Commit Graph

26 Commits

Author SHA1 Message Date
Sarang Noether 4b328c6616 CLSAG signatures 2020-08-27 12:43:29 +00:00
Sarang Noether 4ed60b626a Bulletproofs: verification speedup 2020-04-14 20:31:30 -04:00
Sarang Noether 3a0451a8be MLSAG speedup and additional checks 2019-08-27 16:22:44 -04:00
moneromooo-monero 7d37598158
ringct: the commitment mask is now deterministic
saves space in the tx and is safe

Found by knaccc
2019-01-22 23:17:39 +00:00
moneromooo-monero 99d946e619
ringct: encode 8 byte amount, saving 24 bytes per output
Found by knaccc
2019-01-22 23:17:31 +00:00
moneromooo-monero 607301bf6d
rct: avoid repeated unnecessary conversions when accummulating 2018-09-14 10:18:01 +00:00
moneromooo-monero 2bf636503f
bulletproofs: speed up the latest changes a bit 2018-09-11 13:38:32 +00:00
moneromooo-monero 044dff5a30
bulletproofs: scale points by 8 to ensure subgroup validity 2018-09-11 13:38:31 +00:00
moneromooo-monero c429176248
bulletproofs: reject points not in the main subgroup 2018-09-11 13:38:04 +00:00
moneromooo-monero 01cc978722
ringct: remove an unnecessary scalarmultBase in zeroCommit 2018-06-06 10:14:36 +01:00
stoffu 27a196b126
device: untangle cyclic depenency
When #3303 was merged, a cyclic dependency chain was generated:

    libdevice <- libcncrypto <- libringct <- libdevice

This was because libdevice needs access to a set of basic crypto operations
implemented in libringct such as scalarmultBase(), while libringct also needs
access to abstracted crypto operations implemented in libdevice such as
ecdhEncode(). To untangle this cyclic dependency chain, this patch splits libringct
into libringct_basic and libringct, where the basic crypto ops previously in
libringct are moved into libringct_basic. The cyclic dependency is now resolved
thanks to this separation:

    libcncrypto <- libringct_basic <- libdevice <- libcryptonote_basic <- libringct

This eliminates the need for crypto_device.cpp and rctOps_device.cpp.

Also, many abstracted interfaces of hw::device such as encrypt_payment_id() and
get_subaddress_secret_key() were previously implemented in libcryptonote_basic
(cryptonote_format_utils.cpp) and were then called from hw::core::device_default,
which is odd because libdevice is supposed to be independent of libcryptonote_basic.
Therefore, those functions were moved to device_default.cpp.
2018-03-14 21:00:15 +09:00
cslashm e745c1e38d Code modifications to integrate Ledger HW device into monero-wallet-cli.
The basic approach it to delegate all sensitive data (master key, secret
ephemeral key, key derivation, ....) and related operations to the device.
As device has low memory, it does not keep itself the values
(except for view/spend keys) but once computed there are encrypted (with AES
are equivalent) and return back to monero-wallet-cli. When they need to be
manipulated by the device, they are decrypted on receive.

Moreover, using the client for storing the value in encrypted form limits
the modification in the client code. Those values are transfered from one
C-structure to another one as previously.

The code modification has been done with the wishes to be open to any
other hardware wallet. To achieve that a C++ class hw::Device has been
introduced. Two initial implementations are provided: the "default", which
remaps all calls to initial Monero code, and  the "Ledger", which delegates
all calls to Ledger device.
2018-03-04 12:54:53 +01:00
moneromooo-monero ada4291469
add a version of ge_double_scalarmult_precomp_vartime with A precomp 2017-12-07 19:23:10 +00:00
moneromooo-monero d43eef6def
ringct: add a version of addKeys which returns the result 2017-12-07 19:23:08 +00:00
moneromooo-monero 383ff4f689
remove "using namespace std" from headers
It's nasty, and actually breaks on Solaris, where if.h fails to
build due to:

  struct map *if_memmap;
2017-11-14 16:56:10 +00:00
moneromooo-monero d282cfcc46
core: test key images against validity domain 2017-02-20 22:58:25 +00:00
Shen Noether 76958fc75a
ringct: switch to Borromean signatures 2016-12-04 21:54:11 +00:00
moneromooo-monero 59f0d4b574
ringct: some more small optimizations 2016-10-23 16:10:17 +01:00
moneromooo-monero ab002a1d97
ringct: pass vectors by const ref where possible 2016-10-15 11:58:18 +01:00
moneromooo-monero d4b62a1e29
rct amount key modified as per luigi1111's recommendations
This allows the key to be not the same for two outputs sent to
the same address (eg, if you pay yourself, and also get change
back). Also remove the key amounts lists and return parameters
since we don't actually generate random ones, so we don't need
to save them as we can recalculate them when needed if we have
the correct keys.
2016-08-28 21:30:19 +01:00
moneromooo-monero 9b70856ccb
rct: make the amount key derivable by a third party with the tx key
Scheme design from luigi1114.
2016-08-28 21:29:46 +01:00
Shen Noether dbb5f2d6a3
ringct: optimization/cleanup of hash functions 2016-08-28 21:29:16 +01:00
Shen Noether 4fd01f2bee
ringct: "simple" ringct variant
Allows the fake outs to be in different positions for each ring.
For rct inputs only.
2016-08-28 21:29:14 +01:00
moneromooo-monero dee42d6dac
ringct: add functions to commit to an amount
One to commit to an amount with zero key (for use with fake
commitments for pre-rct outputs), and one with an arbitrary
key (for rct outputs).
2016-08-28 21:28:33 +01:00
Shen Noether 56f6549962
ringct: cosmetic fixes
Ported from Shen's RingCT repo
2016-08-28 21:27:59 +01:00
moneromooo-monero 9b1afe5f2d
ringct: import of Shen Noether's ring confidential transactions 2016-08-28 21:26:54 +01:00