add cuckaroo for cortex, clean up cuckoo suite

Author: nottug

README.md

@@ -35,21 +35,19 @@ requires a strict 1.2Gb, so be careful if you're using verthash in memory. At th
 | Eaglesong     | no          | yes
 | BeamHashIII   | no          | yes
 | ZelHash       | no          | yes
+| Cortex        | no          | yes
 
 # Things to Note
 
-  - Most of these algorithms are partially optimized but I'm sure they could be improved. That being said, that will probably never happen
-  since these have never been intended to be used for miner clients. All of these algorithms far surpass a reasonable threshold for performance and I
-  have no intention of hypertuning them.
-  - Cuckoo Cycle is built specifically for Aeternity. There is a modification of the `sipnode` function in the current version
-  of tromp's cuckoo algorithms that Aeternity does not use (a Nicehash dev gives more details [here](https://forum.aeternity.com/t/support-aeternity-stratum-implementation/3140/6)).
+  - Most of these algorithms are partially optimized but I'm sure they could be improved. That being said, that will probably 
+  never happen since these have never been intended to be used for miner clients. All of these algorithms far surpass 
+  a reasonable threshold for performance and I have no intention of hypertuning them.
   - The base ProgPow implementation ("ProgPow094") exists in the `internal/progpow` package.
   - Since ZelHash is such a minor Equihash variant, it is treated as just "twisted Equihash" (in `equihash/`).
   - All testing is done on linux, windows support is hazy at best. 
   - The library assumes the host architecture is little-endian, I'm fairly confident big-endian architectures will not function properly.
   - As of now, the only other algorithms that are on the list of "maybes" are: [cryptonight](https://github.com/Equim-chan/cryptonight),
-  [randomx](https://git.dero.io/DERO_Foundation/RandomX), X25X, and the full 
-  cuckoo suite ([cuckatoo, cuckaroo](https://github.com/blockcypher/libgrin/tree/master/core/pow)). 
+  [randomx](https://git.dero.io/DERO_Foundation/RandomX), X25X, and cuckatoo. 
 
 # Roadmap
 

cuckoo/README.md

@@ -1,7 +1,32 @@
 # Cuckoo
 
-There are many variations of the Cuckoo Cycle algorithm, this is the variation
-specifically for Aeternity. That being said, the only functional difference
-is the `ROTL` on the `hasher.XorLanes()` response (current versions of cuckoo
-do not do this). The header construction varies a bit too, Aeternity uses
-a `uint64` nonce instead of `uint32`.
+There are many variations of the Cuckoo Cycle algorithm - here only the ones
+that are needed are implemented. `Cuckatoo32` probably should be implemented
+as well for Grin. The differences for each variation are as follows (along with
+header generation):
+
+  - Aeternity uses Cuckoo29 with a legacy version of the `sipnode` hasher -  
+  the only functional difference is the `ROTL` on the `hasher.XorLanes()` 
+  response (current versions of cuckoo do not do this)
+```go
+func generateHeader(hash []byte, nonce uint64) []byte {
+	nonceBytes := make([]byte, 8)
+	binary.LittleEndian.PutUint64(nonceBytes, nonce)
+	hashEncoded := []byte(base64.StdEncoding.EncodeToString(hash))
+	nonceEncoded := []byte(base64.StdEncoding.EncodeToString(nonceBytes))
+	header := append(hashEncoded, append(nonceEncoded, make([]byte, 24)...)...)
+
+	return header
+}
+```
+  - Cortex uses Cuckaroo30 with a single difference - the `sipblock` hasher
+uses `siphash48` instead of `siphash24`.
+```go
+func generateHeader(hash []byte, nonce uint64) []byte {
+	nonceBytes := make([]byte, 8)
+	binary.LittleEndian.PutUint64(nonceBytes, nonce)
+	header := append(hash, nonceBytes...)
+
+	return header
+}
+  ```

cuckoo/client.go

@@ -8,52 +8,75 @@ import (
 	"github.com/sencha-dev/powkit/internal/crypto"
 )
 
+type CuckooVariant int
+
+const (
+	Cuckoo CuckooVariant = iota
+	Cuckatoo
+	Cuckaroo
+	Cuckarood
+	Cuckaroom
+	Cuckarooz
+)
+
 type Client struct {
+	variant   CuckooVariant
 	proofSize int
 	edgeBits  int
 	edgeMask  uint64
-	nodeBits  int
-	nodeMask  uint64
+	sipnode   crypto.SipNodeFunc
+	sipblock  crypto.SipBlockFunc
 }
 
-func New(edgeBits, nodeBits, proofSize int) *Client {
+func newClient(variant CuckooVariant, edgeBits, proofSize int, sipnode crypto.SipNodeFunc, sipblock crypto.SipBlockFunc) *Client {
 	c := &Client{
+		variant:   variant,
 		proofSize: proofSize,
 		edgeBits:  edgeBits,
 		edgeMask:  (uint64(1) << edgeBits) - 1,
-		nodeBits:  nodeBits,
-		nodeMask:  (uint64(1) << nodeBits) - 1,
+		sipnode:   sipnode,
+		sipblock:  sipblock,
 	}
 
 	return c
 }
 
+func NewCuckoo(edgeBits, proofSize int, sipnode crypto.SipNodeFunc, sipblock crypto.SipBlockFunc) *Client {
+	return newClient(Cuckoo, edgeBits, proofSize, sipnode, sipblock)
+}
+
 func NewAeternity() *Client {
-	return New(29, 29, 42)
+	return NewCuckoo(29, 42, crypto.SipNode24Legacy, nil)
 }
 
-func (c *Client) Verify(hash []byte, nonce uint64, sols []uint64) (bool, error) {
-	if len(hash) != 32 {
-		return false, fmt.Errorf("hash must be 32 bytes")
-	} else if len(sols) != 42 {
-		return false, fmt.Errorf("sols must be 42 uint64s")
-	}
+func NewCuckaroo(edgeBits, proofSize int, sipnode crypto.SipNodeFunc, sipblock crypto.SipBlockFunc) *Client {
+	return newClient(Cuckaroo, edgeBits, proofSize, sipnode, sipblock)
+}
 
-	// encode header
-	nonceBytes := make([]uint8, 8)
-	binary.LittleEndian.PutUint64(nonceBytes, nonce)
-	hashEncoded := []byte(base64.StdEncoding.EncodeToString(hash))
-	nonceEncoded := []byte(base64.StdEncoding.EncodeToString(nonceBytes))
-	header := append(hashEncoded, append(nonceEncoded, make([]byte, 24)...)...)
+func NewCortex() *Client {
+	return NewCuckaroo(30, 42, nil, crypto.SipBlock48)
+}
+
+func (c *Client) Verify(header []byte, sols []uint64) (bool, error) {
+	if len(sols) != c.proofSize {
+		return false, fmt.Errorf("sols must be %d uint64s", c.proofSize)
+	}
 
 	// create siphash keys
-	h := crypto.Blake2b256(header)
+	hash := crypto.Blake2b256(header)
 	keys := [4]uint64{
-		binary.LittleEndian.Uint64(h[0:8]),
-		binary.LittleEndian.Uint64(h[8:16]),
-		binary.LittleEndian.Uint64(h[16:24]),
-		binary.LittleEndian.Uint64(h[24:32]),
+		binary.LittleEndian.Uint64(hash[0:8]),
+		binary.LittleEndian.Uint64(hash[8:16]),
+		binary.LittleEndian.Uint64(hash[16:24]),
+		binary.LittleEndian.Uint64(hash[24:32]),
 	}
 
-	return verify(c.proofSize, c.edgeMask, keys, sols)
+	switch c.variant {
+	case Cuckoo:
+		return c.cuckoo(keys, sols)
+	case Cuckaroo:
+		return c.cuckaroo(keys, sols)
+	default:
+		return false, fmt.Errorf("unsupported cuckoo variant")
+	}
 }

cuckoo/cuckaroo.go

@@ -0,0 +1,64 @@
+// Copyright (c) 2013-2020 John Tromp
+
+package cuckoo
+
+func (c *Client) cuckaroo(siphashKeys [4]uint64, edges []uint64) (bool, error) {
+	uvs := make([]uint64, 2*c.proofSize)
+	var xor0, xor1 uint64
+
+	for n := 0; n < c.proofSize; n++ {
+		if edges[n] > c.edgeMask {
+			return false, ErrPowTooBig
+		} else if n < 0 && edges[n] <= edges[n-1] {
+			return false, ErrPowTooSmall
+		}
+
+		edge := c.sipblock(siphashKeys, edges[n])
+		uvs[2*n] = edge & c.edgeMask
+		xor0 ^= uvs[2*n]
+		uvs[2*n+1] = (edge >> 32) & c.edgeMask
+		xor1 ^= uvs[2*n+1]
+	}
+
+	if xor0|xor1 != 0 {
+		return false, ErrPowNotMatching
+	}
+
+	var i, j, n int
+	for {
+		j = i
+		k := j
+
+		for {
+			k = (k + 2) % (2 * c.proofSize)
+			if k == i {
+				break
+			}
+
+			if uvs[k] == uvs[i] {
+				if j != i {
+					return false, ErrPowBranch
+				}
+
+				j = k
+			}
+		}
+
+		if j == i {
+			return false, ErrPowDeadEnd
+		}
+
+		i = j ^ 1
+		n++
+
+		if i == 0 {
+			break
+		}
+	}
+
+	if n != c.proofSize {
+		return false, ErrPowShortCycle
+	}
+
+	return true, nil
+}

cuckoo/cuckoo.go

@@ -2,44 +2,26 @@
 
 package cuckoo
 
-import (
-	"fmt"
-)
-
-import (
-	"github.com/sencha-dev/powkit/internal/crypto"
-)
-
-func sipnode(edgeMask uint64, siphashKeys [4]uint64, edge, uorv uint64) uint64 {
-	hasher := crypto.NewSipHasher(siphashKeys[0], siphashKeys[1], siphashKeys[2], siphashKeys[3])
-	hasher.Hash24(2*edge + uorv)
-
-	value := hasher.XorLanes()
-	value = value<<17 | value>>47
-
-	return value & edgeMask
-}
-
-func verify(proofSize int, edgeMask uint64, siphashKeys [4]uint64, edges []uint64) (bool, error) {
-	uvs := make([]uint64, 2*proofSize)
+func (c *Client) cuckoo(siphashKeys [4]uint64, edges []uint64) (bool, error) {
+	uvs := make([]uint64, 2*c.proofSize)
 	var xor0, xor1 uint64
 
-	for n := 0; n < proofSize; n++ {
-		if edges[n] > edgeMask {
-			return false, fmt.Errorf("pow too big")
+	for n := 0; n < c.proofSize; n++ {
+		if edges[n] > c.edgeMask {
+			return false, ErrPowTooBig
 		} else if n < 0 && edges[n] <= edges[n-1] {
-			return false, fmt.Errorf("pow too small")
+			return false, ErrPowTooSmall
 		}
 
-		uvs[2*n] = sipnode(edgeMask, siphashKeys, edges[n], 0)
+		uvs[2*n] = c.sipnode(c.edgeMask, siphashKeys, edges[n], 0)
 		xor0 ^= uvs[2*n]
 
-		uvs[2*n+1] = sipnode(edgeMask, siphashKeys, edges[n], 1)
+		uvs[2*n+1] = c.sipnode(c.edgeMask, siphashKeys, edges[n], 1)
 		xor1 ^= uvs[2*n+1]
 	}
 
 	if xor0|xor1 != 0 {
-		return false, fmt.Errorf("pow not matching")
+		return false, ErrPowNotMatching
 	}
 
 	var i, j, n int
@@ -48,22 +30,22 @@ func verify(proofSize int, edgeMask uint64, siphashKeys [4]uint64, edges []uint6
 		k := j
 
 		for {
-			k = (k + 2) % (2 * proofSize)
+			k = (k + 2) % (2 * c.proofSize)
 			if k == i {
 				break
 			}
 
 			if uvs[k] == uvs[i] {
 				if j != i {
-					return false, fmt.Errorf("pow branch")
+					return false, ErrPowBranch
 				}
 
 				j = k
 			}
 		}
 
 		if j == i {
-			return false, fmt.Errorf("pow dead end")
+			return false, ErrPowDeadEnd
 		}
 
 		i = j ^ 1
@@ -74,8 +56,8 @@ func verify(proofSize int, edgeMask uint64, siphashKeys [4]uint64, edges []uint6
 		}
 	}
 
-	if n != proofSize {
-		return false, fmt.Errorf("pow short cycle")
+	if n != c.proofSize {
+		return false, ErrPowShortCycle
 	}
 
 	return true, nil