/// <summary>
/// Verify a proof that a committed value is within a range.
/// </summary>
/// <returns>The verify.</returns>
/// <param name="commit">Commit.</param>
/// <param name="struct">Proof.</param>
public bool Verify(byte[] commit, ProofStruct @struct)
{
if (commit.Length < Constant.PEDERSEN_COMMITMENT_SIZE)
{
throw new ArgumentException($"{nameof(commit)} must be {Constant.PEDERSEN_COMMITMENT_SIZE} bytes");
}
bool success;
ulong min = 0, max = 0;
byte[] extraCommit = new byte[33];
using (var pedersen = new Pedersen())
{
commit = pedersen.CommitParse(commit);
success = secp256k1_rangeproof_verify(
Context,
ref min,
ref max,
commit,
@struct.proof,
@struct.plen,
extraCommit,
0,
Constant.GENERATOR_H) == 1;
}
return(success);
}
/// <summary>
/// General information extracted from a range proof.
/// </summary>
/// <returns>The info.</returns>
/// <param name="struct">Proof.</param>
public ProofInfoStruct Info(ProofStruct @struct)
{
int exp = 0, mantissa = 0;
ulong min = 0, max = 0;
byte[] secretKey = new byte[32];
using (var secp256k1 = new Secp256k1())
secretKey = secp256k1.CreatePrivateKey();
var success = secp256k1_rangeproof_info(
Context,
ref exp,
ref mantissa,
ref min,
ref max,
@struct.proof,
@struct.plen) == 1;
return(new ProofInfoStruct(
success,
0,
new byte[Constant.PROOF_MSG_SIZE],
secretKey,
0,
min,
max,
exp,
mantissa));
}
/// <summary>
/// Verify a range proof and rewind the proof to recover information
/// sent by its author.
/// </summary>
/// <returns>The rewind.</returns>
/// <param name="commit">Commit.</param>
/// <param name="struct">Proof.</param>
/// <param name="nonce">Nonce.</param>
public ProofInfoStruct Rewind(byte[] commit, ProofStruct @struct, byte[] nonce)
{
if (commit.Length < Constant.PEDERSEN_COMMITMENT_SIZE)
{
throw new ArgumentException($"{nameof(commit)} must be {Constant.PEDERSEN_COMMITMENT_SIZE} bytes");
}
if (nonce.Length < Constant.SECRET_KEY_SIZE)
{
throw new ArgumentException($"{nameof(nonce)} must be {Constant.SECRET_KEY_SIZE} bytes");
}
ulong value = 0, min = 0, max = 0;
byte[] blindOut = new byte[32];
byte[] message = new byte[Constant.PROOF_MSG_SIZE];
uint mlen = Constant.PROOF_MSG_SIZE;
byte[] extraCommit = new byte[33];
using (var pedersen = new Pedersen())
{
commit = pedersen.CommitParse(commit);
var success = secp256k1_rangeproof_rewind(
Context,
blindOut,
ref value,
message,
ref mlen,
nonce,
ref min,
ref max,
commit,
@struct.proof,
@struct.plen,
extraCommit,
0,
Constant.GENERATOR_H
) == 1;
return(new ProofInfoStruct(
success,
value,
message,
blindOut,
mlen,
min,
max,
0,
0));
}
}