|
|
|
/**********************************************************************
|
|
|
|
* Copyright (c) 2014, 2015 Pieter Wuille, Gregory Maxwell *
|
|
|
|
* Distributed under the MIT software license, see the accompanying *
|
|
|
|
* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
|
|
|
|
**********************************************************************/
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
|
|
|
|
#include "../include/secp256k1_rangeproof.h"
|
|
|
|
#include "util.h"
|
|
|
|
#include "bench.h"
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
secp256k1_context *ctx;
|
|
|
|
unsigned char commit[33];
|
|
|
|
unsigned char proof[5134];
|
|
|
|
unsigned char message[4096];
|
|
|
|
unsigned char blind[32];
|
|
|
|
unsigned char nonce[32];
|
|
|
|
int prooflen;
|
|
|
|
int min_bits;
|
|
|
|
uint64_t v;
|
|
|
|
} bench_rangeproof_t;
|
|
|
|
|
|
|
|
static void bench_rangeproof_setup(void* arg)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
uint64_t minv;
|
|
|
|
uint64_t maxv;
|
|
|
|
bench_rangeproof_t *data = (bench_rangeproof_t *)arg;
|
|
|
|
for (i = 0; i < 32; i++)
|
|
|
|
{
|
|
|
|
data->blind[i] = rand();
|
|
|
|
data->nonce[i] = rand();
|
|
|
|
}
|
|
|
|
#define PRIVATEBITS 32
|
|
|
|
#define PUBLICDIGITS 0
|
|
|
|
#define ENCODEVALUE 2
|
|
|
|
data->v = ENCODEVALUE;
|
|
|
|
CHECK(secp256k1_pedersen_commit(data->ctx, data->commit, data->blind, data->v));
|
|
|
|
data->prooflen = 5134;
|
|
|
|
for (i=0; i<data->prooflen; i++)
|
|
|
|
{
|
|
|
|
//data->proof[i] = i;
|
|
|
|
if ( i < sizeof(data->prooflen) )
|
|
|
|
data->message[i] = i;
|
|
|
|
}
|
|
|
|
CHECK(secp256k1_rangeproof_sign(data->ctx, data->proof, &data->prooflen,0, data->commit, data->blind, data->nonce, PUBLICDIGITS, data->min_bits, data->v));
|
|
|
|
//for (i=0; i<data->prooflen; i++)
|
|
|
|
// printf("%02x",data->proof[i]);
|
|
|
|
CHECK(secp256k1_rangeproof_verify(data->ctx, &minv, &maxv, data->commit, data->proof, data->prooflen));
|
|
|
|
printf(" proof.%d [%llx, %llx]\n",data->prooflen,(long long)minv,(long long)maxv);
|
|
|
|
uint8_t blindout[32],message_out[5134]; uint64_t value_out,min_value,max_value; int32_t outlen;
|
|
|
|
for (i=0; i<32; i++)
|
|
|
|
message_out[i] = 0;
|
|
|
|
CHECK(secp256k1_rangeproof_rewind(data->ctx,blindout,&value_out,message_out,&outlen,data->nonce,&min_value,&max_value,data->commit,data->proof,data->prooflen));
|
|
|
|
for (i=0; i<32; i++)
|
|
|
|
printf("%02x:%02x",data->blind[i],blindout[i]);
|
|
|
|
printf(" blind, ");
|
|
|
|
for (i=0; i<outlen; i++)
|
|
|
|
if ( message_out[i] != 0 )
|
|
|
|
printf("%02x",message_out[i]);
|
|
|
|
printf(" message.%d, [%llx, %llx] value %llx prooflen.%d\n",outlen,(long long)min_value,(long long)max_value,(long long)value_out,data->prooflen);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void bench_rangeproof(void* arg)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
bench_rangeproof_t *data = (bench_rangeproof_t*)arg;
|
|
|
|
|
|
|
|
for (i = 0; i < 1000; i++) {
|
|
|
|
int j;
|
|
|
|
uint64_t minv;
|
|
|
|
uint64_t maxv;
|
|
|
|
j = secp256k1_rangeproof_verify(data->ctx, &minv, &maxv, data->commit, data->proof, data->prooflen);
|
|
|
|
for (j = 0; j < 4; j++)
|
|
|
|
{
|
|
|
|
data->proof[j + 2 + 32 *((data->min_bits + 1) >> 1) - 4] = (i >> 8)&255;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int proofmain(void)
|
|
|
|
{
|
|
|
|
bench_rangeproof_t data;
|
|
|
|
|
|
|
|
data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
|
|
|
|
secp256k1_pedersen_context_initialize(data.ctx);
|
|
|
|
secp256k1_rangeproof_context_initialize(data.ctx);
|
|
|
|
|
|
|
|
data.min_bits = PRIVATEBITS;
|
|
|
|
|
|
|
|
run_benchmark("rangeproof_verify_bit", bench_rangeproof, bench_rangeproof_setup, NULL, &data, 10, 1000 * data.min_bits);
|
|
|
|
|
|
|
|
secp256k1_context_destroy(data.ctx);
|
|
|
|
return 0;
|
|
|
|
}
|