public ServerCommitmentsProof CheckRevelation(ClientRevelation revelation)
        {
            if (revelation == null)
            {
                throw new ArgumentNullException(nameof(revelation));
            }
            if (revelation.Salts.Length != Parameters.FakeTransactionCount ||
                revelation.FakeIndexes.Length != Parameters.FakeTransactionCount)
            {
                throw new ArgumentNullException("The revelation should contains " + Parameters.FakeTransactionCount +
                                                " indexes and salts");
            }
            AssertState(PromiseServerStates.WaitingRevelation);

            var indexSalt = revelation.IndexesSalt;

            if (InternalState.FakeIndexesHash != PromiseUtils.HashIndexes(ref indexSalt, revelation.FakeIndexes))
            {
                throw new PuzzleException("Invalid index salt");
            }

            List <PuzzleSolution> solutions = new List <PuzzleSolution>();

            for (int i = 0; i < Parameters.FakeTransactionCount; i++)
            {
                var salt             = revelation.Salts[i];
                var encrypted        = InternalState.EncryptedSignatures[revelation.FakeIndexes[i]];
                var actualSignedHash = Parameters.CreateFakeHash(salt);
                if (actualSignedHash != encrypted.SignedHash)
                {
                    throw new PuzzleException("Incorrect salt provided");
                }
                solutions.Add(encrypted.PuzzleSolution);
            }

            // We can throw away the fake puzzles
            InternalState.EncryptedSignatures = InternalState.EncryptedSignatures
                                                .Where((e, i) => !revelation.FakeIndexes.Contains(i)).ToArray();

            Quotient[] quotients = new Quotient[Parameters.RealTransactionCount - 1];
            for (int i = 0; i < InternalState.EncryptedSignatures.Length - 1; i++)
            {
                var a = InternalState.EncryptedSignatures[i].PuzzleSolution._Value;
                var b = InternalState.EncryptedSignatures[i + 1].PuzzleSolution._Value;
                quotients[i] = new Quotient(b.Multiply(a.ModInverse(Parameters.ServerKey._Key.Modulus))
                                            .Mod(Parameters.ServerKey._Key.Modulus));
            }

            InternalState.FakeIndexesHash = null;
            InternalState.Status          = PromiseServerStates.Completed;
            return(new ServerCommitmentsProof(solutions.ToArray(), quotients));
        }
Esempio n. 2
0
        public ServerCommitmentsProof CheckRevelation(ClientRevelation revelation, Script cashoutDestination, FeeRate feeRate)
        {
            /*
             * Steps 7, 9
             * Almost ready, just need to figure out:
             * - The CashOutFormat for the validation of RealSet.
             * - How to get the cashoutDestination and the feeRate,
             *   for now I pass them in like in "CreateSignatureRequest"
             *   from ClientSession.
             */

            if (revelation == null)
            {
                throw new ArgumentNullException(nameof(revelation));
            }

            var saltCount = revelation.Salts.Select(a => a.Length).Sum();

            if (saltCount != Parameters.GetTotalFakeTransactionsCount() || revelation.FakeIndexes.Length != Parameters.FakeTransactionCountPerLevel)
            {
                throw new ArgumentNullException($"The revelation should contains {Parameters.GetTotalFakeTransactionsCount()} salts and {Parameters.FakeTransactionCountPerLevel} indices");
            }

            var variationCount = revelation.FeeVariations.Select(a => a.Length).Sum();

            if (variationCount != Parameters.GetTotalRealTransactionsCount())
            {
                throw new ArgumentNullException($"The revelation should contains {Parameters.GetTotalRealTransactionsCount()} fee variations");
            }

            AssertState(PromiseServerStates.WaitingRevelation);

            var indexSalt = revelation.IndexesSalt;

            if (InternalState.FakeIndexesHash != PromiseUtils.HashIndexes(ref indexSalt, revelation.FakeIndexes))
            {
                throw new PuzzleException("Invalid index salt");
            }

            Transaction cashout = new Transaction();

            // TODO: Figure out the cashout format for j Bitcoins
            cashout.AddInput(new TxIn(InternalState.EscrowedCoin.Outpoint));
            cashout.Inputs[0].ScriptSig = new Script(
                Op.GetPushOp(TrustedBroadcastRequest.PlaceholderSignature),
                Op.GetPushOp(TrustedBroadcastRequest.PlaceholderSignature),
                Op.GetPushOp(InternalState.EscrowedCoin.Redeem.ToBytes())
                );
            cashout.AddOutput(new TxOut(InternalState.EscrowedCoin.Amount, cashoutDestination));
            cashout.Outputs[0].Value -= feeRate.GetFee(cashout.GetVirtualSize());


            var solutions   = new PuzzleSolution[Parameters.PaymentsCount][];
            var RealIndexes = Enumerable.Range(0, Parameters.GetTotalTransactionsCountPerLevel()).Where(a => !revelation.FakeIndexes.Contains(a)).ToArray();

            for (int i = 0; i < solutions.Length; i++)
            {
                // Checking valid Transactions
                for (int j = 0; j < Parameters.RealTransactionCountPerLevel; j++)
                {
                    var feeVariation = revelation.FeeVariations[i][j];
                    var encrypted    = InternalState.EncryptedSignatures[i][RealIndexes[j]];
                    // Check if this function approved!
                    var actualSignedHash = Parameters.CreateRealHash(cashout, InternalState.EscrowedCoin, feeVariation);
                    if (actualSignedHash != encrypted.SignedHash)
                    {
                        throw new PuzzleException("Incorrect feeVariation provided");
                    }
                }
                // Checking Fake Transactions
                solutions[i] = new PuzzleSolution[Parameters.FakeTransactionCountPerLevel]; // Initialization
                for (int j = 0; j < solutions[i].Length; j++)
                {
                    var salt             = revelation.Salts[i][j];
                    var encrypted        = InternalState.EncryptedSignatures[i][revelation.FakeIndexes[j]];
                    var actualSignedHash = Parameters.CreateFakeHash(salt);
                    if (actualSignedHash != encrypted.SignedHash)
                    {
                        throw new PuzzleException("Incorrect salt provided");
                    }
                    solutions[i][j] = encrypted.PuzzleSolution;
                }
            }

            // We can throw away the fake puzzles
            InternalState.EncryptedSignatures = InternalState.EncryptedSignatures.Select(a => a.Where((e, i) => !revelation.FakeIndexes.Contains(i)).ToArray()).ToArray();

            // Step 9
            var quotients = new Quotient[Parameters.PaymentsCount][];

            for (int i = 0; i < quotients.Length; i++)
            {
                quotients[i] = new Quotient[Parameters.RealTransactionCountPerLevel - 1];
                for (int j = 0; j < quotients[i].Length; j++)
                {
                    var a = InternalState.EncryptedSignatures[i][j].PuzzleSolution._Value;
                    var b = InternalState.EncryptedSignatures[i][j + 1].PuzzleSolution._Value;
                    quotients[i][j] = new Quotient(b.Multiply(a.ModInverse(Parameters.ServerKey._Key.Modulus)).Mod(Parameters.ServerKey._Key.Modulus));
                }
            }

            InternalState.FakeIndexesHash = null;
            InternalState.Status          = PromiseServerStates.Completed;
            return(new ServerCommitmentsProof(solutions.ToArray(), quotients));
        }