Skip to content

Commit

Permalink
Merge branch 'bright_boson_2.2RC' into testnet
Browse files Browse the repository at this point in the history
  • Loading branch information
anatolse committed Jul 1, 2019
2 parents f298212 + 3a3d02c commit 722a773
Show file tree
Hide file tree
Showing 12 changed files with 229 additions and 209 deletions.
33 changes: 23 additions & 10 deletions core/block_crypt.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,9 @@ namespace beam
if (!iSubkey)
return pKdf; // by convention: scheme V0, Subkey=0 - is a master key

if (Key::IDV::Scheme::BB21 == kidv.get_Scheme())
return pKdf; // BB2.1 workaround

return get_Child(*pKdf, iSubkey);
}

Expand Down Expand Up @@ -178,17 +181,27 @@ namespace beam
void SwitchCommitment::get_Hash(ECC::Hash::Value& hv, const Key::IDV& kidv)
{
Key::Index nScheme = kidv.get_Scheme();
if (nScheme)
if (nScheme > Key::IDV::Scheme::V0)
{
// newer scheme - account for the Value.
// Make it infeasible to tamper with value for unknown blinding factor
ECC::Hash::Processor()
<< "kidv-1"
<< kidv.m_Idx
<< kidv.m_Type.V
<< kidv.m_SubIdx
<< kidv.m_Value
>> hv;
if (Key::IDV::Scheme::BB21 == nScheme)
{
// BB2.1 workaround
Key::IDV kidv2 = kidv;
kidv2.set_Subkey(kidv.get_Subkey(), Key::IDV::Scheme::V0);
kidv2.get_Hash(hv);
}
else
{
// newer scheme - account for the Value.
// Make it infeasible to tamper with value for unknown blinding factor
ECC::Hash::Processor()
<< "kidv-1"
<< kidv.m_Idx
<< kidv.m_Type.V
<< kidv.m_SubIdx
<< kidv.m_Value
>> hv;
}
}
else
kidv.get_Hash(hv); // legacy
Expand Down
5 changes: 2 additions & 3 deletions core/ecc.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1646,14 +1646,13 @@ namespace ECC {
InnerProduct::BatchContext* pBc = InnerProduct::BatchContext::s_pInstance;
if (pBc)
{
if (!pBc->EquationBegin(2))
return false;
pBc->EquationBegin();

pBc->AddPrepared(InnerProduct::BatchContext::s_Idx_G, m_k);
pBc->AddCasual(pk, e);
pBc->AddCasual(pubNonce, 1U);

return pBc->EquationEnd();
return true;
}

Point::Native pt = Context::get().G * m_k;
Expand Down
11 changes: 11 additions & 0 deletions core/ecc.h
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,7 @@ namespace ECC
{
static const uint8_t V0 = 0;
static const uint8_t V1 = 1;
static const uint8_t BB21 = 2; // worakround for BB.2.1

static const uint32_t s_SubKeyBits = 24;
static const Index s_SubKeyMask = (static_cast<Index>(1) << s_SubKeyBits) - 1;
Expand Down Expand Up @@ -284,6 +285,16 @@ namespace ECC
#pragma pack (pop)

void operator = (const Packed&);

bool IsBb21Possible() const
{
return m_SubIdx && (Scheme::V0 == get_Scheme());
}

void set_WorkaroundBb21()
{
set_Subkey(get_Subkey(), Scheme::BB21);
}

int cmp(const IDV&) const;
COMPARISON_VIA_CMP
Expand Down
126 changes: 43 additions & 83 deletions core/ecc_bulletproof.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,9 @@ namespace ECC {

InnerProduct::BatchContext::BatchContext(uint32_t nCasualTotal)
:m_CasualTotal(nCasualTotal)
,m_bEnableBatch(false)
,m_bDirty(false)
{
assert(nCasualTotal);
m_Multiplier = Zero;

m_ppPrepared = m_Bufs.m_ppPrepared;
Expand All @@ -42,20 +43,15 @@ namespace ECC {
m_ppPrepared[s_Idx_H] = &Context::get().m_Ipp.H_;

m_Prepared = s_CountPrepared;
Reset();
}

void InnerProduct::BatchContext::Reset()
{
m_Casual = 0;
ZeroObject(m_Bufs.m_pKPrep);
m_bDirty = false;
}

void InnerProduct::BatchContext::Calculate(Point::Native& res)
void InnerProduct::BatchContext::Calculate()
{
Point::Native res;
Mode::Scope scope(Mode::Fast);
MultiMac::Calculate(res);

m_Sum += res;
}

bool InnerProduct::BatchContext::AddCasual(const Point& p, const Scalar::Native& k)
Expand All @@ -70,82 +66,61 @@ namespace ECC {

void InnerProduct::BatchContext::AddCasual(const Point::Native& pt, const Scalar::Native& k)
{
assert(uint32_t(m_Casual) < m_CasualTotal);
if (uint32_t(m_Casual) == m_CasualTotal)
{
assert(s_CountPrepared == m_Prepared);
m_Prepared = 0; // don't count them now
Calculate();

m_Casual = 0;
m_Prepared = s_CountPrepared;
}

Casual& c = m_pCasual[m_Casual++];

c.Init(pt, k);
if (m_bEnableBatch)
c.m_K *= m_Multiplier;
c.m_K *= m_Multiplier;
}

void InnerProduct::BatchContext::AddPrepared(uint32_t i, const Scalar::Native& k)
{
assert(i < s_CountPrepared);
Scalar::Native& trg = m_Bufs.m_pKPrep[i];

trg += m_bEnableBatch ? (k * m_Multiplier) : k;
trg += (k * m_Multiplier);
}

void InnerProduct::BatchContext::Reset()
{
m_bDirty = false;
}

bool InnerProduct::BatchContext::Flush()
{
if (!m_bDirty)
return true;
m_bDirty = false;

Point::Native pt;
Calculate(pt);
if (!(pt == Zero))
return false;

Reset();
return true;
Calculate();
return (m_Sum == Zero);
}

bool InnerProduct::BatchContext::EquationBegin(uint32_t nCasualNeeded)
void InnerProduct::BatchContext::EquationBegin()
{
if (nCasualNeeded > m_CasualTotal)
{
assert(false);
return false; // won't fit!
}

#ifndef NDEBUG
m_CasualAtEndExpected = nCasualNeeded;
#endif // NDEBUG

nCasualNeeded += m_Casual;
if (nCasualNeeded > m_CasualTotal)
if (!m_bDirty)
{
if (!Flush())
return false;
}
m_bDirty = true;

if (m_bEnableBatch)
{
// mutate multiplier
if (m_Multiplier == Zero)
m_Multiplier.GenRandomNnz();
else
Oracle() << m_Multiplier >> m_Multiplier;
m_Sum = Zero;
m_Casual = 0;
ZeroObject(m_Bufs.m_pKPrep);
}

#ifndef NDEBUG
m_CasualAtEndExpected += m_Casual;
#endif // NDEBUG

m_bDirty = true;
return true;
}

bool InnerProduct::BatchContext::EquationEnd()
{
assert(m_bDirty);
assert(m_Casual == m_CasualAtEndExpected);

if (!m_bEnableBatch)
return Flush();

return true;
// mutate multiplier
if (m_Multiplier == Zero)
m_Multiplier.GenRandomNnz();
else
Oracle() << m_Multiplier >> m_Multiplier;
}


Expand Down Expand Up @@ -495,14 +470,10 @@ namespace ECC {
Challenges cs_;
cs_.Init(oracle, dotAB, *this);

if (!bc.EquationBegin(1 + nCycles * 2))
return false;

bc.EquationBegin();
bc.AddCasual(commAB, cs_.m_Mul2);

return
IsValid(bc, cs_, dotAB, mod) &&
bc.EquationEnd();
return IsValid(bc, cs_, dotAB, mod);
}

bool InnerProduct::IsValid(BatchContext& bc, Challenges& cs_, const Scalar::Native& dotAB, const Modifier& mod) const
Expand Down Expand Up @@ -569,8 +540,7 @@ namespace ECC {
k = m_pCondensed[j];
k = -k;

if (bc.m_bEnableBatch)
k *= bc.m_Multiplier;
k *= bc.m_Multiplier;

k *= cs_.m_Mul1;

Expand Down Expand Up @@ -1039,8 +1009,6 @@ namespace ECC {
return IsValid(commitment, oracle, *InnerProduct::BatchContext::s_pInstance, pHGen);

InnerProduct::BatchContextEx<1> bc;
bc.m_bEnableBatch = true; // why not?

return
IsValid(commitment, oracle, bc, pHGen) &&
bc.Flush();
Expand Down Expand Up @@ -1090,10 +1058,9 @@ namespace ECC {

Point::Native p;

if (!bc.EquationBegin(3 + (bCustom != false)))
return false;

bc.EquationBegin();
bc.AddCasual(commitment, -zz);

if (!bc.AddCasual(m_Part2.m_T1, -cs.x))
return false;
if (!bc.AddCasual(m_Part2.m_T2, -xx))
Expand All @@ -1110,13 +1077,9 @@ namespace ECC {
else
bc.AddPrepared(InnerProduct::BatchContext::s_Idx_H, sumY);

if (!bc.EquationEnd())
return false;

// (P - m_Mu*G) + m_Mu*G =?= m_A + m_S*x - vec(G)*vec(z) + vec(H)*( vec(z) + vec(z^2*2^n*y^-n) )

if (!bc.EquationBegin(2 + InnerProduct::nCycles * 2))
return false;
bc.EquationBegin();

InnerProduct::Challenges cs_;
cs_.Init(oracle, tDot, m_P_Tag);
Expand Down Expand Up @@ -1156,10 +1119,7 @@ namespace ECC {
InnerProduct::Modifier mod;
mod.m_pMultiplier[1] = &cs.yInv;

if (!m_P_Tag.IsValid(bc, cs_, tDot, mod))
return false;

return bc.EquationEnd();
return m_P_Tag.IsValid(bc, cs_, tDot, mod);
}

int RangeProof::Confidential::cmp(const Confidential& x) const
Expand Down
13 changes: 4 additions & 9 deletions core/ecc_native.h
Original file line number Diff line number Diff line change
Expand Up @@ -669,25 +669,20 @@ namespace ECC
} m_Bufs;


void Reset();
void Calculate(Point::Native& res);
void Calculate();

const uint32_t m_CasualTotal;
bool m_bEnableBatch;
bool m_bDirty;
Scalar::Native m_Multiplier; // must be initialized in a non-trivial way

#ifndef NDEBUG
int m_CasualAtEndExpected;
#endif // NDEBUG
Point::Native m_Sum; // intermediate result, sum of Casuals

bool AddCasual(const Point& p, const Scalar::Native& k);
void AddCasual(const Point::Native& pt, const Scalar::Native& k);
void AddPrepared(uint32_t i, const Scalar::Native& k);

bool EquationBegin(uint32_t nCasualNeeded);
bool EquationEnd();
void EquationBegin();

void Reset();
bool Flush();

protected:
Expand Down
3 changes: 1 addition & 2 deletions core/treasury.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -100,10 +100,9 @@ namespace beam

virtual void Do(size_t iTask) override
{
typedef InnerProduct::BatchContextEx<100> MyBatch;
typedef InnerProduct::BatchContextEx<4> MyBatch;

std::unique_ptr<MyBatch> p(new MyBatch);
p->m_bEnableBatch = true;
MyBatch::Scope scope(*p);

if (!Verify(iTask) || !p->Flush())
Expand Down
4 changes: 1 addition & 3 deletions core/unittest/ecc_test.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -721,7 +721,6 @@ void TestRangeProof(bool bCustomTag)
}

InnerProduct::BatchContextEx<2> bc;
bc.m_bEnableBatch = true;

{
Oracle oracle;
Expand Down Expand Up @@ -2451,9 +2450,8 @@ void RunBenchmark()
const uint32_t nBatch = 100;
bm.N = 10 * nBatch;

typedef InnerProduct::BatchContextEx<100> MyBatch;
typedef InnerProduct::BatchContextEx<4> MyBatch;
std::unique_ptr<MyBatch> p(new MyBatch);
p->m_bEnableBatch = true;

InnerProduct::BatchContext::Scope scope(*p);

Expand Down
Loading

0 comments on commit 722a773

Please sign in to comment.