Merge remote-tracking branch 'origin/spats-integration' into spats_central_logic.

The main purpose being to resolve the "Bad Schnorr statement!" exception getting thrown from MintTransaction constructor, which this does indeed.

Author: gevorgvoskanyan

src/libspark/coin.cpp

@@ -205,9 +205,9 @@ std::size_t Coin::memoryRequired() {
 }
 
 std::size_t Coin::memoryRequiredSpats() {
-	secp_primitives::GroupElement groupElement;
-	secp_primitives::Scalar scalar;
-	return 1 + groupElement.memoryRequired() * 3 + 32 + AEAD_TAG_SIZE + sizeof(v) + scalar.memoryRequired() * 2;
+    secp_primitives::GroupElement groupElement;
+    secp_primitives::Scalar scalar;
+    return 1 + groupElement.memoryRequired() * 3 + 32 + AEAD_TAG_SIZE + sizeof(v) + scalar.memoryRequired() * 2;
 }
 
 bool Coin::operator==(const Coin& other) const {

src/libspark/coin.h

@@ -19,13 +19,13 @@ const char COIN_TYPE_MINT_V2 = 2;
 const char COIN_TYPE_SPEND_V2 = 3;
 
 struct IdentifiedCoinData {
-	uint64_t i; // diversifier
-	std::vector<unsigned char> d; // encrypted diversifier
-	uint64_t v; // value
-	Scalar k; // nonce
-	std::string memo; // memo
-	Scalar a = Scalar(uint64_t(0));     // asset type
-	Scalar iota = Scalar(uint64_t(0));  // identifier
+    uint64_t i; // diversifier
+    std::vector<unsigned char> d; // encrypted diversifier
+    uint64_t v; // value
+    Scalar k; // nonce
+    std::string memo; // memo
+    Scalar a = Scalar(uint64_t(0));     // asset type
+    Scalar iota = Scalar(uint64_t(0));  // identifier
 };
 
 struct RecoveredCoinData {
@@ -97,7 +97,7 @@ class Coin {
 	RecoveredCoinData recover(const FullViewKey& full_view_key, const IdentifiedCoinData& data);
 
     static std::size_t memoryRequired();
-	static std::size_t memoryRequiredSpats();
+    static std::size_t memoryRequiredSpats();
 
     bool operator==(const Coin& other) const;
     bool operator!=(const Coin& other) const;

src/libspark/mint_transaction.cpp

@@ -7,21 +7,21 @@ MintTransaction::MintTransaction(const Params* params) {
 }
 
 MintTransaction::MintTransaction(
-	const Params* params,
-	const std::vector<MintedCoinData>& outputs,
-	const std::vector<unsigned char>& serial_context,
+    const Params* params,
+    const std::vector<MintedCoinData>& outputs,
+    const std::vector<unsigned char>& serial_context,
     bool generate
 ) {
 	// Important note: This construction assumes that the public coin values are correct according to higher-level consensus rules!
-	// Important note: For pool transition transactions, the serial context should contain unique references to all base-layer spent assets, in order to ensure the resulting serial commitment is bound to this transaction
+    // Important note: For pool transition transactions, the serial context should contain unique references to all base-layer spent assets, in order to ensure the resulting serial commitment is bound to this transaction
 
-	this->params = params;
-	Schnorr schnorr(this->params->get_H());
+    this->params = params;
+    Schnorr schnorr(this->params->get_H());
 
-	std::vector<GroupElement> value_statement;
-	std::vector<Scalar> value_witness;
+    std::vector<GroupElement> value_statement;
+    std::vector<Scalar> value_witness;
 
-	for (std::size_t j = 0; j < outputs.size(); j++) {
+    for (std::size_t j = 0; j < outputs.size(); j++) {
         if (generate) {
             MintedCoinData output = outputs[j];
 
@@ -41,7 +41,7 @@ MintTransaction::MintTransaction(
             ));
 
             // Prepare the value proof
-            value_statement.emplace_back(this->coins[j].C + this->params->get_G().inverse()*Scalar(this->coins[j].v));
+            value_statement.emplace_back(this->coins[j].C + this->params->get_E().inverse() * this->coins[j].a + this->params->get_F().inverse() * this->coins[j].iota + this->params->get_G().inverse()*Scalar(this->coins[j].v));
             value_witness.emplace_back(SparkUtils::hash_val(k));
         } else {
             Coin coin(params);
@@ -52,28 +52,28 @@ MintTransaction::MintTransaction(
             coin.v = 0;
             this->coins.emplace_back(coin);
         }
-	}
+    }
 
-	// Complete the value proof
+    // Complete the value proof
     if (generate)
-	    schnorr.prove(value_witness, value_statement, this->value_proof);
+	schnorr.prove(value_witness, value_statement, this->value_proof);
     else
         value_proof = SchnorrProof();
 }
 
 bool MintTransaction::verify() {
-	// Verify the value proof
-	Schnorr schnorr(this->params->get_H());
-	std::vector<GroupElement> value_statement;
-
-	for (std::size_t j = 0; j < this->coins.size(); j++) {
-		value_statement.emplace_back(this->coins[j].C
-                                         + this->params->get_E().inverse() * this->coins[j].a
-                                         + this->params->get_F().inverse() * this->coins[j].iota
-                                         + this->params->get_G().inverse()*Scalar(this->coins[j].v));
-	}
-
-	return schnorr.verify(value_statement, this->value_proof);
+    // Verify the value proof
+    Schnorr schnorr(this->params->get_H());
+    std::vector<GroupElement> value_statement;
+
+    for (std::size_t j = 0; j < this->coins.size(); j++) {
+        value_statement.emplace_back(this->coins[j].C
+                                     + this->params->get_E().inverse() * this->coins[j].a
+                                     + this->params->get_F().inverse() * this->coins[j].iota
+                                     + this->params->get_G().inverse()*Scalar(this->coins[j].v));
+    }
+
+    return schnorr.verify(value_statement, this->value_proof);
 }
 
 std::vector<CDataStream> MintTransaction::getMintedCoinsSerialized() {

src/libspark/spend_transaction.cpp

@@ -53,60 +53,60 @@ SpendTransaction::SpendTransaction(
 		this->params->get_m_grootle()
 	);
 	for (std::size_t u = 0; u < w; u++) {
-		// Parse out cover set data for this spend
-        uint64_t set_id = inputs[u].cover_set_id;
-		this->cover_set_ids.emplace_back(set_id);
-        if (cover_set_data.count(set_id) == 0 || cover_sets.count(set_id) == 0)
-            throw std::invalid_argument("Required set is not passed");
-
-        const auto& cover_set = cover_sets.at(set_id);
-        std::size_t set_size = cover_set.size();
-        if (set_size > N)
-            throw std::invalid_argument("Wrong set size");
-
-        std::vector<GroupElement> S, C;
-		S.reserve(set_size);
-		C.reserve(set_size);
-		for (std::size_t i = 0; i < set_size; i++) {
-			S.emplace_back(cover_set[i].S);
-			C.emplace_back(cover_set[i].C);
-		}
-
-		// Serial commitment offset
-		this->S1.emplace_back(
-			this->params->get_F()*inputs[u].s
-			+ this->params->get_H().inverse()*SparkUtils::hash_ser1(inputs[u].s, full_view_key.get_D())
-			+ full_view_key.get_D()
-		);
-
-		// Value commitment offset
-		this->C1.emplace_back(
-			this->params->get_G()*Scalar(inputs[u].v)
-			+ this->params->get_H()*SparkUtils::hash_val1(inputs[u].s, full_view_key.get_D())
-		);
-
-		// Tags
-		this->T.emplace_back(inputs[u].T);
-
-		// Grootle proof
-		this->grootle_proofs.emplace_back();
-		std::size_t l = inputs[u].index;
-		grootle.prove(
-			l,
-			SparkUtils::hash_ser1(inputs[u].s, full_view_key.get_D()),
-			S,
-			this->S1.back(),
-			SparkUtils::hash_val(inputs[u].k) - SparkUtils::hash_val1(inputs[u].s, full_view_key.get_D()),
-			C,
-			this->C1.back(),
-			this->cover_set_representations[set_id],
-			this->grootle_proofs.back()
-		);
-
-		// Chaum data
-		chaum_x.emplace_back(inputs[u].s);
-		chaum_y.emplace_back(spend_key.get_r());
-		chaum_z.emplace_back(SparkUtils::hash_ser1(inputs[u].s, full_view_key.get_D()).negate());
+	    // Parse out cover set data for this spend
+            uint64_t set_id = inputs[u].cover_set_id;
+	    this->cover_set_ids.emplace_back(set_id);
+            if (cover_set_data.count(set_id) == 0 || cover_sets.count(set_id) == 0)
+                throw std::invalid_argument("Required set is not passed");
+
+            const auto& cover_set = cover_sets.at(set_id);
+            std::size_t set_size = cover_set.size();
+            if (set_size > N)
+                throw std::invalid_argument("Wrong set size");
+
+            std::vector<GroupElement> S, C;
+	    S.reserve(set_size);
+	    C.reserve(set_size);
+	    for (std::size_t i = 0; i < set_size; i++) {
+		    S.emplace_back(cover_set[i].S);
+		    C.emplace_back(cover_set[i].C);
+	    }
+
+	    // Serial commitment offset
+	    this->S1.emplace_back(
+		    this->params->get_F()*inputs[u].s
+		    + this->params->get_H().inverse()*SparkUtils::hash_ser1(inputs[u].s, full_view_key.get_D())
+		    + full_view_key.get_D()
+	    );
+
+	    // Value commitment offset
+	    this->C1.emplace_back(
+		    this->params->get_G()*Scalar(inputs[u].v)
+		    + this->params->get_H()*SparkUtils::hash_val1(inputs[u].s, full_view_key.get_D())
+	    );
+
+	    // Tags
+	    this->T.emplace_back(inputs[u].T);
+
+	    // Grootle proof
+	    this->grootle_proofs.emplace_back();
+	    std::size_t l = inputs[u].index;
+	    grootle.prove(
+		    l,
+		    SparkUtils::hash_ser1(inputs[u].s, full_view_key.get_D()),
+		    S,
+		    this->S1.back(),
+		    SparkUtils::hash_val(inputs[u].k) - SparkUtils::hash_val1(inputs[u].s, full_view_key.get_D()),
+		    C,
+		    this->C1.back(),
+		    this->cover_set_representations[set_id],
+		    this->grootle_proofs.back()
+	    );
+
+	    // Chaum data
+	    chaum_x.emplace_back(inputs[u].s);
+	    chaum_y.emplace_back(spend_key.get_r());
+	    chaum_z.emplace_back(SparkUtils::hash_ser1(inputs[u].s, full_view_key.get_D()).negate());
 	}
 
 	// Generate output coins and prepare range proof vectors
@@ -413,13 +413,13 @@ bool SpendTransaction::verify(
 // 
 // Note that transparent components of the transaction are bound into `cover_set_representation`, so they don't appear separately.
 std::vector<unsigned char> SpendTransaction::hash_bind_inner(
-	const std::map<uint64_t, std::vector<unsigned char>>& cover_set_representations,
-	const std::vector<GroupElement>& S1,
-	const std::vector<GroupElement>& C1,
-	const std::vector<GroupElement>& T,
-	const std::vector<GrootleProof>& grootle_proofs,
-	const SchnorrProof& balance_proof,
-	const BPPlusProof& range_proof
+    const std::map<uint64_t, std::vector<unsigned char>>& cover_set_representations,
+    const std::vector<GroupElement>& S1,
+    const std::vector<GroupElement>& C1,
+    const std::vector<GroupElement>& T,
+    const std::vector<GrootleProof>& grootle_proofs,
+    const SchnorrProof& balance_proof,
+    const BPPlusProof& range_proof
 ) {
     Hash hash(LABEL_HASH_BIND_INNER);
     CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
@@ -429,7 +429,7 @@ std::vector<unsigned char> SpendTransaction::hash_bind_inner(
     stream << T;
     stream << grootle_proofs;
     stream << balance_proof;
-	stream << range_proof;
+    stream << range_proof;
     hash.include(stream);
 
 	return hash.finalize();
@@ -438,16 +438,16 @@ std::vector<unsigned char> SpendTransaction::hash_bind_inner(
 // Hash-to-scalar function H_bind
 // This function must accept pre-hashed data from `H_bind_inner` intended to correspond to the signing operation
 Scalar SpendTransaction::hash_bind(
-	const std::vector<unsigned char> hash_bind_inner,
+    const std::vector<unsigned char> hash_bind_inner,
     const std::vector<Coin>& out_coins,
     const uint64_t f_
 ) {
-	Hash hash(LABEL_HASH_BIND);
+    Hash hash(LABEL_HASH_BIND);
     CDataStream stream(SER_NETWORK, PROTOCOL_VERSION);
-	stream << hash_bind_inner,
-	stream << out_coins;
-	stream << f_;
-	hash.include(stream);
+    stream << hash_bind_inner,
+    stream << out_coins;
+    stream << f_;
+    hash.include(stream);
 
     return hash.finalize_scalar();
 }