예제 #1
0
        // Creates a NoteEncryption private key
        public static UInt256 generate_privkey(UInt252 a_sk)
        {
            UInt256 sk = PRFClass.PRF_addr_sk_enc(a_sk);

            clamp_curve25519(sk.ToArray());

            return(sk);
        }
예제 #2
0
        public static UInt256 PRF_addr(UInt252 a_sk, byte t)
        {
            UInt256 temp = new UInt256();

            byte[] byTemp = temp.ToArray();
            byTemp[0] = t;

            UInt256 y = new UInt256(byTemp);

            return(PRF(true, true, false, false, a_sk, y));
        }
예제 #3
0
        public static UInt256 PRF_pk(UInt252 a_sk, Fixed8 i0, UInt256 h_sig)
        {
            if ((i0.GetData() != 0) && (i0.GetData() != 1))
            {
                throw new FormatException("i0 is not correct");
            }

            if (i0.GetData() == 0)
            {
                return(PRF(false, false, false, false, a_sk, h_sig));
            }
            else
            {
                return(PRF(false, true, false, false, a_sk, h_sig));
            }
        }
예제 #4
0
        public static UInt256 PRF(bool a, bool b, bool c, bool d, UInt252 x, UInt256 y)
        {
            UInt256 res;

            byte[] blob = new byte[64];

            x.ToArray().ToHexString().HexToBytesInverse().CopyTo(blob, 0);
            y.ToArray().ToHexString().HexToBytesInverse().CopyTo(blob, 32);

            blob[0] &= 0x0F;
            blob[0] |= (byte)((a ? 1 << 7 : 0) | (b ? 1 << 6 : 0) | (c ? 1 << 5 : 0) | (d ? 1 << 4 : 0));

            using (SHA256 hasher = SHA256.Create())
            {
                byte[] hashValue;
                hashValue = hasher.ComputeHash(blob);
                res       = new UInt256(hashValue);
            }
            return(res);
        }
예제 #5
0
        public Note note(UInt252 phi, UInt256 r, Fixed8 i, UInt256 h_sig)
        {
            UInt256 rho = PRFClass.PRF_rho(phi, i, h_sig);

            return(new Note(addr.a_pk, value, rho, r, AssetID));
        }
예제 #6
0
 public static UInt256 PRF_addr_sk_enc(UInt252 a_sk)
 {
     return(PRF_addr(a_sk, 1));
 }
예제 #7
0
 public static UInt256 PRF_addr_a_pk(UInt252 a_sk)
 {
     return(PRF_addr(a_sk, 0));
 }
예제 #8
0
 public static UInt256 PRF_nf(UInt252 a_sk, UInt256 rho)
 {
     return(PRF(true, true, true, false, a_sk, rho));
 }
예제 #9
0
        public virtual QrsProof prove(
            List <JSInput> inputs,
            List <JSOutput> outputs,
            List <Note> out_notes,
            List <byte[]> out_ciphertexts,
            UInt256 out_ephemeralKey,
            UInt256 pubKeyHash,
            UInt256 out_randomSeed,
            List <UInt256> out_macs,
            List <UInt256> out_nullifiers,
            List <UInt256> out_commitments,
            Fixed8 vpub_old,
            Fixed8 vpub_new,
            UInt256 rt,
            bool computeProof = true,
            // For paymentdisclosure, we need to retrieve the esk.
            // Reference as non-const parameter with default value leads to compile error.
            // So use pointer for simplicity.
            UInt256 out_esk = null
            )
        {
            Fixed8 lhs_value = vpub_old;
            Fixed8 rhs_value = vpub_new;

            for (int i = 0; i < inputs.Count; i++)
            {
                lhs_value += inputs[i].note.value;
                out_nullifiers.Add(inputs[i].Nullifier());
            }

            out_randomSeed = UInt256.Random();

            UInt256 h_sig = QrsJoinSplit.h_sig(out_randomSeed, out_nullifiers, pubKeyHash);

            UInt252 phi = new UInt252(UInt256.Random());

            for (int i = 0; i < outputs.Count; i++)
            {
                rhs_value += outputs[i].value;

                UInt256 r = UInt256.Random();

                out_notes.Add(outputs[i].note(phi, r, new Fixed8(i), h_sig));
            }

            if (lhs_value != rhs_value)
            {
                throw new ArgumentException();
            }

            for (int i = 0; i < outputs.Count; i++)
            {
                out_commitments.Add(out_notes[i].CM());
            }

            {
                NoteEncryption encryptor = new NoteEncryption(h_sig);

                for (int i = 0; i < outputs.Count; i++)
                {
                    NotePlaintext pt = new NotePlaintext(out_notes[i], outputs[i].memo);
                    out_ciphertexts.Add(pt.encrypt(encryptor, outputs[i].addr.pk_enc));
                }

                out_ephemeralKey = encryptor.get_epk();

                out_esk = encryptor.get_esk();
            }

            for (int i = 0; i < inputs.Count; i++)
            {
                out_macs.Add(PRFClass.PRF_pk(inputs[i].key, new Fixed8(i), h_sig));
            }



            return(null);
        }