -285,7 +285,7 @@ bool gen_multisig_tx_validation_base::generate_with(std::vector<test_event_entry
 #endif
  std::vector<crypto::secret_key> additional_tx_secret_keys;
  auto sources_copy = sources;
-  r = construct_tx_and_get_tx_key(miner_account[creator].get_keys(), subaddresses, sources, destinations, boost::none, std::vector<uint8_t>(), tx, 0, tx_key, additional_tx_secret_keys, true, false, msoutp);
+  r = construct_tx_and_get_tx_key(miner_account[creator].get_keys(), subaddresses, sources, destinations, boost::none, std::vector<uint8_t>(), tx, 0, tx_key, additional_tx_secret_keys, true, rct::RangeProofBorromean, msoutp);
  CHECK_AND_ASSERT_MES(r, false, "failed to construct transaction");

 #ifndef NO_MULTISIG
--- a/tests/performance_tests/check_tx_signature.h
+++ b/tests/performance_tests/check_tx_signature.h
@ -72,7 +72,7 @@ public:
    std::vector<crypto::secret_key> additional_tx_keys;
    std::unordered_map<crypto::public_key, cryptonote::subaddress_index> subaddresses;
    subaddresses[this->m_miners[this->real_source_idx].get_keys().m_account_address.m_spend_public_key] = {0,0};
-    if (!construct_tx_and_get_tx_key(this->m_miners[this->real_source_idx].get_keys(), subaddresses, this->m_sources, destinations, cryptonote::account_public_address{}, std::vector<uint8_t>(), m_tx, 0, tx_key, additional_tx_keys, rct, bulletproof))
+    if (!construct_tx_and_get_tx_key(this->m_miners[this->real_source_idx].get_keys(), subaddresses, this->m_sources, destinations, cryptonote::account_public_address{}, std::vector<uint8_t>(), m_tx, 0, tx_key, additional_tx_keys, rct, bulletproof ? rct::RangeProofMultiOutputBulletproof : rct::RangeProofBorromean))
      return false;

    get_transaction_prefix_hash(m_tx, m_tx_prefix_hash);
--- a/tests/unit_tests/bulletproofs.cpp
+++ b/tests/unit_tests/bulletproofs.cpp
@ -31,7 +31,9 @@
 #include "gtest/gtest.h"

 #include "ringct/rctOps.h"
+#include "ringct/rctSigs.h"
 #include "ringct/bulletproofs.h"
+#include "device/device.hpp"
 #include "misc_log_ex.h"

 TEST(bulletproofs, valid_zero)
@ -72,6 +74,67 @@ TEST(bulletproofs, valid_multi_random)
  }
 }

+TEST(bulletproofs, multi_splitting)
+{
+  rct::ctkeyV sc, pc;
+  rct::ctkey sctmp, pctmp;
+
+  std::tie(sctmp, pctmp) = rct::ctskpkGen(6000);
+  sc.push_back(sctmp);
+  pc.push_back(pctmp);
+
+  std::tie(sctmp, pctmp) = rct::ctskpkGen(7000);
+  sc.push_back(sctmp);
+  pc.push_back(pctmp);
+
+  const int mixin = 3, max_outputs = 16;
+
+  for (int n_outputs = 1; n_outputs <= max_outputs; ++n_outputs)
+  {
+    std::vector<uint64_t> amounts;
+    rct::keyV amount_keys;
+    rct::keyV destinations;
+    rct::key Sk, Pk;
+    uint64_t available = 6000 + 7000;
+    uint64_t amount;
+    rct::ctkeyM mixRing(mixin+1);
+
+    //add output
+    for (size_t i = 0; i < n_outputs; ++i)
+    {
+      amount = rct::randXmrAmount(available);
+      amounts.push_back(amount);
+      amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
+      rct::skpkGen(Sk, Pk);
+      destinations.push_back(Pk);
+      available -= amount;
+    }
+    if (!amounts.empty())
+      amounts.back() += available;
+
+    for (size_t j = 0; j <= mixin; ++j)
+    {
+      for (size_t i = 0; i < sc.size(); ++i)
+      {
+        if (j == 1)
+          mixRing[j].push_back(pc[i]);
+        else
+          mixRing[j].push_back({rct::scalarmultBase(rct::skGen()), rct::scalarmultBase(rct::skGen())});
+      }
+    }
+
+    rct::ctkeyV outSk;
+    rct::rctSig s = rct::genRct(rct::zero(), sc, destinations, amounts, mixRing, amount_keys, NULL, NULL, 1, outSk, rct::RangeProofMultiOutputBulletproof, hw::get_device("default"));
+    ASSERT_TRUE(rct::verRct(s));
+    for (size_t i = 0; i < n_outputs; ++i)
+    {
+      rct::key mask;
+      rct::decodeRct(s, amount_keys[i], i, mask, hw::get_device("default"));
+      ASSERT_TRUE(mask == outSk[i].mask);
+    }
+  }
+}
+

 TEST(bulletproofs, invalid_8)
 {
--- a/tests/unit_tests/json_serialization.cpp
+++ b/tests/unit_tests/json_serialization.cpp
@ -75,7 +75,7 @@ namespace
        std::unordered_map<crypto::public_key, cryptonote::subaddress_index> subaddresses;
        subaddresses[from.m_account_address.m_spend_public_key] = {0,0};

-        if (!cryptonote::construct_tx_and_get_tx_key(from, subaddresses, actual_sources, to, boost::none, {}, tx, 0, tx_key, extra_keys, rct, bulletproof))
+        if (!cryptonote::construct_tx_and_get_tx_key(from, subaddresses, actual_sources, to, boost::none, {}, tx, 0, tx_key, extra_keys, rct, bulletproof ? rct::RangeProofBulletproof : rct::RangeProofBorromean))
            throw std::runtime_error{"transaction construction error"};

        return tx;