273 lines
12 KiB

/******************************************************************************
* Copyright © 2014-2016 The SuperNET Developers. *
* *
* See the AUTHORS, DEVELOPER-AGREEMENT and LICENSE files at *
* the top-level directory of this distribution for the individual copyright *
* holder information and the developer policies on copyright and licensing. *
* *
* Unless otherwise agreed in a custom licensing agreement, no part of the *
* SuperNET software, including this file may be copied, modified, propagated *
* or distributed except according to the terms contained in the LICENSE file *
* *
* Removal or modification of this copyright notice is prohibited. *
* *
******************************************************************************/
// BTCoffer:
// sends NXT assetid, volume and desired
// request:
// other node sends (othercoin, othercoinaddr, otherNXT and reftx that expires well before phasedtx)
// proposal:
// NXT node submits phasedtx that refers to it, but it wont confirm
// approve:
// other node verifies unconfirmed has phasedtx and broadcasts cltv, also to NXT node, releases trigger
// confirm:
// NXT node verifies bitcoin txbytes has proper payment and cashes in with onetimepubkey
// BTC* node approves phased tx with onetimepubkey
char *instantdex_PAXswap(struct supernet_info *myinfo,struct exchange_info *exchange,struct instantdex_accept *ap,char *cmdstr,struct instantdex_msghdr *msg,cJSON *argjson,char *remoteaddr,uint64_t signerbits,uint8_t *data,int32_t datalen) // receiving side
{
char *retstr = 0;
return(clonestr("{\"error\":\"PAX swap is not yet\"}"));
if ( strcmp(cmdstr,"offer") == 0 )
{
}
else if ( strcmp(cmdstr,"proposal") == 0 )
{
}
else if ( strcmp(cmdstr,"accept") == 0 )
{
}
else if ( strcmp(cmdstr,"confirm") == 0 )
{
}
else retstr = clonestr("{\"error\":\"PAX swap got unrecognized command\"}");
return(retstr);
}
#include "../../includes/secp256k1.h"
//#include "../../crypto777/secp256k1/modules/rangeproof/pedersen_impl.h"
//#include "../../crypto777/secp256k1/modules/rangeproof/borromean_impl.h"
//#include "../../crypto777/secp256k1/modules/rangeproof/rangeproof_impl.h"
void secp256k1_pedersen_context_initialize(secp256k1_context_t *ctx);
int secp256k1_pedersen_commit(const secp256k1_context_t* ctx, unsigned char *commit, unsigned char *blind, uint64_t value);
int secp256k1_pedersen_blind_sum(const secp256k1_context_t* ctx, unsigned char *blind_out, const unsigned char * const *blinds, int n, int npositive);
int secp256k1_pedersen_verify_tally(const secp256k1_context_t* ctx, const unsigned char * const *commits, int pcnt,const unsigned char * const *ncommits, int ncnt, int64_t excess);
// ./configure --enable-module-ecdh --enable-module-schnorr --enable-module-rangeproof
void CHECK(int32_t val) { if ( val != 1 ) printf("error\n"),getchar(); }
typedef struct {
uint64_t d[4];
} secp256k1_scalar_t;
static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar_t* a) {
bin[0] = a->d[3] >> 56; bin[1] = a->d[3] >> 48; bin[2] = a->d[3] >> 40; bin[3] = a->d[3] >> 32; bin[4] = a->d[3] >> 24; bin[5] = a->d[3] >> 16; bin[6] = a->d[3] >> 8; bin[7] = a->d[3];
bin[8] = a->d[2] >> 56; bin[9] = a->d[2] >> 48; bin[10] = a->d[2] >> 40; bin[11] = a->d[2] >> 32; bin[12] = a->d[2] >> 24; bin[13] = a->d[2] >> 16; bin[14] = a->d[2] >> 8; bin[15] = a->d[2];
bin[16] = a->d[1] >> 56; bin[17] = a->d[1] >> 48; bin[18] = a->d[1] >> 40; bin[19] = a->d[1] >> 32; bin[20] = a->d[1] >> 24; bin[21] = a->d[1] >> 16; bin[22] = a->d[1] >> 8; bin[23] = a->d[1];
bin[24] = a->d[0] >> 56; bin[25] = a->d[0] >> 48; bin[26] = a->d[0] >> 40; bin[27] = a->d[0] >> 32; bin[28] = a->d[0] >> 24; bin[29] = a->d[0] >> 16; bin[30] = a->d[0] >> 8; bin[31] = a->d[0];
}
#define SECP256K1_N_0 ((uint64_t)0xBFD25E8CD0364141ULL)
#define SECP256K1_N_1 ((uint64_t)0xBAAEDCE6AF48A03BULL)
#define SECP256K1_N_2 ((uint64_t)0xFFFFFFFFFFFFFFFEULL)
#define SECP256K1_N_3 ((uint64_t)0xFFFFFFFFFFFFFFFFULL)
/* Limbs of 2^256 minus the secp256k1 order. */
#define SECP256K1_N_C_0 (~SECP256K1_N_0 + 1)
#define SECP256K1_N_C_1 (~SECP256K1_N_1)
#define SECP256K1_N_C_2 (1)
static int secp256k1_scalar_check_overflow(const secp256k1_scalar_t *a) {
int yes = 0;
int no = 0;
no |= (a->d[3] < SECP256K1_N_3); /* No need for a > check. */
no |= (a->d[2] < SECP256K1_N_2);
yes |= (a->d[2] > SECP256K1_N_2) & ~no;
no |= (a->d[1] < SECP256K1_N_1);
yes |= (a->d[1] > SECP256K1_N_1) & ~no;
yes |= (a->d[0] >= SECP256K1_N_0) & ~no;
return yes;
}
typedef unsigned uint128_t __attribute__((mode(TI)));
static int secp256k1_scalar_reduce(secp256k1_scalar_t *r, unsigned int overflow) {
uint128_t t;
t = (uint128_t)r->d[0] + overflow * SECP256K1_N_C_0;
r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
t += (uint128_t)r->d[1] + overflow * SECP256K1_N_C_1;
r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
t += (uint128_t)r->d[2] + overflow * SECP256K1_N_C_2;
r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64;
t += (uint64_t)r->d[3];
r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL;
return overflow;
}
static void secp256k1_scalar_set_b32(secp256k1_scalar_t *r, const unsigned char *b32, int *overflow) {
int over;
r->d[0] = (uint64_t)b32[31] | (uint64_t)b32[30] << 8 | (uint64_t)b32[29] << 16 | (uint64_t)b32[28] << 24 | (uint64_t)b32[27] << 32 | (uint64_t)b32[26] << 40 | (uint64_t)b32[25] << 48 | (uint64_t)b32[24] << 56;
r->d[1] = (uint64_t)b32[23] | (uint64_t)b32[22] << 8 | (uint64_t)b32[21] << 16 | (uint64_t)b32[20] << 24 | (uint64_t)b32[19] << 32 | (uint64_t)b32[18] << 40 | (uint64_t)b32[17] << 48 | (uint64_t)b32[16] << 56;
r->d[2] = (uint64_t)b32[15] | (uint64_t)b32[14] << 8 | (uint64_t)b32[13] << 16 | (uint64_t)b32[12] << 24 | (uint64_t)b32[11] << 32 | (uint64_t)b32[10] << 40 | (uint64_t)b32[9] << 48 | (uint64_t)b32[8] << 56;
r->d[3] = (uint64_t)b32[7] | (uint64_t)b32[6] << 8 | (uint64_t)b32[5] << 16 | (uint64_t)b32[4] << 24 | (uint64_t)b32[3] << 32 | (uint64_t)b32[2] << 40 | (uint64_t)b32[1] << 48 | (uint64_t)b32[0] << 56;
over = secp256k1_scalar_reduce(r, secp256k1_scalar_check_overflow(r));
if (overflow) {
*overflow = over;
}
}
void random_scalar_order(secp256k1_scalar_t *num) {
do {
unsigned char b32[32];
int overflow = 0;
OS_randombytes(b32,sizeof(b32));
//secp256k1_rand256(b32);
secp256k1_scalar_set_b32(num, b32, &overflow);
if ( overflow != 0 || bits256_nonz(*(bits256 *)num) == 0 )
continue;
break;
} while(1);
}
bits256 rand_secp()
{
bits256 s,ret;
random_scalar_order((void *)&s);
secp256k1_scalar_get_b32((void *)&ret,(void *)&s);
return(ret);
}
void test_pedersen(void) {
secp256k1_context_t *ctx;
ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
secp256k1_pedersen_context_initialize(ctx);
unsigned char commits[33*19];
const unsigned char *cptr[19];
unsigned char blinds[32*19];
const unsigned char *bptr[19];
uint64_t values[19];
int64_t totalv;
secp256k1_scalar_t s;
int i; uint8_t r,r2;
int inputs;
int outputs;
int total;
OS_randombytes((void *)&r,sizeof(r));
OS_randombytes((void *)&r2,sizeof(r2));
inputs = (r & 7) + 1;
outputs = (r2 & 7) + 2;
total = inputs + outputs;
printf("inputs.%d outputs.%d\n",inputs,outputs);
for (i = 0; i < 19; i++) {
cptr[i] = &commits[i * 33];
bptr[i] = &blinds[i * 32];
}
totalv = 0;
for (i = 0; i < inputs; i++) {
OS_randombytes((void *)&r,sizeof(r));
values[i] = r;
totalv += values[i];
}
if (1 ){//rand() & 1) {
for (i = 0; i < outputs; i++) {
int64_t max = INT64_MAX;
if (totalv < 0) {
max += totalv;
}
OS_randombytes((void *)&r,sizeof(r));
values[i + inputs] = r;
totalv -= values[i + inputs];
}
} else {
for (i = 0; i < outputs - 1; i++) {
OS_randombytes((void *)&r,sizeof(r));
values[i + inputs] = r;
totalv -= values[i + inputs];
}
values[total - 1] = totalv >> (rand() & 1);
totalv -= values[total - 1];
}
for (i = 0; i < total - 1; i++) {
random_scalar_order(&s);
secp256k1_scalar_get_b32(&blinds[i * 32], &s);
}
CHECK(secp256k1_pedersen_blind_sum(ctx, &blinds[(total - 1) * 32], bptr, total - 1, inputs));
printf("sum total.%d %lld\n",total,(long long)values[total-1]);
for (i = 0; i < total; i++) {
printf("%llu ",(long long)values[i]);
CHECK(secp256k1_pedersen_commit(ctx, &commits[i * 33], &blinds[i * 32], values[i]));
}
printf("commits totalv.%lld\n",(long long)totalv);
CHECK(secp256k1_pedersen_verify_tally(ctx, cptr, inputs, &cptr[inputs], outputs, totalv));
printf("tally\n");
CHECK(!secp256k1_pedersen_verify_tally(ctx, cptr, inputs, &cptr[inputs], outputs, totalv + 1));
printf("!tally\n");
getchar();
return;
for (i = 0; i < 4; i++) {
//OS_randombytes(&blinds[i * 32],32);
*(bits256 *)&blinds[i * 32] = rand_secp();
}
values[0] = INT64_MAX;
values[1] = 0;
values[2] = 1;
for (i = 0; i < 3; i++) {
CHECK(secp256k1_pedersen_commit(ctx, &commits[i * 33], &blinds[i * 32], values[i]));
}
printf("a\n");
CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[1], 1, &cptr[2], 1, -1));
printf("b\n");
CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[2], 1, &cptr[1], 1, 1));
printf("c\n");
CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[0], 1, &cptr[0], 1, 0));
printf("d\n");
CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[0], 1, &cptr[1], 1, INT64_MAX));
printf("e\n");
CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[1], 1, &cptr[1], 1, 0));
printf("f\n");
CHECK(secp256k1_pedersen_verify_tally(ctx, &cptr[1], 1, &cptr[0], 1, -INT64_MAX));
printf("g\n");
}
void ztest()
{
#ifdef __APPLE__
printf("ztests\n");
//test_pedersen();
secp256k1_context_t *ctx; uint8_t commits[13][33],blinds[13][32]; int32_t i,j,ret,retvals[13]; int64_t val,excess = 0; const uint8_t *commitptrs[13],*blindptrs[13]; bits256 s;
ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
secp256k1_pedersen_context_initialize(ctx);
for (j=0; j<13; j++)
{
blindptrs[j] = blinds[j];
commitptrs[j] = commits[j];
s = rand_secp();
memcpy(blinds[j],s.bytes,sizeof(s));
//OS_randombytes(blinds[j],sizeof(blinds[j]));
}
ret = secp256k1_pedersen_blind_sum(ctx,blinds[12],blindptrs,12,12);
for (i=0; i<32; i++)
printf("%02x",blindptrs[12][i]);
printf(" blindsum.%d\n",ret);
for (j=0; j<13; j++)
{
val = (j < 12) ? (j + 1) : -excess;
while ( 1 )
{
retvals[j] = secp256k1_pedersen_commit(ctx,commits[j],blinds[j],val);
//if ( commits[j][0] == 0x02 )
break;
}
if ( j < 12 )
excess += val;
for (i=0; i<33; i++)
printf("%02x",commits[j][i]);
printf(" pederson commit.%d val.%lld\n",retvals[j],(long long)val);
}
ret = secp256k1_pedersen_verify_tally(ctx,commitptrs,12,&commitptrs[12],1,0);
printf("tally.%d vs %lld\n",ret,(long long)excess);
//getchar();
#endif
}