// Creates a NoteEncryption private key public static UInt256 generate_privkey(UInt252 a_sk) { UInt256 sk = PRFClass.PRF_addr_sk_enc(a_sk); clamp_curve25519(sk.ToArray()); return(sk); }
public static UInt256 PRF_addr(UInt252 a_sk, byte t) { UInt256 temp = new UInt256(); byte[] byTemp = temp.ToArray(); byTemp[0] = t; UInt256 y = new UInt256(byTemp); return(PRF(true, true, false, false, a_sk, y)); }
public static UInt256 PRF_pk(UInt252 a_sk, Fixed8 i0, UInt256 h_sig) { if ((i0.GetData() != 0) && (i0.GetData() != 1)) { throw new FormatException("i0 is not correct"); } if (i0.GetData() == 0) { return(PRF(false, false, false, false, a_sk, h_sig)); } else { return(PRF(false, true, false, false, a_sk, h_sig)); } }
public static UInt256 PRF(bool a, bool b, bool c, bool d, UInt252 x, UInt256 y) { UInt256 res; byte[] blob = new byte[64]; x.ToArray().ToHexString().HexToBytesInverse().CopyTo(blob, 0); y.ToArray().ToHexString().HexToBytesInverse().CopyTo(blob, 32); blob[0] &= 0x0F; blob[0] |= (byte)((a ? 1 << 7 : 0) | (b ? 1 << 6 : 0) | (c ? 1 << 5 : 0) | (d ? 1 << 4 : 0)); using (SHA256 hasher = SHA256.Create()) { byte[] hashValue; hashValue = hasher.ComputeHash(blob); res = new UInt256(hashValue); } return(res); }
public Note note(UInt252 phi, UInt256 r, Fixed8 i, UInt256 h_sig) { UInt256 rho = PRFClass.PRF_rho(phi, i, h_sig); return(new Note(addr.a_pk, value, rho, r, AssetID)); }
public static UInt256 PRF_addr_sk_enc(UInt252 a_sk) { return(PRF_addr(a_sk, 1)); }
public static UInt256 PRF_addr_a_pk(UInt252 a_sk) { return(PRF_addr(a_sk, 0)); }
public static UInt256 PRF_nf(UInt252 a_sk, UInt256 rho) { return(PRF(true, true, true, false, a_sk, rho)); }
public virtual QrsProof prove( List <JSInput> inputs, List <JSOutput> outputs, List <Note> out_notes, List <byte[]> out_ciphertexts, UInt256 out_ephemeralKey, UInt256 pubKeyHash, UInt256 out_randomSeed, List <UInt256> out_macs, List <UInt256> out_nullifiers, List <UInt256> out_commitments, Fixed8 vpub_old, Fixed8 vpub_new, UInt256 rt, bool computeProof = true, // For paymentdisclosure, we need to retrieve the esk. // Reference as non-const parameter with default value leads to compile error. // So use pointer for simplicity. UInt256 out_esk = null ) { Fixed8 lhs_value = vpub_old; Fixed8 rhs_value = vpub_new; for (int i = 0; i < inputs.Count; i++) { lhs_value += inputs[i].note.value; out_nullifiers.Add(inputs[i].Nullifier()); } out_randomSeed = UInt256.Random(); UInt256 h_sig = QrsJoinSplit.h_sig(out_randomSeed, out_nullifiers, pubKeyHash); UInt252 phi = new UInt252(UInt256.Random()); for (int i = 0; i < outputs.Count; i++) { rhs_value += outputs[i].value; UInt256 r = UInt256.Random(); out_notes.Add(outputs[i].note(phi, r, new Fixed8(i), h_sig)); } if (lhs_value != rhs_value) { throw new ArgumentException(); } for (int i = 0; i < outputs.Count; i++) { out_commitments.Add(out_notes[i].CM()); } { NoteEncryption encryptor = new NoteEncryption(h_sig); for (int i = 0; i < outputs.Count; i++) { NotePlaintext pt = new NotePlaintext(out_notes[i], outputs[i].memo); out_ciphertexts.Add(pt.encrypt(encryptor, outputs[i].addr.pk_enc)); } out_ephemeralKey = encryptor.get_epk(); out_esk = encryptor.get_esk(); } for (int i = 0; i < inputs.Count; i++) { out_macs.Add(PRFClass.PRF_pk(inputs[i].key, new Fixed8(i), h_sig)); } return(null); }