public void InputsResponseSerialization()
{
var resp = new InputsResponse
{
UniqueId = Guid.NewGuid(),
RoundId = 1,
};
var serialized = JsonConvert.SerializeObject(resp);
var deserialized = JsonConvert.DeserializeObject <InputsResponse>(serialized);
Assert.Equal(resp.RoundId, deserialized.RoundId);
Assert.Equal(resp.UniqueId, deserialized.UniqueId);
}
public void InputsResponseSerialization()
{
uint256[] bigIntegers = new uint256[] { uint256.One, uint256.One, uint256.Zero };
var resp = new InputsResponse
{
UniqueId = Guid.NewGuid(),
RoundId = 1,
};
var serialized = JsonConvert.SerializeObject(resp);
var deserialized = JsonConvert.DeserializeObject <InputsResponse>(serialized);
Assert.Equal(resp.RoundId, deserialized.RoundId);
Assert.Equal(resp.UniqueId, deserialized.UniqueId);
}
public async Task <IActionResult> PostInputsAsync([FromBody] InputsRequest request)
{
// Validate request.
if (!ModelState.IsValid ||
request == null ||
string.IsNullOrWhiteSpace(request.BlindedOutputScriptHex) ||
string.IsNullOrWhiteSpace(request.ChangeOutputScript) ||
request.Inputs == null ||
request.Inputs.Count() == 0 ||
request.Inputs.Any(x => x.Input == null ||
x.Input.Hash == null ||
string.IsNullOrWhiteSpace(x.Proof)))
{
return(BadRequest("Invalid request."));
}
if (request.Inputs.Count() > 7)
{
return(BadRequest("Maximum 7 inputs can be registered."));
}
using (await InputsLock.LockAsync())
{
CcjRound round = Coordinator.GetCurrentInputRegisterableRound();
// Do more checks.
try
{
if (round.ContainsBlindedOutputScriptHex(request.BlindedOutputScriptHex, out _))
{
return(BadRequest("Blinded output has already been registered."));
}
var changeOutput = new Script(request.ChangeOutputScript);
var inputs = new HashSet <(OutPoint OutPoint, TxOut Output)>();
var alicesToRemove = new HashSet <Guid>();
foreach (InputProofModel inputProof in request.Inputs)
{
if (inputs.Any(x => x.OutPoint == inputProof.Input))
{
return(BadRequest("Cannot register an input twice."));
}
if (round.ContainsInput(inputProof.Input, out List <Alice> tr))
{
alicesToRemove.UnionWith(tr.Select(x => x.UniqueId)); // Input is already registered by this alice, remove it later if all the checks are completed fine.
}
if (Coordinator.AnyRunningRoundContainsInput(inputProof.Input, out List <Alice> tnr))
{
if (tr.Union(tnr).Count() > tr.Count())
{
return(BadRequest("Input is already registered in another round."));
}
}
var bannedElem = Coordinator.UtxoReferee.BannedUtxos.SingleOrDefault(x => x.Key == inputProof.Input);
if (bannedElem.Key != default)
{
int maxBan = (int)TimeSpan.FromDays(30).TotalMinutes;
int banLeft = maxBan - (int)((DateTimeOffset.UtcNow - bannedElem.Value.timeOfBan).TotalMinutes);
if (banLeft > 0)
{
return(BadRequest($"Input is banned from participation for {banLeft} minutes: {inputProof.Input.N}:{inputProof.Input.Hash}."));
}
else
{
await Coordinator.UtxoReferee.UnbanAsync(bannedElem.Key);
}
}
GetTxOutResponse getTxOutResponse = await RpcClient.GetTxOutAsync(inputProof.Input.Hash, (int)inputProof.Input.N, includeMempool : true);
// Check if inputs are unspent.
if (getTxOutResponse == null)
{
return(BadRequest("Provided input is not unspent."));
}
// Check if unconfirmed.
if (getTxOutResponse.Confirmations <= 0)
{
// If it spends a CJ then it may be acceptable to register.
if (!Coordinator.ContainsCoinJoin(inputProof.Input.Hash))
{
return(BadRequest("Provided input is neither confirmed, nor is from an unconfirmed coinjoin."));
}
// After 24 unconfirmed cj in the mempool dont't let unconfirmed coinjoin to be registered.
if (await Coordinator.IsUnconfirmedCoinJoinLimitReachedAsync())
{
return(BadRequest("Provided input is from an unconfirmed coinjoin, but the maximum number of unconfirmed coinjoins is reached."));
}
}
// Check if immature.
if (getTxOutResponse.Confirmations <= 100)
{
if (getTxOutResponse.IsCoinBase)
{
return(BadRequest("Provided input is immature."));
}
}
// Check if inputs are native segwit.
if (getTxOutResponse.ScriptPubKeyType != "witness_v0_keyhash")
{
return(BadRequest("Provided input must be witness_v0_keyhash."));
}
TxOut txout = getTxOutResponse.TxOut;
var address = (BitcoinWitPubKeyAddress)txout.ScriptPubKey.GetDestinationAddress(Network);
// Check if proofs are valid.
bool validProof;
try
{
validProof = address.VerifyMessage(request.BlindedOutputScriptHex, inputProof.Proof);
}
catch (FormatException ex)
{
return(BadRequest($"Provided proof is invalid: {ex.Message}"));
}
if (!validProof)
{
return(BadRequest("Provided proof is invalid."));
}
inputs.Add((inputProof.Input, txout));
}
// Check if inputs have enough coins.
Money inputSum = inputs.Sum(x => x.Output.Value);
Money networkFeeToPay = (inputs.Count() * round.FeePerInputs + 2 * round.FeePerOutputs);
Money changeAmount = inputSum - (round.Denomination + networkFeeToPay);
if (changeAmount < Money.Zero)
{
return(BadRequest($"Not enough inputs are provided. Fee to pay: {networkFeeToPay.ToString(false, true)} BTC. Round denomination: {round.Denomination.ToString(false, true)} BTC. Only provided: {inputSum.ToString(false, true)} BTC."));
}
// Make sure Alice checks work.
var alice = new Alice(inputs, networkFeeToPay, new Script(request.ChangeOutputScript), request.BlindedOutputScriptHex);
foreach (Guid aliceToRemove in alicesToRemove)
{
round.RemoveAlicesBy(aliceToRemove);
}
round.AddAlice(alice);
// All checks are good. Sign.
byte[] blindedData;
try
{
blindedData = ByteHelpers.FromHex(request.BlindedOutputScriptHex);
}
catch
{
return(BadRequest("Invalid blinded output hex."));
}
Logger.LogDebug <ChaumianCoinJoinController>($"Blinded data hex: {request.BlindedOutputScriptHex}");
Logger.LogDebug <ChaumianCoinJoinController>($"Blinded data array size: {blindedData.Length}");
byte[] signature = RsaKey.SignBlindedData(blindedData);
// Check if phase changed since.
if (round.Status != ChaumianCoinJoin.CcjRoundStatus.Running || round.Phase != CcjRoundPhase.InputRegistration)
{
return(base.StatusCode(StatusCodes.Status503ServiceUnavailable, "The state of the round changed while handling the request. Try again."));
}
// Progress round if needed.
if (round.CountAlices() >= round.AnonymitySet)
{
await round.RemoveAlicesIfInputsSpentAsync();
if (round.CountAlices() >= round.AnonymitySet)
{
await round.ExecuteNextPhaseAsync(CcjRoundPhase.ConnectionConfirmation);
}
}
var resp = new InputsResponse
{
UniqueId = alice.UniqueId,
BlindedOutputSignature = signature,
RoundId = round.RoundId
};
return(Ok(resp));
}
catch (Exception ex)
{
Logger.LogDebug <ChaumianCoinJoinController>(ex);
return(BadRequest(ex.Message));
}
}
}
public async Task <IActionResult> PostInputsAsync([FromBody, Required] InputsRequest request)
{
// Validate request.
if (request.RoundId < 0 || !ModelState.IsValid)
{
return(BadRequest("Invalid request."));
}
if (request.Inputs.Count() > 7)
{
return(BadRequest("Maximum 7 inputs can be registered."));
}
using (await InputsLock.LockAsync())
{
CoordinatorRound round = Coordinator.TryGetRound(request.RoundId);
if (round is null || round.Phase != RoundPhase.InputRegistration)
{
return(NotFound("No such running round in InputRegistration. Try another round."));
}
// Do more checks.
try
{
uint256[] blindedOutputs = request.BlindedOutputScripts.ToArray();
int blindedOutputCount = blindedOutputs.Length;
int maxBlindedOutputCount = round.MixingLevels.Count();
if (blindedOutputCount > maxBlindedOutputCount)
{
return(BadRequest($"Too many blinded output was provided: {blindedOutputCount}, maximum: {maxBlindedOutputCount}."));
}
if (blindedOutputs.Distinct().Count() < blindedOutputs.Length)
{
return(BadRequest("Duplicate blinded output found."));
}
if (round.ContainsAnyBlindedOutputScript(blindedOutputs))
{
return(BadRequest("Blinded output has already been registered."));
}
if (request.ChangeOutputAddress.Network != Network)
{
// RegTest and TestNet address formats are sometimes the same.
if (Network == Network.Main)
{
return(BadRequest($"Invalid ChangeOutputAddress Network."));
}
}
var uniqueInputs = new HashSet <OutPoint>();
foreach (InputProofModel inputProof in request.Inputs)
{
var outpoint = inputProof.Input.ToOutPoint();
if (uniqueInputs.Contains(outpoint))
{
return(BadRequest("Cannot register an input twice."));
}
uniqueInputs.Add(outpoint);
}
var alicesToRemove = new HashSet <Guid>();
var getTxOutResponses = new List <(InputProofModel inputModel, Task <GetTxOutResponse> getTxOutTask)>();
var batch = RpcClient.PrepareBatch();
foreach (InputProofModel inputProof in request.Inputs)
{
if (round.ContainsInput(inputProof.Input.ToOutPoint(), out List <Alice> tr))
{
alicesToRemove.UnionWith(tr.Select(x => x.UniqueId)); // Input is already registered by this alice, remove it later if all the checks are completed fine.
}
if (Coordinator.AnyRunningRoundContainsInput(inputProof.Input.ToOutPoint(), out List <Alice> tnr))
{
if (tr.Union(tnr).Count() > tr.Count)
{
return(BadRequest("Input is already registered in another round."));
}
}
OutPoint outpoint = inputProof.Input.ToOutPoint();
var bannedElem = await Coordinator.UtxoReferee.TryGetBannedAsync(outpoint, notedToo : false);
if (bannedElem != null)
{
return(BadRequest($"Input is banned from participation for {(int)bannedElem.BannedRemaining.TotalMinutes} minutes: {inputProof.Input.Index}:{inputProof.Input.TransactionId}."));
}
var txOutResponseTask = batch.GetTxOutAsync(inputProof.Input.TransactionId, (int)inputProof.Input.Index, includeMempool: true);
getTxOutResponses.Add((inputProof, txOutResponseTask));
}
// Perform all RPC request at once
var waiting = Task.WhenAll(getTxOutResponses.Select(x => x.getTxOutTask));
await batch.SendBatchAsync();
await waiting;
byte[] blindedOutputScriptHashesByte = ByteHelpers.Combine(blindedOutputs.Select(x => x.ToBytes()));
uint256 blindedOutputScriptsHash = new uint256(Hashes.SHA256(blindedOutputScriptHashesByte));
var inputs = new HashSet <Coin>();
foreach (var responses in getTxOutResponses)
{
var(inputProof, getTxOutResponseTask) = responses;
var getTxOutResponse = await getTxOutResponseTask;
// Check if inputs are unspent.
if (getTxOutResponse is null)
{
return(BadRequest($"Provided input is not unspent: {inputProof.Input.Index}:{inputProof.Input.TransactionId}."));
}
// Check if unconfirmed.
if (getTxOutResponse.Confirmations <= 0)
{
// If it spends a CJ then it may be acceptable to register.
if (!await Coordinator.ContainsUnconfirmedCoinJoinAsync(inputProof.Input.TransactionId))
{
return(BadRequest("Provided input is neither confirmed, nor is from an unconfirmed coinjoin."));
}
// Check if mempool would accept a fake transaction created with the registered inputs.
// This will catch ascendant/descendant count and size limits for example.
var result = await RpcClient.TestMempoolAcceptAsync(new[] { new Coin(inputProof.Input.ToOutPoint(), getTxOutResponse.TxOut) });
if (!result.accept)
{
return(BadRequest($"Provided input is from an unconfirmed coinjoin, but a limit is reached: {result.rejectReason}"));
}
}
// Check if immature.
if (getTxOutResponse.Confirmations <= 100)
{
if (getTxOutResponse.IsCoinBase)
{
return(BadRequest("Provided input is immature."));
}
}
// Check if inputs are native segwit.
if (getTxOutResponse.ScriptPubKeyType != "witness_v0_keyhash")
{
return(BadRequest("Provided input must be witness_v0_keyhash."));
}
TxOut txOut = getTxOutResponse.TxOut;
var address = (BitcoinWitPubKeyAddress)txOut.ScriptPubKey.GetDestinationAddress(Network);
// Check if proofs are valid.
if (!address.VerifyMessage(blindedOutputScriptsHash, inputProof.Proof))
{
return(BadRequest("Provided proof is invalid."));
}
inputs.Add(new Coin(inputProof.Input.ToOutPoint(), txOut));
}
var acceptedBlindedOutputScripts = new List <uint256>();
// Calculate expected networkfee to pay after base denomination.
int inputCount = inputs.Count;
Money networkFeeToPayAfterBaseDenomination = (inputCount * round.FeePerInputs) + (2 * round.FeePerOutputs);
// Check if inputs have enough coins.
Money inputSum = inputs.Sum(x => x.Amount);
Money changeAmount = (inputSum - (round.MixingLevels.GetBaseDenomination() + networkFeeToPayAfterBaseDenomination));
if (changeAmount < Money.Zero)
{
return(BadRequest($"Not enough inputs are provided. Fee to pay: {networkFeeToPayAfterBaseDenomination.ToString(false, true)} BTC. Round denomination: {round.MixingLevels.GetBaseDenomination().ToString(false, true)} BTC. Only provided: {inputSum.ToString(false, true)} BTC."));
}
acceptedBlindedOutputScripts.Add(blindedOutputs.First());
Money networkFeeToPay = networkFeeToPayAfterBaseDenomination;
// Make sure we sign the proper number of additional blinded outputs.
var moneySoFar = Money.Zero;
for (int i = 1; i < blindedOutputCount; i++)
{
if (!round.MixingLevels.TryGetDenomination(i, out Money denomination))
{
break;
}
Money coordinatorFee = denomination.Percentage(round.CoordinatorFeePercent * round.AnonymitySet); // It should be the number of bobs, but we must make sure they'd have money to pay all.
changeAmount -= (denomination + round.FeePerOutputs + coordinatorFee);
networkFeeToPay += round.FeePerOutputs;
if (changeAmount < Money.Zero)
{
break;
}
acceptedBlindedOutputScripts.Add(blindedOutputs[i]);
}
// Make sure Alice checks work.
var alice = new Alice(inputs, networkFeeToPayAfterBaseDenomination, request.ChangeOutputAddress, acceptedBlindedOutputScripts);
foreach (Guid aliceToRemove in alicesToRemove)
{
round.RemoveAlicesBy(aliceToRemove);
}
round.AddAlice(alice);
// All checks are good. Sign.
var blindSignatures = new List <uint256>();
for (int i = 0; i < acceptedBlindedOutputScripts.Count; i++)
{
var blindedOutput = acceptedBlindedOutputScripts[i];
var signer = round.MixingLevels.GetLevel(i).Signer;
uint256 blindSignature = signer.Sign(blindedOutput);
blindSignatures.Add(blindSignature);
}
alice.BlindedOutputSignatures = blindSignatures.ToArray();
// Check if phase changed since.
if (round.Status != CoordinatorRoundStatus.Running || round.Phase != RoundPhase.InputRegistration)
{
return(StatusCode(StatusCodes.Status503ServiceUnavailable, "The state of the round changed while handling the request. Try again."));
}
// Progress round if needed.
if (round.CountAlices() >= round.AnonymitySet)
{
await round.RemoveAlicesIfAnInputRefusedByMempoolAsync();
if (round.CountAlices() >= round.AnonymitySet)
{
await round.ExecuteNextPhaseAsync(RoundPhase.ConnectionConfirmation);
}
}
var resp = new InputsResponse
{
UniqueId = alice.UniqueId,
RoundId = round.RoundId
};
return(Ok(resp));
}
catch (Exception ex)
{
Logger.LogDebug(ex);
return(BadRequest(ex.Message));
}
}
}
public async Task <IActionResult> PostInputsAsync([FromBody] InputsRequest request)
{
// Validate request.
if (!ModelState.IsValid ||
request is null ||
string.IsNullOrWhiteSpace(request.BlindedOutputScriptHex) ||
string.IsNullOrWhiteSpace(request.ChangeOutputAddress) ||
request.Inputs is null ||
!request.Inputs.Any() ||
request.Inputs.Any(x => x.Input == default(TxoRef) ||
x.Input.TransactionId is null ||
string.IsNullOrWhiteSpace(x.Proof)))
{
return(BadRequest("Invalid request."));
}
if (request.Inputs.Count() > 7)
{
return(BadRequest("Maximum 7 inputs can be registered."));
}
using (await InputsLock.LockAsync())
{
CcjRound round = Coordinator.GetCurrentInputRegisterableRound();
// Do more checks.
try
{
if (round.ContainsBlindedOutputScriptHex(request.BlindedOutputScriptHex, out _))
{
return(BadRequest("Blinded output has already been registered."));
}
BitcoinAddress changeOutputAddress;
try
{
changeOutputAddress = BitcoinAddress.Create(request.ChangeOutputAddress, Network);
}
catch (FormatException ex)
{
return(BadRequest($"Invalid ChangeOutputAddress. Details: {ex.Message}"));
}
var inputs = new HashSet <Coin>();
var alicesToRemove = new HashSet <Guid>();
foreach (InputProofModel inputProof in request.Inputs)
{
if (inputs.Any(x => x.Outpoint == inputProof.Input))
{
return(BadRequest("Cannot register an input twice."));
}
if (round.ContainsInput(inputProof.Input.ToOutPoint(), out List <Alice> tr))
{
alicesToRemove.UnionWith(tr.Select(x => x.UniqueId)); // Input is already registered by this alice, remove it later if all the checks are completed fine.
}
if (Coordinator.AnyRunningRoundContainsInput(inputProof.Input.ToOutPoint(), out List <Alice> tnr))
{
if (tr.Union(tnr).Count() > tr.Count())
{
return(BadRequest("Input is already registered in another round."));
}
}
OutPoint outpoint = inputProof.Input.ToOutPoint();
var bannedElem = await Coordinator.UtxoReferee.TryGetBannedAsync(outpoint, notedToo : false);
if (bannedElem != null)
{
return(BadRequest($"Input is banned from participation for {(int)bannedElem.Value.bannedRemaining.TotalMinutes} minutes: {inputProof.Input.Index}:{inputProof.Input.TransactionId}."));
}
GetTxOutResponse getTxOutResponse = await RpcClient.GetTxOutAsync(inputProof.Input.TransactionId, (int)inputProof.Input.Index, includeMempool : true);
// Check if inputs are unspent.
if (getTxOutResponse is null)
{
return(BadRequest($"Provided input is not unspent: {inputProof.Input.Index}:{inputProof.Input.TransactionId}."));
}
// Check if unconfirmed.
if (getTxOutResponse.Confirmations <= 0)
{
// If it spends a CJ then it may be acceptable to register.
if (!Coordinator.ContainsCoinJoin(inputProof.Input.TransactionId))
{
return(BadRequest("Provided input is neither confirmed, nor is from an unconfirmed coinjoin."));
}
// Check if mempool would accept a fake transaction created with the registered inputs.
// This will catch ascendant/descendant count and size limits for example.
var result = await RpcClient.TestMempoolAcceptAsync(new Coin(inputProof.Input.ToOutPoint(), getTxOutResponse.TxOut));
if (!result.accept)
{
return(BadRequest($"Provided input is from an unconfirmed coinjoin, but a limit is reached: {result.rejectReason}"));
}
}
// Check if immature.
if (getTxOutResponse.Confirmations <= 100)
{
if (getTxOutResponse.IsCoinBase)
{
return(BadRequest("Provided input is immature."));
}
}
// Check if inputs are native segwit.
if (getTxOutResponse.ScriptPubKeyType != "witness_v0_keyhash")
{
return(BadRequest("Provided input must be witness_v0_keyhash."));
}
TxOut txout = getTxOutResponse.TxOut;
var address = (BitcoinWitPubKeyAddress)txout.ScriptPubKey.GetDestinationAddress(Network);
// Check if proofs are valid.
bool validProof;
try
{
validProof = address.VerifyMessage(request.BlindedOutputScriptHex, inputProof.Proof);
}
catch (FormatException ex)
{
return(BadRequest($"Provided proof is invalid: {ex.Message}"));
}
if (!validProof)
{
await Coordinator.UtxoReferee.BanUtxosAsync(1, DateTimeOffset.UtcNow, forceNoted : false, round.RoundId, outpoint);
return(BadRequest("Provided proof is invalid."));
}
inputs.Add(new Coin(inputProof.Input.ToOutPoint(), txout));
}
// Check if inputs have enough coins.
Money inputSum = inputs.Sum(x => x.Amount);
Money networkFeeToPay = (inputs.Count() * round.FeePerInputs) + (2 * round.FeePerOutputs);
Money changeAmount = inputSum - (round.Denomination + networkFeeToPay);
if (changeAmount < Money.Zero)
{
return(BadRequest($"Not enough inputs are provided. Fee to pay: {networkFeeToPay.ToString(false, true)} BTC. Round denomination: {round.Denomination.ToString(false, true)} BTC. Only provided: {inputSum.ToString(false, true)} BTC."));
}
// Make sure Alice checks work.
var alice = new Alice(inputs, networkFeeToPay, changeOutputAddress, request.BlindedOutputScriptHex);
foreach (Guid aliceToRemove in alicesToRemove)
{
round.RemoveAlicesBy(aliceToRemove);
}
round.AddAlice(alice);
// All checks are good. Sign.
byte[] blindedData;
try
{
blindedData = ByteHelpers.FromHex(request.BlindedOutputScriptHex);
}
catch
{
return(BadRequest("Invalid blinded output hex."));
}
byte[] signature = RsaKey.SignBlindedData(blindedData);
// Check if phase changed since.
if (round.Status != CcjRoundStatus.Running || round.Phase != CcjRoundPhase.InputRegistration)
{
return(base.StatusCode(StatusCodes.Status503ServiceUnavailable, "The state of the round changed while handling the request. Try again."));
}
// Progress round if needed.
if (round.CountAlices() >= round.AnonymitySet)
{
await round.RemoveAlicesIfAnInputRefusedByMempoolAsync();
if (round.CountAlices() >= round.AnonymitySet)
{
await round.ExecuteNextPhaseAsync(CcjRoundPhase.ConnectionConfirmation);
}
}
var resp = new InputsResponse
{
UniqueId = alice.UniqueId,
BlindedOutputSignature = signature,
RoundId = round.RoundId
};
return(Ok(resp));
}
catch (Exception ex)
{
Logger.LogDebug <ChaumianCoinJoinController>(ex);
return(BadRequest(ex.Message));
}
}
}
private async Task ProcessStatusAsync()
{
try
{
IEnumerable <CcjRunningRoundState> states = await SatoshiClient.GetAllRoundStatesAsync();
using (await MixLock.LockAsync())
{
foreach (CcjRunningRoundState state in states)
{
CcjClientRound round = Rounds.SingleOrDefault(x => x.State.RoundId == state.RoundId);
if (round == null) // It's a new running round.
{
var r = new CcjClientRound(state);
Rounds.Add(r);
RoundAdded?.Invoke(this, r);
}
else
{
round.State = state;
RoundUpdated?.Invoke(this, round);
}
}
var roundsToRemove = new List <long>();
foreach (CcjClientRound round in Rounds)
{
CcjRunningRoundState state = states.SingleOrDefault(x => x.RoundId == round.State.RoundId);
if (state == null) // The round is not running anymore.
{
foreach (MixCoin rc in round.CoinsRegistered)
{
CoinsWaitingForMix.Add(rc);
}
roundsToRemove.Add(round.State.RoundId);
}
}
foreach (long roundId in roundsToRemove)
{
Rounds.RemoveAll(x => x.State.RoundId == roundId);
RoundRemoved?.Invoke(this, roundId);
}
}
int delay = new Random().Next(0, 7); // delay the response to defend timing attack privacy
await Task.Delay(TimeSpan.FromSeconds(delay), Stop.Token);
using (await MixLock.LockAsync())
{
CoinsWaitingForMix.RemoveAll(x => x.SmartCoin.SpenderTransactionId != null); // Make sure coins those were somehow spent are removed.
CcjClientRound inputRegistrableRound = Rounds.First(x => x.State.Phase == CcjRoundPhase.InputRegistration);
if (inputRegistrableRound.AliceUniqueId == null) // If didn't register already, check what can we register.
{
try
{
var coinsToRegister = new List <MixCoin>();
var amountSoFar = Money.Zero;
Money amountNeededExceptInputFees = inputRegistrableRound.State.Denomination + inputRegistrableRound.State.FeePerOutputs * 2;
var tooSmallInputs = false;
foreach (MixCoin coin in CoinsWaitingForMix
.Where(x => x.SmartCoin.Confirmed || x.SmartCoin.Label.Contains("CoinJoin", StringComparison.Ordinal)) // Where our label contains CoinJoin, CoinJoins can be registered even if not confirmed, our label will likely be CoinJoin only if it was a previous CoinJoin, otherwise the server will refuse us.
.OrderByDescending(y => y.SmartCoin.Amount) // First order by amount.
.OrderByDescending(z => z.SmartCoin.Confirmed)) // Then order by the amount ordered ienumerable by confirmation, so first try to register confirmed coins.
{
coinsToRegister.Add(coin);
if (inputRegistrableRound.State.MaximumInputCountPerPeer < coinsToRegister.Count)
{
tooSmallInputs = true;
break;
}
amountSoFar += coin.SmartCoin.Amount;
if (amountSoFar > amountNeededExceptInputFees + inputRegistrableRound.State.FeePerInputs * coinsToRegister.Count)
{
break;
}
}
// If input count doesn't reach the max input registration AND there are enough coins queued, then register to mix.
if (!tooSmallInputs && amountSoFar > amountNeededExceptInputFees + inputRegistrableRound.State.FeePerInputs * coinsToRegister.Count)
{
var changeKey = KeyManager.GenerateNewKey("CoinJoin Change Output", KeyState.Locked, isInternal: true);
var activeKey = KeyManager.GenerateNewKey("CoinJoin Active Output", KeyState.Locked, isInternal: true);
var blind = BlindingPubKey.Blind(activeKey.GetP2wpkhScript().ToBytes());
var inputProofs = new List <InputProofModel>();
foreach (var coin in coinsToRegister)
{
var inputProof = new InputProofModel
{
Input = coin.SmartCoin.GetOutPoint(),
Proof = coin.Secret.PrivateKey.SignMessage(ByteHelpers.ToHex(blind.BlindedData))
};
inputProofs.Add(inputProof);
}
InputsResponse inputsResponse = await AliceClient.PostInputsAsync(changeKey.GetP2wpkhScript(), blind.BlindedData, inputProofs.ToArray());
if (!BlindingPubKey.Verify(inputsResponse.BlindedOutputSignature, blind.BlindedData))
{
throw new NotSupportedException("Coordinator did not sign the blinded output properly.");
}
CcjClientRound roundRegistered = Rounds.SingleOrDefault(x => x.State.RoundId == inputsResponse.RoundId);
if (roundRegistered == null)
{
// If our SatoshiClient doesn't yet know about the round because of the dealy create it.
// Make its state as it'd be the same as our assumed round was, except the roundId and registeredPeerCount, it'll be updated later.
roundRegistered = new CcjClientRound(CcjRunningRoundState.CloneExcept(inputRegistrableRound.State, inputsResponse.RoundId, registeredPeerCount: 1));
Rounds.Add(roundRegistered);
RoundAdded?.Invoke(this, roundRegistered);
}
foreach (var coin in coinsToRegister)
{
roundRegistered.CoinsRegistered.Add(coin);
CoinsWaitingForMix.Remove(coin);
}
roundRegistered.ActiveOutput = activeKey;
roundRegistered.ChangeOutput = changeKey;
roundRegistered.UnblindedSignature = BlindingPubKey.UnblindSignature(inputsResponse.BlindedOutputSignature, blind.BlindingFactor);
roundRegistered.AliceUniqueId = inputsResponse.UniqueId;
RoundUpdated?.Invoke(this, roundRegistered);
}
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
else // We registered, let's confirm we're online.
{
try
{
string roundHash = await AliceClient.PostConfirmationAsync(inputRegistrableRound.State.RoundId, (Guid)inputRegistrableRound.AliceUniqueId);
if (roundHash != null) // Then the phase went to connection confirmation.
{
inputRegistrableRound.RoundHash = roundHash;
inputRegistrableRound.State.Phase = CcjRoundPhase.ConnectionConfirmation;
RoundUpdated?.Invoke(this, inputRegistrableRound);
}
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
foreach (CcjClientRound ongoingRound in Rounds.Where(x => x.State.Phase != CcjRoundPhase.InputRegistration && x.AliceUniqueId != null))
{
try
{
if (ongoingRound.State.Phase == CcjRoundPhase.ConnectionConfirmation)
{
if (ongoingRound.RoundHash == null) // If we didn't already obtained our roundHash obtain it.
{
string roundHash = await AliceClient.PostConfirmationAsync(inputRegistrableRound.State.RoundId, (Guid)inputRegistrableRound.AliceUniqueId);
if (roundHash == null)
{
throw new NotSupportedException("Coordinator didn't gave us the expected roundHash, even though it's in ConnectionConfirmation phase.");
}
else
{
ongoingRound.RoundHash = roundHash;
RoundUpdated?.Invoke(this, ongoingRound);
}
}
}
else if (ongoingRound.State.Phase == CcjRoundPhase.OutputRegistration)
{
if (ongoingRound.RoundHash == null)
{
throw new NotSupportedException("Coordinator progressed to OutputRegistration phase, even though we didn't obtain roundHash.");
}
await BobClient.PostOutputAsync(ongoingRound.RoundHash, ongoingRound.ActiveOutput.GetP2wpkhScript(), ongoingRound.UnblindedSignature);
}
else if (ongoingRound.State.Phase == CcjRoundPhase.Signing)
{
Transaction unsignedCoinJoin = await AliceClient.GetUnsignedCoinJoinAsync(ongoingRound.State.RoundId, (Guid)ongoingRound.AliceUniqueId);
if (NBitcoinHelpers.HashOutpoints(unsignedCoinJoin.Inputs.Select(x => x.PrevOut)) != ongoingRound.RoundHash)
{
throw new NotSupportedException("Coordinator provided invalid roundHash.");
}
Money amountBack = unsignedCoinJoin.Outputs
.Where(x => x.ScriptPubKey == ongoingRound.ActiveOutput.GetP2wpkhScript() || x.ScriptPubKey == ongoingRound.ChangeOutput.GetP2wpkhScript())
.Sum(y => y.Value);
Money minAmountBack = ongoingRound.CoinsRegistered.Sum(x => x.SmartCoin.Amount); // Start with input sum.
minAmountBack -= ongoingRound.State.FeePerOutputs * 2 + ongoingRound.State.FeePerInputs * ongoingRound.CoinsRegistered.Count; // Minus miner fee.
Money actualDenomination = unsignedCoinJoin.GetIndistinguishableOutputs().OrderByDescending(x => x.count).First().value; // Denomination may grow.
Money expectedCoordinatorFee = new Money((ongoingRound.State.CoordinatorFeePercent * 0.01m) * decimal.Parse(actualDenomination.ToString(false, true)), MoneyUnit.BTC);
minAmountBack -= expectedCoordinatorFee; // Minus expected coordinator fee.
// If there's no change output then coordinator protection may happened:
if (unsignedCoinJoin.Outputs.All(x => x.ScriptPubKey != ongoingRound.ChangeOutput.GetP2wpkhScript()))
{
Money minimumOutputAmount = new Money(0.0001m, MoneyUnit.BTC); // If the change would be less than about $1 then add it to the coordinator.
Money onePercentOfDenomination = new Money(actualDenomination.ToDecimal(MoneyUnit.BTC) * 0.01m, MoneyUnit.BTC); // If the change is less than about 1% of the newDenomination then add it to the coordinator fee.
Money minimumChangeAmount = Math.Max(minimumOutputAmount, onePercentOfDenomination);
minAmountBack -= minimumChangeAmount; // Minus coordinator protections (so it won't create bad coinjoins.)
}
if (amountBack < minAmountBack)
{
throw new NotSupportedException("Coordinator did not add enough value to our outputs in the coinjoin.");
}
new TransactionBuilder()
.AddKeys(ongoingRound.CoinsRegistered.Select(x => x.Secret).ToArray())
.AddCoins(ongoingRound.CoinsRegistered.Select(x => x.SmartCoin.GetCoin()))
.SignTransactionInPlace(unsignedCoinJoin, SigHash.All);
var myDic = new Dictionary <int, WitScript>();
for (int i = 0; i < unsignedCoinJoin.Inputs.Count; i++)
{
var input = unsignedCoinJoin.Inputs[i];
if (ongoingRound.CoinsRegistered.Select(x => x.SmartCoin.GetOutPoint()).Contains(input.PrevOut))
{
myDic.Add(i, unsignedCoinJoin.Inputs[i].WitScript);
}
}
await AliceClient.PostSignaturesAsync(ongoingRound.State.RoundId, (Guid)ongoingRound.AliceUniqueId, myDic);
}
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
}
}
catch (TaskCanceledException ex)
{
Logger.LogTrace <CcjClient>(ex);
}
catch (Exception ex)
{
Logger.LogError <CcjClient>(ex);
}
}
