From 496f812832544573c43198c9d5f76f34bbd9c3c6 Mon Sep 17 00:00:00 2001
From: jl777 <jameslee777@yahoo.com>
Date: Wed, 31 Aug 2016 23:21:46 -0300
Subject: [PATCH] active handle gets all coins

---
 iguana/iguana_mofn.c     |  2 -
 iguana/iguana_payments.c |  2 +-
 iguana/iguana_secp.c     | 98 ++++++++++++++++++++++++++++++++++++++++
 iguana/main.c            | 30 +++++++++---
 includes/iguana_funcs.h  |  2 +-
 5 files changed, 124 insertions(+), 10 deletions(-)

diff --git a/iguana/iguana_mofn.c b/iguana/iguana_mofn.c
index af585417e..51c82eee4 100755
--- a/iguana/iguana_mofn.c
+++ b/iguana/iguana_mofn.c
@@ -785,5 +785,3 @@ void iguana_schnorr(struct supernet_info *myinfo)
         } else printf("passed n.%d\n",n);
     }
 }
-
-
diff --git a/iguana/iguana_payments.c b/iguana/iguana_payments.c
index e3aa75f42..79f58a38c 100755
--- a/iguana/iguana_payments.c
+++ b/iguana/iguana_payments.c
@@ -546,7 +546,7 @@ ZERO_ARGS(iguana,makekeypair)
     privkey = rand256(1);
     jaddstr(retjson,"result","success");
     jaddstr(retjson,"privkey",bits256_str(str,privkey));
-    jadd(retjson,"rosetta",SuperNET_rosettajson(privkey,1));
+    jadd(retjson,"rosetta",SuperNET_rosettajson(myinfo,privkey,1));
     return(jprint(retjson,1));
 }
 
diff --git a/iguana/iguana_secp.c b/iguana/iguana_secp.c
index ce95fa522..2e25b0ecc 100755
--- a/iguana/iguana_secp.c
+++ b/iguana/iguana_secp.c
@@ -391,6 +391,7 @@ int32_t bitcoin_pederson_tally(void *ctx,uint8_t **commits,int32_t n,int32_t num
     int32_t retval = -1;
     SECP_ENSURE_CTX
     {
+        printf("bitcoin_pederson_tally: n.%d numpos.%d excess %lld\n",n,numpos,(long long)excess);
         if ( secp256k1_pedersen_verify_tally(ctx,(void *)commits,numpos,(void *)&commits[numpos],n - numpos,excess) != 0 )
             retval = 0;
         ENDSECP_ENSURE_CTX
@@ -664,3 +665,100 @@ int32_t iguana_schnorr_test(void *ctx)
     return(errs);
 }
 
+
+/*
+ We start by reminding the reader how confidential transactions work. First, the
+ amounts are coded by the following equation:
+ 
+ C = r*G + v*H
+ 
+ where C is a Pedersen commitment, G and H are fixed nothing-up-my-sleeve elliptic
+ curve group generators, v is the amount, and r is a secret random blinding key.
+ 
+ Attached to this output is a rangeproof which proves that v is in [0, 2^64], so
+ that user cannot exploit the blinding to produce overflow attacks, etc.
+ 
+ To validate a transaction, the verifer will add commitments for all outputs, plus
+ f*H (f here is the transaction fee which is given explicitly) and subtracts all
+ input commitments. The result must be 0, which proves that no amount was created
+ or destroyed overall.
+ 
+ We note that to create such a transaction, the user must know the sum of all the
+ values of r for commitments entries. Therefore, the r-values (and their sums) act
+ as secret keys. If we can make the r output values known only to the recipient,
+ then we have an authentication system! Unfortunately, if we keep the rule that
+ commits all add to 0, this is impossible, because the sender knows the sum of
+ all _his_ r values, and therefore knows the receipient's r values sum to the
+ negative of that. So instead, we allow the transaction to sum to a nonzero value
+ k*G, and require a signature of an empty string with this as key, to prove its
+ amount component is zero.
+ 
+ We let transactions have as many k*G values as they want, each with a signature,
+ and sum them during verification.
+ 
+ To create transactions sender and recipient do following ritual:
+ 
+ 1. Sender and recipient agree on amount to be sent. Call this b.
+ 
+ 2. Sender creates transaction with all inputs and change output(s), and gives
+ recipient the total blinding factor (r-value of change minus r-values of
+ inputs) along with this transaction. So the commitments sum to r*G - b*H.
+ 
+ 3. Recipient chooses random r-values for his outputs, and values that sum
+ to b minus fee, and adds these to transaction (including range proof).
+ Now the commitments sum to k*G - fee*H for some k that only recipient
+ knows.
+ 
+ 4. Recipient attaches signature with k to the transaction, and the explicit
+ fee. It has done.
+ */
+
+void test_mimblewimble(void *ctx)
+{
+    uint8_t commits[100][33],*commitptrs[100]; int64_t inputs[8],inputsum,amount,change,txfee,totalpos,totalneg; bits256 nonces[100],blinds[100],*blindptrs[100],blindsum; int32_t i,r,numinputs;
+    OS_randombytes((void *)&r,sizeof(r));
+    srand(r);
+    inputs[0] = 100000000;
+    numinputs = 1;
+    inputsum = 0;
+    for (i=0; i<numinputs; i++)
+        inputsum += inputs[i];
+    txfee = 10000;
+    amount = 100000000 / 10;
+    change = inputsum - txfee - amount;
+    totalpos = change;
+    totalneg = inputsum;
+    for (i=0; i<numinputs+2; i++)
+    {
+        nonces[i] = rand256(0);
+        blinds[i] = rand256(0);
+        commitptrs[i] = commits[i];
+        blindptrs[i] = &blinds[i];
+    }
+    if ( bitcoin_pederson_commit(ctx,commits[0],blinds[0],change) < 0  )
+    {
+        printf("error getting change commit\n");
+        return;
+    }
+    for (i=1; i<=numinputs; i++)
+    {
+        if ( bitcoin_pederson_commit(ctx,commits[i],blinds[i],-inputs[i]) < 0 )
+        {
+            printf("error getting input.(%d) commit\n",i);
+            return;
+        }
+    }
+    
+    blindsum = bitcoin_pederson_blindsum(ctx,blindptrs,numinputs+1,1);
+    if ( bits256_nonz(blindsum) == 0 )
+    {
+        printf("error doing blindsum\n");
+        return;
+    }
+    if ( bitcoin_pederson_tally(ctx,commitptrs,numinputs+1,1,totalneg - totalpos) == 0 )
+    {
+        printf("error doing pederson tally\n");
+        return;
+    } else printf("pederson tally matches\n");
+    getchar();
+}
diff --git a/iguana/main.c b/iguana/main.c
index a7faa9424..34ebe7c8f 100755
--- a/iguana/main.c
+++ b/iguana/main.c
@@ -795,10 +795,10 @@ uint8_t *SuperNET_ciphercalc(void **ptrp,int32_t *cipherlenp,bits256 *privkeyp,b
     return(origptr);
 }
 
-cJSON *SuperNET_rosettajson(bits256 privkey,int32_t showprivs)
+cJSON *SuperNET_rosettajson(struct supernet_info *myinfo,bits256 privkey,int32_t showprivs)
 {
     uint8_t rmd160[20],pub[33]; uint64_t nxt64bits; bits256 pubkey;
-    char str2[41],wifbuf[64],addr[64],str[128]; cJSON *retjson;
+    char str2[41],wifbuf[64],addr[64],str[128],coinwif[16]; cJSON *retjson; struct iguana_info *coin,*tmp;
     pubkey = acct777_pubkey(privkey);
     nxt64bits = acct777_nxt64bits(pubkey);
     retjson = cJSON_CreateObject();
@@ -811,7 +811,23 @@ cJSON *SuperNET_rosettajson(bits256 privkey,int32_t showprivs)
     jaddstr(retjson,"btcpubkey",str);
     calc_OP_HASH160(str2,rmd160,str);
     jaddstr(retjson,"rmd160",str2);
-    if ( bitcoin_address(addr,0,pub,33) != 0 )
+    HASH_ITER(hh,myinfo->allcoins,coin,tmp)
+    {
+        if ( coin != 0 && coin->symbol[0] != 0 )
+        {
+            if ( bitcoin_address(addr,coin->chain->pubtype,pub,33) != 0 )
+            {
+                jaddstr(retjson,coin->symbol,addr);
+                sprintf(coinwif,"%swif",coin->symbol);
+                if ( showprivs != 0 )
+                {
+                    bitcoin_priv2wif(wifbuf,privkey,coin->chain->wiftype);
+                    jaddstr(retjson,coinwif,wifbuf);
+                }
+            }
+        }
+    }
+    /*if ( bitcoin_address(addr,0,pub,33) != 0 )
     {
         jaddstr(retjson,"BTC",addr);
         if ( showprivs != 0 )
@@ -828,7 +844,7 @@ cJSON *SuperNET_rosettajson(bits256 privkey,int32_t showprivs)
             bitcoin_priv2wif(wifbuf,privkey,188);
             jaddstr(retjson,"BTCDwif",wifbuf);
         }
-    }
+    }*/
     if ( showprivs != 0 )
         jaddbits256(retjson,"privkey",privkey);
     return(retjson);
@@ -1079,7 +1095,7 @@ THREE_STRINGS(SuperNET,rosetta,passphrase,pin,showprivkey)
         } else printf("error parsing cipher retstr.(%s)\n",cstr);
         free(cstr);
     } else printf("error SuperNET_cipher null return\n");
-    retjson = SuperNET_rosettajson(privkey,flag);
+    retjson = SuperNET_rosettajson(myinfo,privkey,flag);
     jaddstr(retjson,"privcipher",privcipher);
     check = SuperNET_pindecipher(IGUANA_CALLARGS,pin,privcipher);
     if ( memcmp(check.bytes,privkey.bytes,sizeof(check)) != 0 )
@@ -1362,7 +1378,7 @@ ZERO_ARGS(SuperNET,activehandle)
     cJSON *retjson;
     if ( remoteaddr != 0 )
         return(clonestr("{\"error\":\"no remote\"}"));
-    retjson = SuperNET_rosettajson(myinfo->persistent_priv,0);
+    retjson = SuperNET_rosettajson(myinfo,myinfo->persistent_priv,0);
     jaddstr(retjson,"result","success");
     jaddstr(retjson,"handle",myinfo->handle);
     jaddbits256(retjson,"persistent",myinfo->myaddr.persistent);
@@ -1530,6 +1546,8 @@ void iguana_main(void *arg)
     iguana_Qinit();
     myinfo = SuperNET_MYINFO(0);
     libgfshare_init(myinfo,myinfo->logs,myinfo->exps);
+    //void test_mimblewimble(void *ctx);
+    //test_mimblewimble(myinfo->ctx);
     if ( 0 )
     {
         int32_t i; for (i=0; i<10; i++)
diff --git a/includes/iguana_funcs.h b/includes/iguana_funcs.h
index 7537d6539..61a31b0d1 100755
--- a/includes/iguana_funcs.h
+++ b/includes/iguana_funcs.h
@@ -521,7 +521,7 @@ void *category_subscribe(struct supernet_info *myinfo,bits256 category,bits256 k
 char *bitcoin_address(char *coinaddr,uint8_t addrtype,uint8_t *pubkey_or_rmd160,int32_t len);
 char *SuperNET_JSON(struct supernet_info *myinfo,cJSON *json,char *remoteaddr,uint16_t port);
 struct supernet_info *SuperNET_accountfind(cJSON *json);
-cJSON *SuperNET_rosettajson(bits256 privkey,int32_t showprivs);
+cJSON *SuperNET_rosettajson(struct supernet_info *myinfo,bits256 privkey,int32_t showprivs);
 double instantdex_aveprice(struct supernet_info *myinfo,struct exchange_quote *sortbuf,int32_t max,double *totalvolp,char *base,char *rel,double basevolume,cJSON *argjson);
 char *SuperNET_keysinit(struct supernet_info *myinfo,char *argjsonstr);
 char *SuperNET_parser(struct supernet_info *myinfo,char *agentstr,char *method,cJSON *json,char *remoteaddr);