Skip to content

Commit

Permalink
MimbleWimble(Tests): addressed comments
Browse files Browse the repository at this point in the history
Addressed code review comments. Added latest Fsdk package in
order to use BetterAssert function.
  • Loading branch information
webwarrior-ws committed Oct 16, 2023
1 parent e379c4e commit 2259386
Show file tree
Hide file tree
Showing 7 changed files with 140 additions and 128 deletions.
18 changes: 11 additions & 7 deletions src/NLitecoin/MimbleWimble/EC.fs
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ open Org.BouncyCastle.Math
open Org.BouncyCastle.Math.EC
open Org.BouncyCastle.Crypto.Digests

let curve = ECNamedCurveTable.GetByName("secp256k1")
let curve = ECNamedCurveTable.GetByName "secp256k1"
let domainParams = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H, curve.GetSeed())

// see https://github.com/bitcoin-core/secp256k1/issues/1180#issuecomment-1356859346
Expand Down Expand Up @@ -42,7 +42,8 @@ type BigInteger with

type NBitcoin.Secp256k1.ECPrivKey with
member self.ToBytes() =
let bytes = Array.zeroCreate 32
let numBytesInPrivateKey = 32
let bytes = Array.zeroCreate numBytesInPrivateKey
self.WriteToSpan(bytes.AsSpan())
bytes

Expand Down Expand Up @@ -88,28 +89,31 @@ let IsQuadVar (elem: ECFieldElement) =
Jakobi elem >= 0

let SchnorrSign (key: array<byte>) (msgHash: array<byte>) : Signature =
let numBytesInSha256 = 32
let k0 =
let hasher = Sha256Digest()
hasher.BlockUpdate(key, 0, key.Length)
hasher.BlockUpdate(msgHash, 0, msgHash.Length)
let arr = Array.zeroCreate 32
let arr = Array.zeroCreate numBytesInSha256
hasher.DoFinal(arr, 0) |> ignore
BigInteger.FromByteArrayUnsigned(arr).Mod(scalarOrder)

if k0 = BigInteger.Zero then
failwith "Failure. This happens only with negligible probability."

let keyScalar = BigInteger.FromByteArrayUnsigned key
assert(keyScalar < scalarOrder)
Fsdk.Misc.BetterAssert (keyScalar < scalarOrder) "key is not in range [0; scalarOrder)"

let R = generatorG.Multiply(k0).Normalize()
let k = if Jakobi R.AffineYCoord <> 1 then scalarOrder.Subtract k0 else k0
let e =
let hasher = Sha256Digest()
hasher.BlockUpdate(R.AffineXCoord.GetEncoded(), 0, 32)
hasher.BlockUpdate(generatorG.Multiply(keyScalar).GetEncoded(true), 0, 33)
let xEncoded = R.AffineXCoord.GetEncoded()
hasher.BlockUpdate(xEncoded, 0, xEncoded.Length)
let keyScalarTimesGEncoded = generatorG.Multiply(keyScalar).GetEncoded(true)
hasher.BlockUpdate(keyScalarTimesGEncoded, 0, keyScalarTimesGEncoded.Length)
hasher.BlockUpdate(msgHash, 0, msgHash.Length)
let arr = Array.zeroCreate 32
let arr = Array.zeroCreate numBytesInSha256
hasher.DoFinal(arr, 0) |> ignore
BigInteger.FromByteArrayUnsigned(arr).Mod(scalarOrder)

Expand Down
4 changes: 2 additions & 2 deletions src/NLitecoin/MimbleWimble/Pedersen.fs
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ let DeserializeCommitment (commitment: PedersenCommitment) : ECPoint =
point

/// Generates a pedersen commitment: *commit = blind * G + value * H. The blinding factor is 32 bytes.
let Commit (value: CAmount) (blind: BlindingFactor) : PedersenCommitment =
let Commit (value: Amount) (blind: BlindingFactor) : PedersenCommitment =
let result =
let blind = blind.ToUInt256().ToBytes() |> BigInteger.FromByteArrayUnsigned
let a = generatorG.Multiply(blind)
Expand All @@ -39,7 +39,7 @@ let Commit (value: CAmount) (blind: BlindingFactor) : PedersenCommitment =
PedersenCommitment(BigInt bytes)

/// Calculates the blinding factor x' = x + SHA256(xG+vH | xJ), used in the switch commitment x'G+vH.
let BlindSwitch (blindingFactor: BlindingFactor) (amount: CAmount) : BlindingFactor =
let BlindSwitch (blindingFactor: BlindingFactor) (amount: Amount) : BlindingFactor =
let hasher = Sha256Digest()

let x = blindingFactor.ToUInt256().ToBytes() |> BigInteger.FromByteArrayUnsigned
Expand Down
34 changes: 20 additions & 14 deletions src/NLitecoin/MimbleWimble/TransactionBuilder.fs
Original file line number Diff line number Diff line change
Expand Up @@ -249,17 +249,23 @@ let private CreateOutputs (recipients: seq<Recipient>) : Outputs =
let private CreateKernel
(blind: BlindingFactor)
(stealthBlind: BlindingFactor)
(fee: CAmount)
(peginAmount: Option<CAmount>)
(fee: Amount)
(peginAmount: Option<Amount>)
(pegouts: array<PegOutCoin>)
: Kernel =
let featuresByte =
(if fee > 0L then KernelFeatures.FEE_FEATURE_BIT else enum 0) |||
(match peginAmount with
| Some value when value > 0L -> KernelFeatures.PEGIN_FEATURE_BIT
| _ -> enum 0) |||
(if pegouts.Length > 0 then KernelFeatures.PEGOUT_FEATURE_BIT else enum 0) |||
KernelFeatures.STEALTH_EXCESS_FEATURE_BIT
(if fee > 0L then
KernelFeatures.FEE_FEATURE_BIT
else
enum 0)
||| (match peginAmount with
| Some value when value > 0L -> KernelFeatures.PEGIN_FEATURE_BIT
| _ -> enum 0)
||| (if pegouts.Length > 0 then
KernelFeatures.PEGOUT_FEATURE_BIT
else
enum 0)
||| KernelFeatures.STEALTH_EXCESS_FEATURE_BIT

let excessCommit = Pedersen.Commit 0L blind

Expand All @@ -278,14 +284,14 @@ let private CreateKernel
let stream = BitcoinStream(byteStream, true)

stream.ReadWrite (featuresByte |> uint8) |> ignore
Helpers.write stream excessCommit
Helpers.Write stream excessCommit
stream.ReadWriteAsVarInt (fee |> uint64 |> ref)
match peginAmount with
| Some amount -> stream.ReadWriteAsVarInt (amount |> uint64 |> ref)
| None -> ()
if pegouts.Length > 0 then
Helpers.writeArray stream pegouts
Helpers.write stream (BigInt stealthExcess)
Helpers.WriteArray stream pegouts
Helpers.Write stream (BigInt stealthExcess)

let hasher = Hasher()
hasher.Write(byteStream.ToArray())
Expand All @@ -312,8 +318,8 @@ let BuildTransaction
(inputCoins: array<Coin>)
(recipients: array<Recipient>)
(pegouts: array<PegOutCoin>)
(peginAmount: Option<CAmount>)
(fee: CAmount)
(peginAmount: Option<Amount>)
(fee: Amount)
: TransactionBuildResult =
let pegoutTotal = pegouts |> Array.sumBy (fun pegout -> pegout.Amount)
let recipientTotal = recipients |> Array.sumBy (fun recipient -> recipient.Amount)
Expand All @@ -328,7 +334,7 @@ let BuildTransaction
pegoutTotal
recipientTotal
fee)
raise (IncorrectBalanceException msg)
raise <| IncorrectBalanceException msg

let inputs = CreateInputs inputCoins
let outputs = CreateOutputs recipients
Expand Down
Loading

0 comments on commit 2259386

Please sign in to comment.