/// Verify the transaction proof validity. Entails handling the commitment
/// as a public key and checking the signature verifies with the fee as
/// message.
public void Verify(Secp256K1 secp)
{
var msg = Message.from_slice(TransactionHelper.kernel_sig_msg(Fee, LockHeight));
var sig = Signiture.from_der(secp, ExcessSig);
secp.verify_from_commit(msg, sig, Excess);
}
/// The verification for a MimbleWimble transaction involves getting the
/// excess of summing all commitments and using it as a public key
/// to verify the embedded signature. The rational is that if the values
/// sum to zero as they should in r.G + v.H then only k.G the excess
/// of the sum of r.G should be left. And r.G is the definition of a
/// public key generated using r as a private key.
public TxKernel verify_sig(Secp256K1 secp)
{
var rsum = this.sum_commitments(secp);
var msg = Message.from_slice(TransactionHelper.kernel_sig_msg(Fee, LockHeight));
var sig = Signiture.from_der(secp, ExcessSig);
// pretend the sum is a public key (which it is, being of the form r.G) and
// verify the transaction sig with it
//
// we originally converted the commitment to a key_id here (commitment to zero)
// and then passed the key_id to secp.verify()
// the secp api no longer allows us to do this so we have wrapped the complexity
// of generating a public key from a commitment behind verify_from_commit
secp.verify_from_commit(msg, sig, rsum);
var kernel = new TxKernel
{
Features = KernelFeatures.DefaultKernel,
Excess = rsum,
ExcessSig = ExcessSig,
Fee = Fee,
LockHeight = LockHeight
};
Log.Debug(
"tx verify_sig: fee - {fee}, lock_height - {lock_height}",
kernel.Fee,
kernel.LockHeight
);
return(kernel);
}
