public static BorromeanSignatureType Generate(List <byte[]> x, List <Cryptography.ECC.ECPoint> P1, List <Cryptography.ECC.ECPoint> P2, List <int> indices)
{
List <byte[]> s1 = new List <byte[]>();
List <byte[]> alpha = new List <byte[]>();
List <ECPoint>[] L = new List <ECPoint> [2];
L[0] = new List <ECPoint>();
L[1] = new List <ECPoint>();
BorromeanSignatureType boroSig = new BorromeanSignatureType();
boroSig.InitSField();
for (int i = 0; i < AMOUNT_SIZE; i++)
{
int naught = indices[i];
int prime = (naught + 1) % 2;
byte[] a = SchnorrNonLinkable.GenerateRandomScalar();
ECPoint L1 = Cryptography.ECC.ECCurve.Secp256r1.G * a;
L[naught].Add(L1);
alpha.Add(a);
if (naught == 0)
{
byte[] s2 = SchnorrNonLinkable.GenerateRandomScalar();
byte[] c2 = Crypto.Default.Hash256(L1.EncodePoint(true));
ECPoint L2 = Cryptography.ECC.ECCurve.Secp256r1.G * s2 + P2[i] * c2;
L[prime].Add(L2);
boroSig.s1.Add(s2);
}
else
{
boroSig.s1.Add(new byte[32]);
}
boroSig.ee = ScalarFunctions.Add(boroSig.ee, Crypto.Default.Hash256(L[1][i].EncodePoint(true))); //Check This Part
}
for (int i = 0; i < AMOUNT_SIZE; i++)
{
if (indices[i] == 0)
{
boroSig.s0.Add(ScalarFunctions.MulSub(boroSig.ee, x[i], alpha[i]));
}
else
{
byte[] s2 = SchnorrNonLinkable.GenerateRandomScalar();
ECPoint LL = Cryptography.ECC.ECCurve.Secp256r1.G * s2 + P1[i] * boroSig.ee;
byte[] cc = Crypto.Default.Hash256(LL.EncodePoint(true));
boroSig.s1[i] = ScalarFunctions.MulSub(cc, x[i], alpha[i]);
boroSig.s0.Add(s2);
}
}
return(boroSig.Exports());
}
public static EcdhTuple EcdhEncode(this EcdhTuple unmask, ECPoint receiverPk)
{
EcdhTuple ret = new EcdhTuple();
byte[] esk = SchnorrNonLinkable.GenerateRandomScalar();
ret.senderPK = ECCurve.Secp256r1.G * esk;
byte[] sharedSec1 = Cryptography.Crypto.Default.Hash256(ScalarFunctions.MulWithPoint(receiverPk, esk));
byte[] sharedSec2 = Cryptography.Crypto.Default.Hash256(sharedSec1);
ret.mask = ScalarFunctions.Add(unmask.mask, sharedSec1);
ret.amount = ScalarFunctions.Add(unmask.amount, sharedSec2);
return(ret);
}
public static MLSAGSignatureType Generate(List <List <ECPoint> > PK, List <byte[]> X, int index)
{
MLSAGSignatureType sig = new MLSAGSignatureType();
int rows = PK[0].Count;
int cols = PK.Count;
#region Initialize
for (int j = 0; j < cols; j++)
{
sig.ss.Add(new List <byte[]>());
}
#endregion
if (cols < 2)
{
throw new Exception("Error! What is c if cols = 1!");
}
List <byte[]> alpha = new List <byte[]>();
List <ECPoint> aG = new List <ECPoint>();
List <byte[]> aHP = new List <byte[]>();
List <ECPoint> Li = new List <ECPoint>();
List <byte[]> Ri = new List <byte[]>();
for (int j = 0; j < rows; j++)
{
byte[] a = SchnorrNonLinkable.GenerateRandomScalar();
alpha.Add(a);
aG.Add(ECCurve.Secp256r1.G * a);
byte[] Hi = Crypto.Default.Hash256(PK[index][j].ToString().HexToBytes());
aHP.Add(ScalarFunctions.Mul(a, Hi));
sig.II.Add(ScalarFunctions.Mul(X[j], Hi));
}
byte[] c_old = MakeHash(PK[index], aG, aHP);
int i = (index + 1) % cols;
if (i == 0)
{
Buffer.BlockCopy(c_old, 0, sig.cc, 0, c_old.Length);
}
while (i != index)
{
for (int j = 0; j < rows; j++)
{
sig.ss[i].Add(SchnorrNonLinkable.GenerateRandomScalar());
}
byte[] c = new byte[32];
Li.Clear();
Ri.Clear();
for (int j = 0; j < rows; j++)
{
ECPoint L = ECCurve.Secp256r1.G * sig.ss[i][j] + PK[i][j] * c_old;
byte[] Hi = Crypto.Default.Hash256(PK[i][j].ToString().HexToBytes());
byte[] R = ScalarFunctions.Add(ScalarFunctions.Mul(sig.ss[i][j], Hi), ScalarFunctions.Mul(c_old, sig.II[j]));
Li.Add(L);
Ri.Add(R);
}
c_old = MakeHash(PK[i], Li, Ri);
i = (i + 1) % cols;
if (i == 0)
{
Buffer.BlockCopy(c_old, 0, sig.cc, 0, c_old.Length);
}
}
for (int j = 0; j < rows; j++)
{
sig.ss[index].Add(ScalarFunctions.MulSub(c_old, X[j], alpha[j]));
}
return(sig);
}