public void Bullet_Proof_Extra_Commit_Wrong()
{
using (var secp256k1 = new Secp256k1())
using (var pedersen = new Pedersen())
using (var bulletProof = new BulletProof())
{
// Correct extra commit
var extraCommit = new byte[32];
var blinding = secp256k1.CreatePrivateKey();
ulong value = 100033;
var commit = pedersen.Commit(value, blinding);
var @struct = bulletProof.GenProof(value, blinding, (byte[])blinding.Clone(), (byte[])blinding.Clone(), extraCommit, null);
var success = bulletProof.Verify(commit, @struct.proof, extraCommit);
Assert.True(success);
//Wrong extra commit
var extraCommitWrong = new byte[32];
extraCommitWrong[0] = 1;
success = bulletProof.Verify(commit, @struct.proof, extraCommitWrong);
Assert.False(success);
}
}
public void Bullet_Proof()
{
using (var secp256k1 = new Secp256k1())
using (var pedersen = new Pedersen())
using (var bulletProof = new BulletProof())
{
// Correct value
ulong value = 300;
var blinding = secp256k1.CreatePrivateKey();
var commit = pedersen.Commit(value, blinding);
var @struct = bulletProof.GenProof(value, blinding, (byte[])blinding.Clone(), (byte[])blinding.Clone(), null, null);
var success = bulletProof.Verify(commit, @struct.proof, null);
Assert.True(success);
// Wrong value
value = 1222344;
var commitWrong = pedersen.Commit(122111, blinding);
@struct = bulletProof.GenProof(value, blinding, (byte[])blinding.Clone(), (byte[])blinding.Clone(), null, null);
success = bulletProof.Verify(commit, @struct.proof, null);
Assert.False(success);
// Wrong binding
value = 122322;
commit = pedersen.Commit(value, blinding);
blinding = secp256k1.CreatePrivateKey();
@struct = bulletProof.GenProof(value, blinding, (byte[])blinding.Clone(), (byte[])blinding.Clone(), null, null);
success = bulletProof.Verify(commit, @struct.proof, null);
Assert.False(success);
}
}
public void Bullet_Proof_Minimum_Amount()
{
using (var secp256k1 = new Secp256k1())
using (var pedersen = new Pedersen())
using (var bulletProof = new BulletProof())
{
int minValue = 1000;
ulong value = 300;
// Correct value and minimum value
var blinding = secp256k1.CreatePrivateKey();
var commit = pedersen.Commit(value, blinding);
var @struct = bulletProof.GenProof(value, blinding, (byte[])blinding.Clone(), (byte[])blinding.Clone(), null, null);
var success = bulletProof.Verify(commit, @struct.proof, null);
Assert.True(success);
// Wrong value < 1000 and minimum value.
var commitWrong = pedersen.Commit(value, blinding);
@struct = bulletProof.GenProof(value, blinding, (byte[])blinding.Clone(), (byte[])blinding.Clone(), null, null, minValue);
success = bulletProof.Verify(commit, @struct.proof, null, minValue);
Assert.False(success);
}
}
/// <summary>
/// </summary>
/// <param name="transaction"></param>
/// <returns></returns>
public VerifyResult VerifyBulletProof(Transaction transaction)
{
Guard.Argument(transaction, nameof(transaction)).NotNull();
Guard.Argument(transaction.Vout, nameof(transaction)).NotNull();
try
{
if (transaction.Validate().Any())
{
return(VerifyResult.UnableToVerify);
}
using var secp256K1 = new Secp256k1();
using var bulletProof = new BulletProof();
if (transaction.Bp.Select((t, i) => bulletProof.Verify(transaction.Vout[i + 2].C, t.Proof, null))
.Any(verified => !verified))
{
return(VerifyResult.UnableToVerify);
}
}
catch (Exception ex)
{
_logger.Here().Error(ex, "Unable to verify the bullet proof");
return(VerifyResult.UnableToVerify);
}
return(VerifyResult.Succeed);
}
/// <summary>
/// Attachs the envelope.
/// </summary>
/// <param name="blindSum">Blind sum.</param>
/// <param name="commitSum">Commit sum.</param>
/// <param name="balance">Balance.</param>
/// <param name="secret">Secret.</param>
/// <param name="coin">Coin.</param>
private void AttachEnvelope(byte[] blindSum, byte[] commitSum, ulong balance, SecureString secret, SecureString salt, ref CoinDto coin)
{
var(k1, k2) = Split(blindSum, secret, salt, coin.Stamp, coin.Version);
using (var secp256k1 = new Secp256k1())
using (var pedersen = new Pedersen())
using (var bulletProof = new BulletProof())
{
coin.Envelope.Commitment = commitSum.ToHex();
coin.Envelope.Proof = k2.ToHex();
coin.Envelope.PublicKey = pedersen.ToPublicKey(pedersen.Commit(0, k1)).ToHex();
coin.Hash = Hash(coin).ToHex();
coin.Envelope.Signature = secp256k1.Sign(coin.Hash.FromHex(), k1).ToHex();
var @struct = bulletProof.ProofSingle(balance, blindSum, Cryptography.RandomBytes(), null, null, null);
var success = bulletProof.Verify(commitSum, @struct.proof, null);
if (!success)
{
throw new ArgumentOutOfRangeException(nameof(success), "Bullet proof failed.");
}
coin.Envelope.RangeProof = @struct.proof.ToHex();
}
}
static void Main(string[] args)
{
using (var secp256k1 = new Secp256k1())
using (var pedersen = new Pedersen())
using (var bulletProof = new BulletProof())
{
// Correct valu
int minValue = 1000;
ulong value = 1000;
var blinding = secp256k1.CreatePrivateKey();
var commit = pedersen.Commit(value, blinding);
var @struct = bulletProof.GenProof(value, blinding, (byte[])blinding.Clone(), (byte[])blinding.Clone(), null, null);
var success = bulletProof.Verify(commit, @struct.proof, null);
}
}
public void Bullet_Proof_Extra_Commit()
{
using (var secp256k1 = new Secp256k1())
using (var pedersen = new Pedersen())
using (var bulletProof = new BulletProof())
{
var extraCommit = new byte[32];
var blinding = secp256k1.GetSecretKey();
ulong value = 100033;
var commit = pedersen.Commit(value, blinding);
var @struct = bulletProof.GenProof(value, blinding, (byte[])blinding.Clone(), (byte[])blinding.Clone(), extraCommit, null);
var success = bulletProof.Verify(commit, @struct.proof, extraCommit);
Assert.True(success);
}
}
/// <summary>
///
/// </summary>
/// <param name="message"></param>
/// <returns></returns>
private bool ValidateCoinRule(ValidateCoinRuleMessage message)
{
if (message == null)
{
throw new ArgumentNullException(nameof(message));
}
if (message.Coin == null)
{
throw new ArgumentNullException(nameof(message.Coin));
}
var coinHasElements = message.Coin.Validate().Any();
if (!coinHasElements)
{
try
{
using var secp256k1 = new Secp256k1();
using var bulletProof = new BulletProof();
var success = bulletProof.Verify(message.Coin.Commitment.FromHex(), message.Coin.RangeProof.FromHex(), null);
if (!success)
{
return(false);
}
}
catch (Exception ex)
{
logger.Error($"<<< SigningProvider.ValidateRule >>>: {ex.ToString()}");
return(false);
}
}
return(true);
}
