public ServerCommitmentsProof CheckRevelation(ClientRevelation revelation)
{
if (revelation == null)
{
throw new ArgumentNullException(nameof(revelation));
}
if (revelation.Salts.Length != Parameters.FakeTransactionCount ||
revelation.FakeIndexes.Length != Parameters.FakeTransactionCount)
{
throw new ArgumentNullException("The revelation should contains " + Parameters.FakeTransactionCount +
" indexes and salts");
}
AssertState(PromiseServerStates.WaitingRevelation);
var indexSalt = revelation.IndexesSalt;
if (InternalState.FakeIndexesHash != PromiseUtils.HashIndexes(ref indexSalt, revelation.FakeIndexes))
{
throw new PuzzleException("Invalid index salt");
}
List <PuzzleSolution> solutions = new List <PuzzleSolution>();
for (int i = 0; i < Parameters.FakeTransactionCount; i++)
{
var salt = revelation.Salts[i];
var encrypted = InternalState.EncryptedSignatures[revelation.FakeIndexes[i]];
var actualSignedHash = Parameters.CreateFakeHash(salt);
if (actualSignedHash != encrypted.SignedHash)
{
throw new PuzzleException("Incorrect salt provided");
}
solutions.Add(encrypted.PuzzleSolution);
}
// We can throw away the fake puzzles
InternalState.EncryptedSignatures = InternalState.EncryptedSignatures
.Where((e, i) => !revelation.FakeIndexes.Contains(i)).ToArray();
Quotient[] quotients = new Quotient[Parameters.RealTransactionCount - 1];
for (int i = 0; i < InternalState.EncryptedSignatures.Length - 1; i++)
{
var a = InternalState.EncryptedSignatures[i].PuzzleSolution._Value;
var b = InternalState.EncryptedSignatures[i + 1].PuzzleSolution._Value;
quotients[i] = new Quotient(b.Multiply(a.ModInverse(Parameters.ServerKey._Key.Modulus))
.Mod(Parameters.ServerKey._Key.Modulus));
}
InternalState.FakeIndexesHash = null;
InternalState.Status = PromiseServerStates.Completed;
return(new ServerCommitmentsProof(solutions.ToArray(), quotients));
}
public ServerCommitmentsProof CheckRevelation(ClientRevelation revelation, Script cashoutDestination, FeeRate feeRate)
{
/*
* Steps 7, 9
* Almost ready, just need to figure out:
* - The CashOutFormat for the validation of RealSet.
* - How to get the cashoutDestination and the feeRate,
* for now I pass them in like in "CreateSignatureRequest"
* from ClientSession.
*/
if (revelation == null)
{
throw new ArgumentNullException(nameof(revelation));
}
var saltCount = revelation.Salts.Select(a => a.Length).Sum();
if (saltCount != Parameters.GetTotalFakeTransactionsCount() || revelation.FakeIndexes.Length != Parameters.FakeTransactionCountPerLevel)
{
throw new ArgumentNullException($"The revelation should contains {Parameters.GetTotalFakeTransactionsCount()} salts and {Parameters.FakeTransactionCountPerLevel} indices");
}
var variationCount = revelation.FeeVariations.Select(a => a.Length).Sum();
if (variationCount != Parameters.GetTotalRealTransactionsCount())
{
throw new ArgumentNullException($"The revelation should contains {Parameters.GetTotalRealTransactionsCount()} fee variations");
}
AssertState(PromiseServerStates.WaitingRevelation);
var indexSalt = revelation.IndexesSalt;
if (InternalState.FakeIndexesHash != PromiseUtils.HashIndexes(ref indexSalt, revelation.FakeIndexes))
{
throw new PuzzleException("Invalid index salt");
}
Transaction cashout = new Transaction();
// TODO: Figure out the cashout format for j Bitcoins
cashout.AddInput(new TxIn(InternalState.EscrowedCoin.Outpoint));
cashout.Inputs[0].ScriptSig = new Script(
Op.GetPushOp(TrustedBroadcastRequest.PlaceholderSignature),
Op.GetPushOp(TrustedBroadcastRequest.PlaceholderSignature),
Op.GetPushOp(InternalState.EscrowedCoin.Redeem.ToBytes())
);
cashout.AddOutput(new TxOut(InternalState.EscrowedCoin.Amount, cashoutDestination));
cashout.Outputs[0].Value -= feeRate.GetFee(cashout.GetVirtualSize());
var solutions = new PuzzleSolution[Parameters.PaymentsCount][];
var RealIndexes = Enumerable.Range(0, Parameters.GetTotalTransactionsCountPerLevel()).Where(a => !revelation.FakeIndexes.Contains(a)).ToArray();
for (int i = 0; i < solutions.Length; i++)
{
// Checking valid Transactions
for (int j = 0; j < Parameters.RealTransactionCountPerLevel; j++)
{
var feeVariation = revelation.FeeVariations[i][j];
var encrypted = InternalState.EncryptedSignatures[i][RealIndexes[j]];
// Check if this function approved!
var actualSignedHash = Parameters.CreateRealHash(cashout, InternalState.EscrowedCoin, feeVariation);
if (actualSignedHash != encrypted.SignedHash)
{
throw new PuzzleException("Incorrect feeVariation provided");
}
}
// Checking Fake Transactions
solutions[i] = new PuzzleSolution[Parameters.FakeTransactionCountPerLevel]; // Initialization
for (int j = 0; j < solutions[i].Length; j++)
{
var salt = revelation.Salts[i][j];
var encrypted = InternalState.EncryptedSignatures[i][revelation.FakeIndexes[j]];
var actualSignedHash = Parameters.CreateFakeHash(salt);
if (actualSignedHash != encrypted.SignedHash)
{
throw new PuzzleException("Incorrect salt provided");
}
solutions[i][j] = encrypted.PuzzleSolution;
}
}
// We can throw away the fake puzzles
InternalState.EncryptedSignatures = InternalState.EncryptedSignatures.Select(a => a.Where((e, i) => !revelation.FakeIndexes.Contains(i)).ToArray()).ToArray();
// Step 9
var quotients = new Quotient[Parameters.PaymentsCount][];
for (int i = 0; i < quotients.Length; i++)
{
quotients[i] = new Quotient[Parameters.RealTransactionCountPerLevel - 1];
for (int j = 0; j < quotients[i].Length; j++)
{
var a = InternalState.EncryptedSignatures[i][j].PuzzleSolution._Value;
var b = InternalState.EncryptedSignatures[i][j + 1].PuzzleSolution._Value;
quotients[i][j] = new Quotient(b.Multiply(a.ModInverse(Parameters.ServerKey._Key.Modulus)).Mod(Parameters.ServerKey._Key.Modulus));
}
}
InternalState.FakeIndexesHash = null;
InternalState.Status = PromiseServerStates.Completed;
return(new ServerCommitmentsProof(solutions.ToArray(), quotients));
}
