MyCryptoHQ
diff --git a/‎cryptonote_utils/cryptonote_utils.js‎
Lines changed: 107 additions & 3 deletions b/‎cryptonote_utils/cryptonote_utils.js‎
Lines changed: 107 additions & 3 deletions
diff --git a/‎package.json‎
Lines changed: 2 additions & 0 deletions b/‎package.json‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎tests/MG_sigs.spec.js‎
Lines changed: 114 additions & 0 deletions b/‎tests/MG_sigs.spec.js‎
Lines changed: 114 additions & 0 deletions
diff --git a/‎tests/borromean/borromean_1.spec.js‎
Lines changed: 38 additions & 0 deletions b/‎tests/borromean/borromean_1.spec.js‎
Lines changed: 38 additions & 0 deletions
@@ -87,7 +87,13 @@ var cnUtil = function(currencyConfig) {
 	var l = JSBigInt(
 		"7237005577332262213973186563042994240857116359379907606001950938285454250989",
 	); //curve order (not RCT specific)
+
 	var I = "0100000000000000000000000000000000000000000000000000000000000000"; //identity element
+	this.I = I;
+	this.identity = function() {
+		return I;
+	};
+
 	var Z = "0000000000000000000000000000000000000000000000000000000000000000"; //zero scalar
 	//H2 object to speed up some operations
 	var H2 = [
@@ -157,6 +163,8 @@ var cnUtil = function(currencyConfig) {
 		"f8fef05a3fa5c9f3eba41638b247b711a99f960fe73aa2f90136aeb20329b888",
 	];
 
+	this.H2 = H2;
+
 	//begin rct new functions
 	//creates a Pedersen commitment from an amount (in scalar form) and a mask
 	//C = bG + aH where b = mask, a = amount
@@ -222,6 +230,7 @@ var cnUtil = function(currencyConfig) {
 
 	//for most uses you'll also want to swapEndian after conversion
 	//mainly to convert integer "scalars" to usable hexadecimal strings
+	//uint long long to 32 byte key
 	function d2h(integer) {
 		if (typeof integer !== "string" && integer.toString().length > 15) {
 			throw "integer should be entered as a string for precision";
@@ -237,12 +246,14 @@ var cnUtil = function(currencyConfig) {
 				.toLowerCase()
 		).slice(-64);
 	}
+	this.d2h = d2h;
 
 	//integer (string) to scalar
 	function d2s(integer) {
 		return swapEndian(d2h(integer));
 	}
 
+	this.d2s = d2s;
 	//scalar to integer (string)
 	function s2d(scalar) {
 		return JSBigInt.parse(swapEndian(scalar), 16).toString();
@@ -314,6 +325,7 @@ var cnUtil = function(currencyConfig) {
 		}
 		return res;
 	}
+	this.hextobin = hextobin;
 
 	function bintohex(bin) {
 		var out = [];
@@ -514,6 +526,8 @@ var cnUtil = function(currencyConfig) {
 		return this.sc_reduce32(this.rand_32());
 	};
 
+	// alias
+	this.skGen = random_scalar;
 	/* no longer used
 	this.keccak = function(hex, inlen, outlen) {
 		var input = hextobin(hex);
@@ -869,6 +883,7 @@ var cnUtil = function(currencyConfig) {
 		CNCrypto._free(res2_m);
 		return bintohex(res);
 	};
+	this.hashToPoint = hash_to_ec_2;
 
 	this.generate_key_image_2 = function(pub, sec) {
 		if (!pub || !sec || pub.length !== 64 || sec.length !== 64) {
@@ -1248,8 +1263,8 @@ var cnUtil = function(currencyConfig) {
 	//xv: vector of secret keys, 1 per ring (nrings)
 	//pm: matrix of pubkeys, indexed by size first
 	//iv: vector of indexes, 1 per ring (nrings), can be a string
-	//size: ring size
-	//nrings: number of rings
+	//size: ring size, default 2
+	//nrings: number of rings, default 64
 	//extensible borromean signatures
 	this.genBorromean = function(xv, pm, iv, size, nrings) {
 		if (xv.length !== nrings) {
@@ -1272,6 +1287,8 @@ var cnUtil = function(currencyConfig) {
 			}
 		}
 		//signature struct
+		// in the case of size 2 and nrings 64
+		// bb.s = [[64], [64]]
 		var bb = {
 			s: [],
 			ee: "",
@@ -1323,6 +1340,37 @@ var cnUtil = function(currencyConfig) {
 		return bb;
 	};
 
+	this.verifyBorromean = function(bb, P1, P2) {
+		let Lv1 = [];
+		let chash;
+		let LL;
+
+		let p2 = "";
+		for (let ii = 0; ii < 64; ii++) {
+			p2 = this.ge_double_scalarmult_base_vartime(
+				bb.ee,
+				P1[ii],
+				bb.s[0][ii],
+			);
+			LL = p2;
+			chash = this.hash_to_scalar(LL);
+
+			p2 = this.ge_double_scalarmult_base_vartime(
+				chash,
+				P2[ii],
+				bb.s[1][ii],
+			);
+			Lv1[ii] = p2;
+		}
+		const eeComputed = this.array_hash_to_scalar(Lv1);
+		const equalKeys = eeComputed === bb.ee;
+		console.log(`Keys equal? ${equalKeys}
+		${eeComputed}
+		${bb.ee}`);
+
+		return equalKeys;
+	};
+
 	//proveRange
 	//proveRange gives C, and mask such that \sumCi = C
 	//	 c.f. http://eprint.iacr.org/2015/1098 section 5.1
@@ -1406,6 +1454,7 @@ var cnUtil = function(currencyConfig) {
 		}
 		return hash_to_scalar(buf);
 	}
+	this.array_hash_to_scalar = array_hash_to_scalar;
 
 	// Gen creates a signature which proves that for some column in the keymatrix "pk"
 	//	 the signer knows a secret key for each row in that column
@@ -1414,13 +1463,16 @@ var cnUtil = function(currencyConfig) {
 	// because we don't want to force same secret column for all inputs
 	this.MLSAG_Gen = function(message, pk, xx, kimg, index) {
 		var cols = pk.length; //ring size
+		// secret index
 		if (index >= cols) {
 			throw "index out of range";
 		}
 		var rows = pk[0].length; //number of signature rows (always 2)
+		// [pub, com] = 2
 		if (rows !== 2) {
 			throw "wrong row count";
 		}
+		// check all are len 2
 		for (var i = 0; i < cols; i++) {
 			if (pk[i].length !== rows) {
 				throw "pk is not rectangular";
@@ -1444,9 +1496,14 @@ var cnUtil = function(currencyConfig) {
 		toHash[0] = message;
 
 		//secret index (pubkey section)
+
 		alpha[0] = random_scalar(); //need to save alphas for later
 		toHash[1] = pk[index][0]; //secret index pubkey
-		toHash[2] = ge_scalarmult_base(alpha[0]); //dsRow L
+
+		// this is the keyimg anyway  const H1 = this.hashToPoint(pk[index][0]) // Hp(K_in)
+		//  rv.II[0] = this.ge_scalarmult(H1, xx[0]) // k_in.Hp(K_in)
+
+		toHash[2] = ge_scalarmult_base(alpha[0]); //dsRow L, a.G
 		toHash[3] = generate_key_image_2(pk[index][0], alpha[0]); //dsRow R (key image check)
 		//secret index (commitment section)
 		alpha[1] = random_scalar();
@@ -1495,6 +1552,51 @@ var cnUtil = function(currencyConfig) {
 		return rv;
 	};
 
+	this.MLSAG_ver = function(message, pk, rv, kimg) {
+		// we assume that col, row, rectangular checks are already done correctly
+		// in MLSAG_gen
+		const cols = pk.length;
+		let c_old = rv.cc;
+		console.log(`cols ${cols}`);
+		let i = 0;
+		let toHash = [];
+		toHash[0] = message;
+		while (i < cols) {
+			//!secret index (pubkey section)
+			toHash[1] = pk[i][0];
+			toHash[2] = ge_double_scalarmult_base_vartime(
+				c_old,
+				pk[i][0],
+				rv.ss[i][0],
+			);
+			toHash[3] = ge_double_scalarmult_postcomp_vartime(
+				rv.ss[i][0],
+				pk[i][0],
+				c_old,
+				kimg,
+			);
+
+			//!secret index (commitment section)
+			toHash[4] = pk[i][1];
+			toHash[5] = ge_double_scalarmult_base_vartime(
+				c_old,
+				pk[i][1],
+				rv.ss[i][1],
+			);
+
+			c_old = array_hash_to_scalar(toHash);
+
+			i = i + 1;
+		}
+
+		const c = this.sc_sub(c_old, rv.cc);
+		console.log(`
+		c_old: ${c_old} 
+		rc.cc: ${rv.cc}
+		c: ${c}`);
+		return c;
+	};
+
 	//prepares for MLSAG_Gen
 	this.proveRctMG = function(message, pubs, inSk, kimg, mask, Cout, index) {
 		var cols = pubs.length;
@@ -2483,6 +2585,8 @@ var cnUtil = function(currencyConfig) {
 		return str;
 	}
 
+	this.padLeft = padLeft;
+
 	this.printDsts = function(dsts) {
 		for (var i = 0; i < dsts.length; i++) {
 			console.log(
 
@@ -38,9 +38,11 @@
     "jest": "^23.1.0"
   },
   "jest" : {
+    "testEnvironment":"node",
     "coveragePathIgnorePatterns": [
       "node_modules", 
       "cryptonote_utils/biginteger.js",
+      "cryptonote_utils/nacl-fast-cn.js",
       "cryptonote_utils/sha3.js",
       "cryptonote_utils/cryptonote_crypto_EMSCRIPTEN.js"]
   }
 
@@ -0,0 +1,114 @@
+// Copyright (c) 2014-2018, MyMonero.com
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//	conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//	of conditions and the following disclaimer in the documentation and/or other
+//	materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//	used to endorse or promote products derived from this software without specific
+//	prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+const monero_utils = require("../").monero_utils;
+
+it("MG_sigs", () => {
+	function skvGen(len) {
+		let skVec = [];
+		for (let i = 0; i < len; i++) {
+			skVec.push(monero_utils.skGen());
+		}
+		return skVec;
+	}
+	//initializes a key matrix;
+	//first parameter is rows,
+	//second is columns
+	function keyMInit(rows, cols) {
+		let rv = [];
+		for (let i = 0; i < cols; i++) {
+			rv.push([]);
+		}
+		return rv;
+	}
+	let j = 0;
+
+	//Tests for MG Sigs
+	//#MG sig: true one
+	let N = 3; // cols
+	let R = 2; // rows
+
+	let xtmp = skvGen(R);
+	let xm = keyMInit(R, N); // = [[None]*N] #just used to generate test public keys
+	let sk = skvGen(R);
+
+	// [
+	// [pubkey1, commitment1],
+	// [pubkey2, commitment2],
+	// ...
+	// [pubkeyn, commitmentn]]
+	// // Gen creates a signature which proves that for some column in the keymatrix "pk"
+	//  the signer knows a secret key for each row in that column
+	let P = keyMInit(R, N); // = keyM[[None]*N] #stores the public keys;
+
+	let ind = 2;
+	let i = 0;
+
+	for (j = 0; j < R; j++) {
+		for (i = 0; i < N; i++) {
+			xm[i][j] = monero_utils.skGen();
+			P[i][j] = monero_utils.ge_scalarmult_base(xm[i][j]); // generate fake [pubkey, commit]
+		}
+	}
+
+	for (j = 0; j < R; j++) {
+		// our secret vector of [onetimesec, z]
+		sk[j] = xm[ind][j];
+	}
+
+	let message = monero_utils.identity();
+	let kimg = monero_utils.ge_scalarmult(
+		monero_utils.hashToPoint(P[ind][0]),
+		sk[0],
+	);
+	let rv = monero_utils.MLSAG_Gen(message, P, sk, kimg, ind);
+	let c = monero_utils.MLSAG_ver(message, P, rv, kimg);
+
+	expect(Number(c)).toEqual(0);
+
+	xtmp = skvGen(R);
+	xm = keyMInit(R, N); // = [[None]*N] #just used to generate test public keys
+	sk = skvGen(R);
+
+	for (j = 0; j < R; j++) {
+		for (i = 0; i < N; i++) {
+			xm[i][j] = monero_utils.skGen();
+			P[i][j] = monero_utils.ge_scalarmult_base(xm[i][j]); // generate fake [pubkey, commit]
+		}
+	}
+
+	sk[1] = skGen(); //assume we don't know one of the private keys..
+	kimg = monero_utils.ge_scalarmult(
+		monero_utils.hashToPoint(P[ind][0]),
+		sk[0],
+	);
+	rv = monero_utils.MLSAG_Gen(message, P, sk, kimg, ind);
+	c = monero_utils.MLSAG_ver(message, P, rv, kimg);
+
+	expect(Number(c)).toBeFalsy();
+});
@@ -0,0 +1,38 @@
+// Copyright (c) 2014-2018, MyMonero.com
+//
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//	conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//	of conditions and the following disclaimer in the documentation and/or other
+//	materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//	used to endorse or promote products derived from this software without specific
+//	prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+const monero_utils = require("../../").monero_utils;
+const { generate_parameters } = require("./test_parameters");
+const { indi, P1v, P2v, xv, N } = generate_parameters();
+
+it("borromean_3", () => {
+	// #true one
+	const bb = monero_utils.genBorromean(xv, [P1v, P2v], indi, 2, N); /*?.*/
+	const valid = monero_utils.verifyBorromean(bb, P1v, P2v); /*?.*/
+	expect(valid).toBe(true);
+});