[WIP] Aggsig Transactions (#530)

* First steps converting transaction workflow to be aggsig-enable

* integrating updated version of aggsig, which gives greater control over the contents of e

* added wallet transaction test to testing framework to enable testing the whole thing, completed interaction as far as inital response from recipient

* more aggsig work, final signature is produced now

* Construction of aggsig transaction now working to the point of the signature being built

* aggsig transactions working end-to-end in the nominal case

* refactor aggsig verify from commit and fix some tests

* more cleanup and test fixing

* cleaning up automated tests

* test+formatting fix
This commit is contained in:
Yeastplume
2018-01-10 19:36:27 +00:00
committed by GitHub
parent 6a9a584c43
commit 1199ed2cc1
23 changed files with 721 additions and 206 deletions
+1 -2
View File
@@ -341,7 +341,6 @@ impl Block {
kernels.sort();
// calculate the overall Merkle tree and fees (todo?)
Ok(
Block {
header: BlockHeader {
@@ -585,7 +584,7 @@ impl Block {
let excess = secp.commit_sum(vec![out_commit], vec![over_commit])?;
let msg = util::secp::Message::from_slice(&[0; secp::constants::MESSAGE_SIZE])?;
let sig = keychain.sign(&msg, &key_id)?;
let sig = keychain.aggsig_sign_from_key_id(&msg, &key_id).unwrap();
let excess_sig = sig.serialize_der(&secp);
+2 -3
View File
@@ -25,10 +25,9 @@
//! build::transaction(vec![input_rand(75), output_rand(42), output_rand(32),
//! with_fee(1)])
use util::{secp, static_secp_instance};
use util::{secp, static_secp_instance, kernel_sig_msg};
use core::{Input, Output, SwitchCommitHash, Transaction, DEFAULT_OUTPUT};
use core::transaction::kernel_sig_msg;
use util::LOGGER;
use keychain;
use keychain::{BlindSum, BlindingFactor, Identifier, Keychain};
@@ -138,7 +137,7 @@ pub fn transaction(
);
let blind_sum = ctx.keychain.blind_sum(&sum)?;
let msg = secp::Message::from_slice(&kernel_sig_msg(tx.fee, tx.lock_height))?;
let sig = ctx.keychain.sign_with_blinding(&msg, &blind_sum)?;
let sig = Keychain::aggsig_sign_with_blinding(&keychain.secp(), &msg, &blind_sum)?;
let secp = static_secp_instance();
let secp = secp.lock().unwrap();
+10 -20
View File
@@ -13,11 +13,9 @@
// limitations under the License.
//! Transactions
use byteorder::{BigEndian, ByteOrder};
use blake2::blake2b::blake2b;
use util::secp::{self, Message, Signature};
use util::static_secp_instance;
use util::{static_secp_instance, kernel_sig_msg};
use util::secp::pedersen::{Commitment, RangeProof};
use std::cmp::Ordering;
use std::ops;
@@ -92,14 +90,6 @@ impl From<consensus::Error> for Error {
}
}
/// Construct msg bytes from tx fee and lock_height
pub fn kernel_sig_msg(fee: u64, lock_height: u64) -> [u8; 32] {
let mut bytes = [0; 32];
BigEndian::write_u64(&mut bytes[16..24], fee);
BigEndian::write_u64(&mut bytes[24..], lock_height);
bytes
}
/// A proof that a transaction sums to zero. Includes both the transaction's
/// Pedersen commitment and the signature, that guarantees that the commitments
/// amount to zero.
@@ -166,7 +156,11 @@ impl TxKernel {
let secp = static_secp_instance();
let secp = secp.lock().unwrap();
let sig = try!(Signature::from_der(&secp, &self.excess_sig));
secp.verify_from_commit(&msg, &sig, &self.excess)
let valid = Keychain::aggsig_verify_single_from_commit(&secp, &sig, &msg, &self.excess);
if !valid{
return Err(secp::Error::IncorrectSignature);
}
Ok(())
}
}
@@ -330,16 +324,12 @@ impl Transaction {
let secp = static_secp_instance();
let secp = secp.lock().unwrap();
let sig = Signature::from_der(&secp, &self.excess_sig)?;
// pretend the sum is a public key (which it is, being of the form r.G) and
// verify the transaction sig with it
//
// we originally converted the commitment to a key_id here (commitment to zero)
// and then passed the key_id to secp.verify()
// the secp api no longer allows us to do this so we have wrapped the complexity
// of generating a public key from a commitment behind verify_from_commit
secp.verify_from_commit(&msg, &sig, &rsum)?;
let valid = Keychain::aggsig_verify_single_from_commit(&secp, &sig, &msg, &rsum);
if !valid{
return Err(secp::Error::IncorrectSignature);
}
Ok(rsum)
}