Skip to content

Commit

Permalink
xmr: sign step 06 - comment on bulletproof hashing
Browse files Browse the repository at this point in the history
- hash_bp(bp) != hash(serialize(bp)) because hash does not contain array lengths
  • Loading branch information
ph4r05 committed Oct 2, 2018
1 parent 4abb547 commit 6087475
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion src/apps/monero/protocol/signing/step_06_set_out1.py
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,10 @@ def _range_proof(state, idx, amount, rsig_data=None):
rsig = ring_ct.prove_range_bp_batch(state.output_amounts, state.output_masks)
state.mem_trace("post-bp" if __debug__ else None, collect=True)

# Incremental hashing
# Incremental BP hashing
# BP is hashed with raw=False as hash does not contain L, R
# array sizes compared to the serialized bulletproof format
# thus direct serialization cannot be used.
state.full_message_hasher.rsig_val(rsig, True, raw=False)
state.mem_trace("post-bp-hash" if __debug__ else None, collect=True)

Expand All @@ -205,6 +208,9 @@ def _range_proof(state, idx, amount, rsig_data=None):
bp_obj = misc.parse_msg(rsig_data.rsig, Bulletproof())
rsig_data.rsig = None

# BP is hashed with raw=False as hash does not contain L, R
# array sizes compared to the serialized bulletproof format
# thus direct serialization cannot be used.
state.full_message_hasher.rsig_val(bp_obj, True, raw=False)
res = ring_ct.verify_bp(bp_obj, state.output_amounts, masks)
state.assrt(res, "BP verification fail")
Expand Down

0 comments on commit 6087475

Please sign in to comment.