mirror of
https://github.com/monero-project/monero.git
synced 2024-12-13 20:06:32 +02:00
precalc the ge_p3 representation of H
This commit is contained in:
parent
ef56529f93
commit
1b867e7f40
@ -871,3 +871,9 @@ const fe fe_fffb2 = {8166131, -6741800, -17040804, 3154616, 21461005, 1466302, -
|
|||||||
const fe fe_fffb3 = {-13620103, 14639558, 4532995, 7679154, 16815101, -15883539, -22863840, -14813421, 13716513, -6477756}; /* sqrt(-sqrt(-1) * A * (A + 2)) */
|
const fe fe_fffb3 = {-13620103, 14639558, 4532995, 7679154, 16815101, -15883539, -22863840, -14813421, 13716513, -6477756}; /* sqrt(-sqrt(-1) * A * (A + 2)) */
|
||||||
const fe fe_fffb4 = {-21786234, -12173074, 21573800, 4524538, -4645904, 16204591, 8012863, -8444712, 3212926, 6885324}; /* sqrt(sqrt(-1) * A * (A + 2)) */
|
const fe fe_fffb4 = {-21786234, -12173074, 21573800, 4524538, -4645904, 16204591, 8012863, -8444712, 3212926, 6885324}; /* sqrt(sqrt(-1) * A * (A + 2)) */
|
||||||
const ge_p3 ge_p3_identity = { {0}, {1, 0}, {1, 0}, {0} };
|
const ge_p3 ge_p3_identity = { {0}, {1, 0}, {1, 0}, {0} };
|
||||||
|
const ge_p3 ge_p3_H = {
|
||||||
|
{7329926, -15101362, 31411471, 7614783, 27996851, -3197071, -11157635, -6878293, 466949, -7986503},
|
||||||
|
{5858699, 5096796, 21321203, -7536921, -5553480, -11439507, -5627669, 15045946, 19977121, 5275251},
|
||||||
|
{1, 0, 0, 0, 0, 0, 0, 0, 0, 0},
|
||||||
|
{23443568, -5110398, -8776029, -4345135, 6889568, -14710814, 7474843, 3279062, 14550766, -7453428}
|
||||||
|
};
|
||||||
|
@ -140,6 +140,7 @@ extern const fe fe_fffb2;
|
|||||||
extern const fe fe_fffb3;
|
extern const fe fe_fffb3;
|
||||||
extern const fe fe_fffb4;
|
extern const fe fe_fffb4;
|
||||||
extern const ge_p3 ge_p3_identity;
|
extern const ge_p3 ge_p3_identity;
|
||||||
|
extern const ge_p3 ge_p3_H;
|
||||||
void ge_fromfe_frombytes_vartime(ge_p2 *, const unsigned char *);
|
void ge_fromfe_frombytes_vartime(ge_p2 *, const unsigned char *);
|
||||||
void sc_0(unsigned char *);
|
void sc_0(unsigned char *);
|
||||||
void sc_reduce32(unsigned char *);
|
void sc_reduce32(unsigned char *);
|
||||||
|
@ -521,8 +521,8 @@ Bulletproof bulletproof_PROVE(const rct::key &sv, const rct::key &gamma)
|
|||||||
// PAPER LINES 47-48
|
// PAPER LINES 47-48
|
||||||
rct::key tau1 = rct::skGen(), tau2 = rct::skGen();
|
rct::key tau1 = rct::skGen(), tau2 = rct::skGen();
|
||||||
|
|
||||||
rct::key T1 = rct::addKeys(rct::scalarmultKey(rct::H, t1), rct::scalarmultBase(tau1));
|
rct::key T1 = rct::addKeys(rct::scalarmultH(t1), rct::scalarmultBase(tau1));
|
||||||
rct::key T2 = rct::addKeys(rct::scalarmultKey(rct::H, t2), rct::scalarmultBase(tau2));
|
rct::key T2 = rct::addKeys(rct::scalarmultH(t2), rct::scalarmultBase(tau2));
|
||||||
|
|
||||||
// PAPER LINES 49-51
|
// PAPER LINES 49-51
|
||||||
rct::key x = hash_cache_mash(hash_cache, z, T1, T2);
|
rct::key x = hash_cache_mash(hash_cache, z, T1, T2);
|
||||||
@ -592,10 +592,10 @@ Bulletproof bulletproof_PROVE(const rct::key &sv, const rct::key &gamma)
|
|||||||
// PAPER LINES 18-19
|
// PAPER LINES 18-19
|
||||||
L[round] = vector_exponent_custom(slice(Gprime, nprime, Gprime.size()), slice(Hprime, 0, nprime), slice(aprime, 0, nprime), slice(bprime, nprime, bprime.size()));
|
L[round] = vector_exponent_custom(slice(Gprime, nprime, Gprime.size()), slice(Hprime, 0, nprime), slice(aprime, 0, nprime), slice(bprime, nprime, bprime.size()));
|
||||||
sc_mul(tmp.bytes, cL.bytes, x_ip.bytes);
|
sc_mul(tmp.bytes, cL.bytes, x_ip.bytes);
|
||||||
rct::addKeys(L[round], L[round], rct::scalarmultKey(rct::H, tmp));
|
rct::addKeys(L[round], L[round], rct::scalarmultH(tmp));
|
||||||
R[round] = vector_exponent_custom(slice(Gprime, 0, nprime), slice(Hprime, nprime, Hprime.size()), slice(aprime, nprime, aprime.size()), slice(bprime, 0, nprime));
|
R[round] = vector_exponent_custom(slice(Gprime, 0, nprime), slice(Hprime, nprime, Hprime.size()), slice(aprime, nprime, aprime.size()), slice(bprime, 0, nprime));
|
||||||
sc_mul(tmp.bytes, cR.bytes, x_ip.bytes);
|
sc_mul(tmp.bytes, cR.bytes, x_ip.bytes);
|
||||||
rct::addKeys(R[round], R[round], rct::scalarmultKey(rct::H, tmp));
|
rct::addKeys(R[round], R[round], rct::scalarmultH(tmp));
|
||||||
|
|
||||||
// PAPER LINES 21-22
|
// PAPER LINES 21-22
|
||||||
w[round] = hash_cache_mash(hash_cache, L[round], R[round]);
|
w[round] = hash_cache_mash(hash_cache, L[round], R[round]);
|
||||||
@ -764,8 +764,8 @@ Bulletproof bulletproof_PROVE(const rct::keyV &sv, const rct::keyV &gamma)
|
|||||||
// PAPER LINES 47-48
|
// PAPER LINES 47-48
|
||||||
rct::key tau1 = rct::skGen(), tau2 = rct::skGen();
|
rct::key tau1 = rct::skGen(), tau2 = rct::skGen();
|
||||||
|
|
||||||
rct::key T1 = rct::addKeys(rct::scalarmultKey(rct::H, t1), rct::scalarmultBase(tau1));
|
rct::key T1 = rct::addKeys(rct::scalarmultH(t1), rct::scalarmultBase(tau1));
|
||||||
rct::key T2 = rct::addKeys(rct::scalarmultKey(rct::H, t2), rct::scalarmultBase(tau2));
|
rct::key T2 = rct::addKeys(rct::scalarmultH(t2), rct::scalarmultBase(tau2));
|
||||||
|
|
||||||
// PAPER LINES 49-51
|
// PAPER LINES 49-51
|
||||||
rct::key x = hash_cache_mash(hash_cache, z, T1, T2);
|
rct::key x = hash_cache_mash(hash_cache, z, T1, T2);
|
||||||
@ -842,10 +842,10 @@ Bulletproof bulletproof_PROVE(const rct::keyV &sv, const rct::keyV &gamma)
|
|||||||
// PAPER LINES 18-19
|
// PAPER LINES 18-19
|
||||||
L[round] = vector_exponent_custom(slice(Gprime, nprime, Gprime.size()), slice(Hprime, 0, nprime), slice(aprime, 0, nprime), slice(bprime, nprime, bprime.size()));
|
L[round] = vector_exponent_custom(slice(Gprime, nprime, Gprime.size()), slice(Hprime, 0, nprime), slice(aprime, 0, nprime), slice(bprime, nprime, bprime.size()));
|
||||||
sc_mul(tmp.bytes, cL.bytes, x_ip.bytes);
|
sc_mul(tmp.bytes, cL.bytes, x_ip.bytes);
|
||||||
rct::addKeys(L[round], L[round], rct::scalarmultKey(rct::H, tmp));
|
rct::addKeys(L[round], L[round], rct::scalarmultH(tmp));
|
||||||
R[round] = vector_exponent_custom(slice(Gprime, 0, nprime), slice(Hprime, nprime, Hprime.size()), slice(aprime, nprime, aprime.size()), slice(bprime, 0, nprime));
|
R[round] = vector_exponent_custom(slice(Gprime, 0, nprime), slice(Hprime, nprime, Hprime.size()), slice(aprime, nprime, aprime.size()), slice(bprime, 0, nprime));
|
||||||
sc_mul(tmp.bytes, cR.bytes, x_ip.bytes);
|
sc_mul(tmp.bytes, cR.bytes, x_ip.bytes);
|
||||||
rct::addKeys(R[round], R[round], rct::scalarmultKey(rct::H, tmp));
|
rct::addKeys(R[round], R[round], rct::scalarmultH(tmp));
|
||||||
|
|
||||||
// PAPER LINES 21-22
|
// PAPER LINES 21-22
|
||||||
w[round] = hash_cache_mash(hash_cache, L[round], R[round]);
|
w[round] = hash_cache_mash(hash_cache, L[round], R[round]);
|
||||||
@ -964,7 +964,7 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
|
|||||||
sc_muladd(tmp.bytes, z.bytes, ip1y.bytes, k.bytes);
|
sc_muladd(tmp.bytes, z.bytes, ip1y.bytes, k.bytes);
|
||||||
std::vector<MultiexpData> multiexp_data;
|
std::vector<MultiexpData> multiexp_data;
|
||||||
multiexp_data.reserve(3+proof.V.size());
|
multiexp_data.reserve(3+proof.V.size());
|
||||||
multiexp_data.emplace_back(tmp, rct::H);
|
multiexp_data.emplace_back(tmp, ge_p3_H);
|
||||||
for (size_t j = 0; j < proof.V.size(); j++)
|
for (size_t j = 0; j < proof.V.size(); j++)
|
||||||
{
|
{
|
||||||
multiexp_data.emplace_back(zpow[j+2], proof.V[j]);
|
multiexp_data.emplace_back(zpow[j+2], proof.V[j]);
|
||||||
@ -980,7 +980,7 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
|
|||||||
{
|
{
|
||||||
PERF_TIMER_START_BP(VERIFY_line_61rl_old);
|
PERF_TIMER_START_BP(VERIFY_line_61rl_old);
|
||||||
sc_muladd(tmp.bytes, z.bytes, ip1y.bytes, k.bytes);
|
sc_muladd(tmp.bytes, z.bytes, ip1y.bytes, k.bytes);
|
||||||
L61Right = rct::scalarmultKey(rct::H, tmp);
|
L61Right = rct::scalarmultH(tmp);
|
||||||
ge_p3 L61Right_p3;
|
ge_p3 L61Right_p3;
|
||||||
CHECK_AND_ASSERT_THROW_MES(ge_frombytes_vartime(&L61Right_p3, L61Right.bytes) == 0, "ge_frombytes_vartime failed");
|
CHECK_AND_ASSERT_THROW_MES(ge_frombytes_vartime(&L61Right_p3, L61Right.bytes) == 0, "ge_frombytes_vartime failed");
|
||||||
for (size_t j = 0; j+1 < proof.V.size(); j += 2)
|
for (size_t j = 0; j+1 < proof.V.size(); j += 2)
|
||||||
@ -1118,7 +1118,7 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
|
|||||||
sc_sub(tmp.bytes, rct::zero().bytes, z1.bytes);
|
sc_sub(tmp.bytes, rct::zero().bytes, z1.bytes);
|
||||||
rct::addKeys(Y, Y, rct::scalarmultBase(tmp));
|
rct::addKeys(Y, Y, rct::scalarmultBase(tmp));
|
||||||
rct::addKeys(Y, Y, Z2);
|
rct::addKeys(Y, Y, Z2);
|
||||||
rct::addKeys(Y, Y, rct::scalarmultKey(rct::H, z3));
|
rct::addKeys(Y, Y, rct::scalarmultH(z3));
|
||||||
|
|
||||||
std::vector<MultiexpData> multiexp_data;
|
std::vector<MultiexpData> multiexp_data;
|
||||||
multiexp_data.reserve(2 * maxMN);
|
multiexp_data.reserve(2 * maxMN);
|
||||||
|
@ -193,10 +193,8 @@ namespace rct {
|
|||||||
|
|
||||||
//Computes aH where H= toPoint(cn_fast_hash(G)), G the basepoint
|
//Computes aH where H= toPoint(cn_fast_hash(G)), G the basepoint
|
||||||
key scalarmultH(const key & a) {
|
key scalarmultH(const key & a) {
|
||||||
ge_p3 A;
|
|
||||||
ge_p2 R;
|
ge_p2 R;
|
||||||
CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&A, H.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
|
ge_scalarmult(&R, a.bytes, &ge_p3_H);
|
||||||
ge_scalarmult(&R, a.bytes, &A);
|
|
||||||
key aP;
|
key aP;
|
||||||
ge_tobytes(aP.bytes, &R);
|
ge_tobytes(aP.bytes, &R);
|
||||||
return aP;
|
return aP;
|
||||||
|
@ -1086,6 +1086,13 @@ TEST(ringct, zeroCommmit)
|
|||||||
ASSERT_EQ(z, manual);
|
ASSERT_EQ(z, manual);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TEST(ringct, H)
|
||||||
|
{
|
||||||
|
ge_p3 p3;
|
||||||
|
ASSERT_EQ(ge_frombytes_vartime(&p3, rct::H.bytes), 0);
|
||||||
|
ASSERT_EQ(memcmp(&p3, &ge_p3_H, sizeof(ge_p3)), 0);
|
||||||
|
}
|
||||||
|
|
||||||
TEST(ringct, aggregated)
|
TEST(ringct, aggregated)
|
||||||
{
|
{
|
||||||
static const size_t N_PROOFS = 16;
|
static const size_t N_PROOFS = 16;
|
||||||
|
Loading…
Reference in New Issue
Block a user