active handle gets all coins

8 years ago · 496f812832
5 changed files with 124 additions and 10 deletions
--- a/iguana/iguana_mofn.c
+++ b/iguana/iguana_mofn.c
@ -785,5 +785,3 @@ void iguana_schnorr(struct supernet_info *myinfo)
        } else printf("passed n.%d\n",n);
    }
 }
-
-
--- a/iguana/iguana_payments.c
+++ b/iguana/iguana_payments.c
@ -546,7 +546,7 @@ ZERO_ARGS(iguana,makekeypair)
    privkey = rand256(1);
    jaddstr(retjson,"result","success");
    jaddstr(retjson,"privkey",bits256_str(str,privkey));
-    jadd(retjson,"rosetta",SuperNET_rosettajson(privkey,1));
+    jadd(retjson,"rosetta",SuperNET_rosettajson(myinfo,privkey,1));
    return(jprint(retjson,1));
 }

--- a/iguana/iguana_secp.c
+++ b/iguana/iguana_secp.c
@ -391,6 +391,7 @@ int32_t bitcoin_pederson_tally(void *ctx,uint8_t **commits,int32_t n,int32_t num
    int32_t retval = -1;
    SECP_ENSURE_CTX
    {
+        printf("bitcoin_pederson_tally: n.%d numpos.%d excess %lld\n",n,numpos,(long long)excess);
        if ( secp256k1_pedersen_verify_tally(ctx,(void *)commits,numpos,(void *)&commits[numpos],n - numpos,excess) != 0 )
            retval = 0;
        ENDSECP_ENSURE_CTX
@ -664,3 +665,100 @@ int32_t iguana_schnorr_test(void *ctx)
    return(errs);
 }

+
+/*
+ We start by reminding the reader how confidential transactions work. First, the
+ amounts are coded by the following equation:
+ 
+ C = r*G + v*H
+ 
+ where C is a Pedersen commitment, G and H are fixed nothing-up-my-sleeve elliptic
+ curve group generators, v is the amount, and r is a secret random blinding key.
+ 
+ Attached to this output is a rangeproof which proves that v is in [0, 2^64], so
+ that user cannot exploit the blinding to produce overflow attacks, etc.
+ 
+ To validate a transaction, the verifer will add commitments for all outputs, plus
+ f*H (f here is the transaction fee which is given explicitly) and subtracts all
+ input commitments. The result must be 0, which proves that no amount was created
+ or destroyed overall.
+ 
+ We note that to create such a transaction, the user must know the sum of all the
+ values of r for commitments entries. Therefore, the r-values (and their sums) act
+ as secret keys. If we can make the r output values known only to the recipient,
+ then we have an authentication system! Unfortunately, if we keep the rule that
+ commits all add to 0, this is impossible, because the sender knows the sum of
+ all _his_ r values, and therefore knows the receipient's r values sum to the
+ negative of that. So instead, we allow the transaction to sum to a nonzero value
+ k*G, and require a signature of an empty string with this as key, to prove its
+ amount component is zero.
+ 
+ We let transactions have as many k*G values as they want, each with a signature,
+ and sum them during verification.
+ 
+ To create transactions sender and recipient do following ritual:
+ 
+ 1. Sender and recipient agree on amount to be sent. Call this b.
+ 
+ 2. Sender creates transaction with all inputs and change output(s), and gives
+ recipient the total blinding factor (r-value of change minus r-values of
+ inputs) along with this transaction. So the commitments sum to r*G - b*H.
+ 
+ 3. Recipient chooses random r-values for his outputs, and values that sum
+ to b minus fee, and adds these to transaction (including range proof).
+ Now the commitments sum to k*G - fee*H for some k that only recipient
+ knows.
+ 
+ 4. Recipient attaches signature with k to the transaction, and the explicit
+ fee. It has done.
+ */
+
+void test_mimblewimble(void *ctx)
+{
+    uint8_t commits[100][33],*commitptrs[100]; int64_t inputs[8],inputsum,amount,change,txfee,totalpos,totalneg; bits256 nonces[100],blinds[100],*blindptrs[100],blindsum; int32_t i,r,numinputs;
+    OS_randombytes((void *)&r,sizeof(r));
+    srand(r);
+    inputs[0] = 100000000;
+    numinputs = 1;
+    inputsum = 0;
+    for (i=0; i<numinputs; i++)
+        inputsum += inputs[i];
+    txfee = 10000;
+    amount = 100000000 / 10;
+    change = inputsum - txfee - amount;
+    totalpos = change;
+    totalneg = inputsum;
+    for (i=0; i<numinputs+2; i++)
+    {
+        nonces[i] = rand256(0);
+        blinds[i] = rand256(0);
+        commitptrs[i] = commits[i];
+        blindptrs[i] = &blinds[i];
+    }
+    if ( bitcoin_pederson_commit(ctx,commits[0],blinds[0],change) < 0  )
+    {
+        printf("error getting change commit\n");
+        return;
+    }
+    for (i=1; i<=numinputs; i++)
+    {
+        if ( bitcoin_pederson_commit(ctx,commits[i],blinds[i],-inputs[i]) < 0 )
+        {
+            printf("error getting input.(%d) commit\n",i);
+            return;
+        }
+    }
+    
+    blindsum = bitcoin_pederson_blindsum(ctx,blindptrs,numinputs+1,1);
+    if ( bits256_nonz(blindsum) == 0 )
+    {
+        printf("error doing blindsum\n");
+        return;
+    }
+    if ( bitcoin_pederson_tally(ctx,commitptrs,numinputs+1,1,totalneg - totalpos) == 0 )
+    {
+        printf("error doing pederson tally\n");
+        return;
+    } else printf("pederson tally matches\n");
+    getchar();
+}
--- a/iguana/main.c
+++ b/iguana/main.c
@ -795,10 +795,10 @@ uint8_t *SuperNET_ciphercalc(void **ptrp,int32_t *cipherlenp,bits256 *privkeyp,b
    return(origptr);
 }

-cJSON *SuperNET_rosettajson(bits256 privkey,int32_t showprivs)
+cJSON *SuperNET_rosettajson(struct supernet_info *myinfo,bits256 privkey,int32_t showprivs)
 {
    uint8_t rmd160[20],pub[33]; uint64_t nxt64bits; bits256 pubkey;
-    char str2[41],wifbuf[64],addr[64],str[128]; cJSON *retjson;
+    char str2[41],wifbuf[64],addr[64],str[128],coinwif[16]; cJSON *retjson; struct iguana_info *coin,*tmp;
    pubkey = acct777_pubkey(privkey);
    nxt64bits = acct777_nxt64bits(pubkey);
    retjson = cJSON_CreateObject();
@ -811,7 +811,23 @@ cJSON *SuperNET_rosettajson(bits256 privkey,int32_t showprivs)
    jaddstr(retjson,"btcpubkey",str);
    calc_OP_HASH160(str2,rmd160,str);
    jaddstr(retjson,"rmd160",str2);
-    if ( bitcoin_address(addr,0,pub,33) != 0 )
+    HASH_ITER(hh,myinfo->allcoins,coin,tmp)
+    {
+        if ( coin != 0 && coin->symbol[0] != 0 )
+        {
+            if ( bitcoin_address(addr,coin->chain->pubtype,pub,33) != 0 )
+            {
+                jaddstr(retjson,coin->symbol,addr);
+                sprintf(coinwif,"%swif",coin->symbol);
+                if ( showprivs != 0 )
+                {
+                    bitcoin_priv2wif(wifbuf,privkey,coin->chain->wiftype);
+                    jaddstr(retjson,coinwif,wifbuf);
+                }
+            }
+        }
+    }
+    /*if ( bitcoin_address(addr,0,pub,33) != 0 )
    {
        jaddstr(retjson,"BTC",addr);
        if ( showprivs != 0 )
@ -828,7 +844,7 @@ cJSON *SuperNET_rosettajson(bits256 privkey,int32_t showprivs)
            bitcoin_priv2wif(wifbuf,privkey,188);
            jaddstr(retjson,"BTCDwif",wifbuf);
        }
-    }
+    }*/
    if ( showprivs != 0 )
        jaddbits256(retjson,"privkey",privkey);
    return(retjson);
@ -1079,7 +1095,7 @@ THREE_STRINGS(SuperNET,rosetta,passphrase,pin,showprivkey)
        } else printf("error parsing cipher retstr.(%s)\n",cstr);
        free(cstr);
    } else printf("error SuperNET_cipher null return\n");
-    retjson = SuperNET_rosettajson(privkey,flag);
+    retjson = SuperNET_rosettajson(myinfo,privkey,flag);
    jaddstr(retjson,"privcipher",privcipher);
    check = SuperNET_pindecipher(IGUANA_CALLARGS,pin,privcipher);
    if ( memcmp(check.bytes,privkey.bytes,sizeof(check)) != 0 )
@ -1362,7 +1378,7 @@ ZERO_ARGS(SuperNET,activehandle)
    cJSON *retjson;
    if ( remoteaddr != 0 )
        return(clonestr("{\"error\":\"no remote\"}"));
-    retjson = SuperNET_rosettajson(myinfo->persistent_priv,0);
+    retjson = SuperNET_rosettajson(myinfo,myinfo->persistent_priv,0);
    jaddstr(retjson,"result","success");
    jaddstr(retjson,"handle",myinfo->handle);
    jaddbits256(retjson,"persistent",myinfo->myaddr.persistent);
@ -1530,6 +1546,8 @@ void iguana_main(void *arg)
    iguana_Qinit();
    myinfo = SuperNET_MYINFO(0);
    libgfshare_init(myinfo,myinfo->logs,myinfo->exps);
+    //void test_mimblewimble(void *ctx);
+    //test_mimblewimble(myinfo->ctx);
    if ( 0 )
    {
        int32_t i; for (i=0; i<10; i++)
--- a/includes/iguana_funcs.h
+++ b/includes/iguana_funcs.h
@ -521,7 +521,7 @@ void *category_subscribe(struct supernet_info *myinfo,bits256 category,bits256 k
 char *bitcoin_address(char *coinaddr,uint8_t addrtype,uint8_t *pubkey_or_rmd160,int32_t len);
 char *SuperNET_JSON(struct supernet_info *myinfo,cJSON *json,char *remoteaddr,uint16_t port);
 struct supernet_info *SuperNET_accountfind(cJSON *json);
-cJSON *SuperNET_rosettajson(bits256 privkey,int32_t showprivs);
+cJSON *SuperNET_rosettajson(struct supernet_info *myinfo,bits256 privkey,int32_t showprivs);
 double instantdex_aveprice(struct supernet_info *myinfo,struct exchange_quote *sortbuf,int32_t max,double *totalvolp,char *base,char *rel,double basevolume,cJSON *argjson);
 char *SuperNET_keysinit(struct supernet_info *myinfo,char *argjsonstr);
 char *SuperNET_parser(struct supernet_info *myinfo,char *agentstr,char *method,cJSON *json,char *remoteaddr);