Electroneum
Loading...
Searching...
No Matches
ringct.cpp
Go to the documentation of this file.
1// Copyrights(c) 2017-2021, The Electroneum Project
2// Copyrights(c) 2014-2019, The Monero Project
3//
4// All rights reserved.
5//
6// Redistribution and use in source and binary forms, with or without modification, are
7// permitted provided that the following conditions are met:
8//
9// 1. Redistributions of source code must retain the above copyright notice, this list of
10// conditions and the following disclaimer.
11//
12// 2. Redistributions in binary form must reproduce the above copyright notice, this list
13// of conditions and the following disclaimer in the documentation and/or other
14// materials provided with the distribution.
15//
16// 3. Neither the name of the copyright holder nor the names of its contributors may be
17// used to endorse or promote products derived from this software without specific
18// prior written permission.
19//
20// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
21// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
22// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
23// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
28// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29//
30// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
31
32#include "gtest/gtest.h"
33
34#include <cstdint>
35#include <algorithm>
36#include <sstream>
37
38#include "ringct/rctTypes.h"
39#include "ringct/rctSigs.h"
40#include "ringct/rctOps.h"
41#include "device/device.hpp"
42
43using namespace std;
44using namespace crypto;
45using namespace rct;
46
47TEST(ringct, Borromean)
48{
49 int j = 0;
50
51 //Tests for Borromean signatures
52 //#boro true one, false one, C != sum Ci, and one out of the range..
53 int N = 64;
54 key64 xv;
55 key64 P1v;
56 key64 P2v;
57 bits indi;
58
59 for (j = 0 ; j < N ; j++) {
60 indi[j] = (int)randEtnAmount(2);
61
62 xv[j] = skGen();
63 if ( (int)indi[j] == 0 ) {
64 scalarmultBase(P1v[j], xv[j]);
65 } else {
66 addKeys1(P1v[j], xv[j], H2[j]);
67 }
68 subKeys(P2v[j], P1v[j], H2[j]);
69 }
70
71 //#true one
72 boroSig bb = genBorromean(xv, P1v, P2v, indi);
73 ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
74
75 //#false one
76 indi[3] = (indi[3] + 1) % 2;
77 bb = genBorromean(xv, P1v, P2v, indi);
78 ASSERT_FALSE(verifyBorromean(bb, P1v, P2v));
79
80 //#true one again
81 indi[3] = (indi[3] + 1) % 2;
82 bb = genBorromean(xv, P1v, P2v, indi);
83 ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
84
85 //#false one
86 bb = genBorromean(xv, P2v, P1v, indi);
87 ASSERT_FALSE(verifyBorromean(bb, P1v, P2v));
88}
89
90TEST(ringct, MG_sigs)
91{
92 int j = 0;
93 int N = 0;
94
95 //Tests for MG Sigs
96 //#MG sig: true one
97 N = 3;// #cols
98 int R = 3;// #rows
99 keyV xtmp = skvGen(R);
100 keyM xm = keyMInit(R, N);// = [[None]*N] #just used to generate test public keys
101 keyV sk = skvGen(R);
102 keyM P = keyMInit(R, N);// = keyM[[None]*N] #stores the public keys;
103 int ind = 2;
104 int i = 0;
105 for (j = 0 ; j < R ; j++) {
106 for (i = 0 ; i < N ; i++)
107 {
108 xm[i][j] = skGen();
109 P[i][j] = scalarmultBase(xm[i][j]);
110 }
111 }
112 for (j = 0 ; j < R ; j++) {
113 sk[j] = xm[ind][j];
114 }
115 key message = identity();
116 mgSig IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R, hw::get_device("default"));
117 ASSERT_TRUE(MLSAG_Ver(message, P, IIccss, R));
118
119 //#MG sig: false one
120 N = 3;// #cols
121 R = 3;// #rows
122 xtmp = skvGen(R);
123 keyM xx(N, xtmp);// = [[None]*N] #just used to generate test public keys
124 sk = skvGen(R);
125 //P (N, xtmp);// = keyM[[None]*N] #stores the public keys;
126
127 ind = 2;
128 for (j = 0 ; j < R ; j++) {
129 for (i = 0 ; i < N ; i++)
130 {
131 xx[i][j] = skGen();
132 P[i][j] = scalarmultBase(xx[i][j]);
133 }
134 sk[j] = xx[ind][j];
135 }
136 sk[2] = skGen();//assume we don't know one of the private keys..
137 IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R, hw::get_device("default"));
138 ASSERT_FALSE(MLSAG_Ver(message, P, IIccss, R));
139}
140
141TEST(ringct, range_proofs)
142{
143 //Ring CT Stuff
144 //ct range proofs
145 ctkeyV sc, pc;
146 ctkey sctmp, pctmp;
147 std::vector<uint64_t> inamounts;
148 //add fake input 6000
149 inamounts.push_back(6000);
150 tie(sctmp, pctmp) = ctskpkGen(inamounts.back());
151 sc.push_back(sctmp);
152 pc.push_back(pctmp);
153
154
155 inamounts.push_back(7000);
156 tie(sctmp, pctmp) = ctskpkGen(inamounts.back());
157 sc.push_back(sctmp);
158 pc.push_back(pctmp);
159 vector<etn_amount >amounts;
160 rct::keyV amount_keys;
161 key mask;
162
163 //add output 500
164 amounts.push_back(500);
165 amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
166 keyV destinations;
167 key Sk, Pk;
168 skpkGen(Sk, Pk);
169 destinations.push_back(Pk);
170
171
172 //add output for 12500
173 amounts.push_back(12500);
174 amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
175 skpkGen(Sk, Pk);
176 destinations.push_back(Pk);
177
178 const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
179
180 //compute rct data with mixin 3 - should fail since full type with > 1 input
181 bool ok = false;
182 try { genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, rct_config, hw::get_device("default")); }
183 catch(...) { ok = true; }
184 ASSERT_TRUE(ok);
185
186 //compute rct data with mixin 3
187 rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config, hw::get_device("default"));
188
189 //verify rct data
190 ASSERT_TRUE(verRctSimple(s));
191
192 //decode received amount
193 decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default"));
194
195 // Ring CT with failing MG sig part should not verify!
196 // Since sum of inputs != outputs
197
198 amounts[1] = 12501;
199 skpkGen(Sk, Pk);
200 destinations[1] = Pk;
201
202
203 //compute rct data with mixin 3
204 s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config, hw::get_device("default"));
205
206 //verify rct data
207 ASSERT_FALSE(verRctSimple(s));
208
209 //decode received amount
210 decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default"));
211}
212
213TEST(ringct, range_proofs_with_fee)
214{
215 //Ring CT Stuff
216 //ct range proofs
217 ctkeyV sc, pc;
218 ctkey sctmp, pctmp;
219 std::vector<uint64_t> inamounts;
220 //add fake input 6001
221 inamounts.push_back(6001);
222 tie(sctmp, pctmp) = ctskpkGen(inamounts.back());
223 sc.push_back(sctmp);
224 pc.push_back(pctmp);
225
226
227 inamounts.push_back(7000);
228 tie(sctmp, pctmp) = ctskpkGen(inamounts.back());
229 sc.push_back(sctmp);
230 pc.push_back(pctmp);
231 vector<etn_amount >amounts;
232 keyV amount_keys;
233 key mask;
234
235 //add output 500
236 amounts.push_back(500);
237 amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
238 keyV destinations;
239 key Sk, Pk;
240 skpkGen(Sk, Pk);
241 destinations.push_back(Pk);
242
243 //add output for 12500
244 amounts.push_back(12500);
245 amount_keys.push_back(hash_to_scalar(zero()));
246 skpkGen(Sk, Pk);
247 destinations.push_back(Pk);
248
249 const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
250
251 //compute rct data with mixin 3
252 rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 1, 3, rct_config, hw::get_device("default"));
253
254 //verify rct data
255 ASSERT_TRUE(verRctSimple(s));
256
257 //decode received amount
258 decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default"));
259
260 // Ring CT with failing MG sig part should not verify!
261 // Since sum of inputs != outputs
262
263 amounts[1] = 12501;
264 skpkGen(Sk, Pk);
265 destinations[1] = Pk;
266
267
268 //compute rct data with mixin 3
269 s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 500, 3, rct_config, hw::get_device("default"));
270
271 //verify rct data
272 ASSERT_FALSE(verRctSimple(s));
273
274 //decode received amount
275 decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default"));
276}
277
278TEST(ringct, simple)
279{
280 ctkeyV sc, pc;
281 ctkey sctmp, pctmp;
282 //this vector corresponds to output amounts
283 vector<etn_amount>outamounts;
284 //this vector corresponds to input amounts
285 vector<etn_amount>inamounts;
286 //this keyV corresponds to destination pubkeys
287 keyV destinations;
288 keyV amount_keys;
289 key mask;
290
291 //add fake input 3000
292 //the sc is secret data
293 //pc is public data
294 tie(sctmp, pctmp) = ctskpkGen(3000);
295 sc.push_back(sctmp);
296 pc.push_back(pctmp);
297 inamounts.push_back(3000);
298
299 //add fake input 3000
300 //the sc is secret data
301 //pc is public data
302 tie(sctmp, pctmp) = ctskpkGen(3000);
303 sc.push_back(sctmp);
304 pc.push_back(pctmp);
305 inamounts.push_back(3000);
306
307 //add output 5000
308 outamounts.push_back(5000);
309 amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
310 //add the corresponding destination pubkey
311 key Sk, Pk;
312 skpkGen(Sk, Pk);
313 destinations.push_back(Pk);
314
315 //add output 999
316 outamounts.push_back(999);
317 amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
318 //add the corresponding destination pubkey
319 skpkGen(Sk, Pk);
320 destinations.push_back(Pk);
321
322 key message = skGen(); //real message later (hash of txn..)
323
324 //compute sig with mixin 2
325 etn_amount txnfee = 1;
326
327 const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
328 rctSig s = genRctSimple(message, sc, pc, destinations,inamounts, outamounts, amount_keys, NULL, NULL, txnfee, 2, rct_config, hw::get_device("default"));
329
330 //verify ring ct signature
331 ASSERT_TRUE(verRctSimple(s));
332
333 //decode received amount corresponding to output pubkey index 1
334 decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default"));
335}
336
337static rct::rctSig make_sample_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], bool last_is_fee)
338{
339 ctkeyV sc, pc;
340 ctkey sctmp, pctmp;
341 vector<etn_amount >amounts;
342 keyV destinations;
343 keyV amount_keys;
344 key Sk, Pk;
345
346 for (int n = 0; n < n_inputs; ++n) {
347 tie(sctmp, pctmp) = ctskpkGen(input_amounts[n]);
348 sc.push_back(sctmp);
349 pc.push_back(pctmp);
350 }
351
352 for (int n = 0; n < n_outputs; ++n) {
353 amounts.push_back(output_amounts[n]);
354 skpkGen(Sk, Pk);
355 if (n < n_outputs - 1 || !last_is_fee)
356 {
357 destinations.push_back(Pk);
358 amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
359 }
360 }
361
362 const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
363 return genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, rct_config, hw::get_device("default"));
364}
365
366static rct::rctSig make_sample_simple_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], uint64_t fee)
367{
368 ctkeyV sc, pc;
369 ctkey sctmp, pctmp;
370 vector<etn_amount> inamounts, outamounts;
371 keyV destinations;
372 keyV amount_keys;
373 key Sk, Pk;
374
375 for (int n = 0; n < n_inputs; ++n) {
376 inamounts.push_back(input_amounts[n]);
377 tie(sctmp, pctmp) = ctskpkGen(input_amounts[n]);
378 sc.push_back(sctmp);
379 pc.push_back(pctmp);
380 }
381
382 for (int n = 0; n < n_outputs; ++n) {
383 outamounts.push_back(output_amounts[n]);
384 amount_keys.push_back(hash_to_scalar(zero()));
385 skpkGen(Sk, Pk);
386 destinations.push_back(Pk);
387 }
388
389 const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
390 return genRctSimple(rct::zero(), sc, pc, destinations, inamounts, outamounts, amount_keys, NULL, NULL, fee, 3, rct_config, hw::get_device("default"));
391}
392
393static bool range_proof_test(bool expected_valid,
394 int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], bool last_is_fee, bool simple)
395{
396 //compute rct data
397 bool valid;
398 try {
399 rctSig s;
400 // simple takes fee as a parameter, non-simple takes it as an extra element to output amounts
401 if (simple) {
402 s = make_sample_simple_rct_sig(n_inputs, input_amounts, last_is_fee ? n_outputs - 1 : n_outputs, output_amounts, last_is_fee ? output_amounts[n_outputs - 1] : 0);
403 valid = verRctSimple(s);
404 }
405 else {
406 s = make_sample_rct_sig(n_inputs, input_amounts, n_outputs, output_amounts, last_is_fee);
407 valid = verRct(s);
408 }
409 }
410 catch (const std::exception &e) {
411 valid = false;
412 }
413
414 if (valid == expected_valid) {
415 return testing::AssertionSuccess();
416 }
417 else {
418 return testing::AssertionFailure();
419 }
420}
421
422#define NELTS(array) (sizeof(array)/sizeof(array[0]))
423
424TEST(ringct, range_proofs_reject_empty_outs)
425{
426 const uint64_t inputs[] = {5000};
427 const uint64_t outputs[] = {};
428 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
429}
430
431TEST(ringct, range_proofs_reject_empty_outs_simple)
432{
433 const uint64_t inputs[] = {5000};
434 const uint64_t outputs[] = {};
435 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
436}
437
438TEST(ringct, range_proofs_reject_empty_ins)
439{
440 const uint64_t inputs[] = {};
441 const uint64_t outputs[] = {5000};
442 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
443}
444
445TEST(ringct, range_proofs_reject_empty_ins_simple)
446{
447 const uint64_t inputs[] = {};
448 const uint64_t outputs[] = {5000};
449 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
450}
451
452TEST(ringct, range_proofs_reject_all_empty)
453{
454 const uint64_t inputs[] = {};
455 const uint64_t outputs[] = {};
456 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
457}
458
459TEST(ringct, range_proofs_reject_all_empty_simple)
460{
461 const uint64_t inputs[] = {};
462 const uint64_t outputs[] = {};
463 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
464}
465
466TEST(ringct, range_proofs_accept_zero_empty)
467{
468 const uint64_t inputs[] = {0};
469 const uint64_t outputs[] = {};
470 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
471}
472
473TEST(ringct, range_proofs_accept_zero_empty_simple)
474{
475 const uint64_t inputs[] = {0};
476 const uint64_t outputs[] = {};
477 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
478}
479
480TEST(ringct, range_proofs_reject_empty_zero)
481{
482 const uint64_t inputs[] = {};
483 const uint64_t outputs[] = {0};
484 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
485}
486
487TEST(ringct, range_proofs_reject_empty_zero_simple)
488{
489 const uint64_t inputs[] = {};
490 const uint64_t outputs[] = {0};
491 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
492}
493
494TEST(ringct, range_proofs_accept_zero_zero)
495{
496 const uint64_t inputs[] = {0};
497 const uint64_t outputs[] = {0};
498 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
499}
500
501TEST(ringct, range_proofs_accept_zero_zero_simple)
502{
503 const uint64_t inputs[] = {0};
504 const uint64_t outputs[] = {0};
505 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
506}
507
508TEST(ringct, range_proofs_accept_zero_out_first)
509{
510 const uint64_t inputs[] = {5000};
511 const uint64_t outputs[] = {0, 5000};
512 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
513}
514
515TEST(ringct, range_proofs_accept_zero_out_first_simple)
516{
517 const uint64_t inputs[] = {5000};
518 const uint64_t outputs[] = {0, 5000};
519 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
520}
521
522TEST(ringct, range_proofs_accept_zero_out_last)
523{
524 const uint64_t inputs[] = {5000};
525 const uint64_t outputs[] = {5000, 0};
526 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
527}
528
529TEST(ringct, range_proofs_accept_zero_out_last_simple)
530{
531 const uint64_t inputs[] = {5000};
532 const uint64_t outputs[] = {5000, 0};
533 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
534}
535
536TEST(ringct, range_proofs_accept_zero_out_middle)
537{
538 const uint64_t inputs[] = {5000};
539 const uint64_t outputs[] = {2500, 0, 2500};
540 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
541}
542
543TEST(ringct, range_proofs_accept_zero_out_middle_simple)
544{
545 const uint64_t inputs[] = {5000};
546 const uint64_t outputs[] = {2500, 0, 2500};
547 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
548}
549
550TEST(ringct, range_proofs_accept_zero)
551{
552 const uint64_t inputs[] = {0};
553 const uint64_t outputs[] = {0};
554 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
555}
556
557TEST(ringct, range_proofs_accept_zero_in_first_simple)
558{
559 const uint64_t inputs[] = {0, 5000};
560 const uint64_t outputs[] = {5000};
561 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
562}
563
564TEST(ringct, range_proofs_accept_zero_in_last_simple)
565{
566 const uint64_t inputs[] = {5000, 0};
567 const uint64_t outputs[] = {5000};
568 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
569}
570
571TEST(ringct, range_proofs_accept_zero_in_middle_simple)
572{
573 const uint64_t inputs[] = {2500, 0, 2500};
574 const uint64_t outputs[] = {5000};
575 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
576}
577
578TEST(ringct, range_proofs_reject_single_lower)
579{
580 const uint64_t inputs[] = {5000};
581 const uint64_t outputs[] = {1};
582 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
583}
584
585TEST(ringct, range_proofs_reject_single_lower_simple)
586{
587 const uint64_t inputs[] = {5000};
588 const uint64_t outputs[] = {1};
589 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
590}
591
592TEST(ringct, range_proofs_reject_single_higher)
593{
594 const uint64_t inputs[] = {5000};
595 const uint64_t outputs[] = {5001};
596 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
597}
598
599TEST(ringct, range_proofs_reject_single_higher_simple)
600{
601 const uint64_t inputs[] = {5000};
602 const uint64_t outputs[] = {5001};
603 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
604}
605
606TEST(ringct, range_proofs_reject_single_out_negative)
607{
608 const uint64_t inputs[] = {5000};
609 const uint64_t outputs[] = {(uint64_t)-1000ll};
610 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
611}
612
613TEST(ringct, range_proofs_reject_single_out_negative_simple)
614{
615 const uint64_t inputs[] = {5000};
616 const uint64_t outputs[] = {(uint64_t)-1000ll};
617 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
618}
619
620TEST(ringct, range_proofs_reject_out_negative_first)
621{
622 const uint64_t inputs[] = {5000};
623 const uint64_t outputs[] = {(uint64_t)-1000ll, 6000};
624 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
625}
626
627TEST(ringct, range_proofs_reject_out_negative_first_simple)
628{
629 const uint64_t inputs[] = {5000};
630 const uint64_t outputs[] = {(uint64_t)-1000ll, 6000};
631 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
632}
633
634TEST(ringct, range_proofs_reject_out_negative_last)
635{
636 const uint64_t inputs[] = {5000};
637 const uint64_t outputs[] = {6000, (uint64_t)-1000ll};
638 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
639}
640
641TEST(ringct, range_proofs_reject_out_negative_last_simple)
642{
643 const uint64_t inputs[] = {5000};
644 const uint64_t outputs[] = {6000, (uint64_t)-1000ll};
645 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
646}
647
648TEST(ringct, range_proofs_reject_out_negative_middle)
649{
650 const uint64_t inputs[] = {5000};
651 const uint64_t outputs[] = {3000, (uint64_t)-1000ll, 3000};
652 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
653}
654
655TEST(ringct, range_proofs_reject_out_negative_middle_simple)
656{
657 const uint64_t inputs[] = {5000};
658 const uint64_t outputs[] = {3000, (uint64_t)-1000ll, 3000};
659 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
660}
661
662TEST(ringct, range_proofs_reject_single_in_negative)
663{
664 const uint64_t inputs[] = {(uint64_t)-1000ll};
665 const uint64_t outputs[] = {5000};
666 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
667}
668
669TEST(ringct, range_proofs_reject_single_in_negative_simple)
670{
671 const uint64_t inputs[] = {(uint64_t)-1000ll};
672 const uint64_t outputs[] = {5000};
673 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
674}
675
676TEST(ringct, range_proofs_reject_in_negative_first)
677{
678 const uint64_t inputs[] = {(uint64_t)-1000ll, 6000};
679 const uint64_t outputs[] = {5000};
680 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
681}
682
683TEST(ringct, range_proofs_reject_in_negative_first_simple)
684{
685 const uint64_t inputs[] = {(uint64_t)-1000ll, 6000};
686 const uint64_t outputs[] = {5000};
687 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
688}
689
690TEST(ringct, range_proofs_reject_in_negative_last)
691{
692 const uint64_t inputs[] = {6000, (uint64_t)-1000ll};
693 const uint64_t outputs[] = {5000};
694 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
695}
696
697TEST(ringct, range_proofs_reject_in_negative_last_simple)
698{
699 const uint64_t inputs[] = {6000, (uint64_t)-1000ll};
700 const uint64_t outputs[] = {5000};
701 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
702}
703
704TEST(ringct, range_proofs_reject_in_negative_middle)
705{
706 const uint64_t inputs[] = {3000, (uint64_t)-1000ll, 3000};
707 const uint64_t outputs[] = {5000};
708 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
709}
710
711TEST(ringct, range_proofs_reject_in_negative_middle_simple)
712{
713 const uint64_t inputs[] = {3000, (uint64_t)-1000ll, 3000};
714 const uint64_t outputs[] = {5000};
715 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
716}
717
718TEST(ringct, range_proofs_reject_higher_list)
719{
720 const uint64_t inputs[] = {5000};
721 const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000, 1000};
722 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
723}
724
725TEST(ringct, range_proofs_reject_higher_list_simple)
726{
727 const uint64_t inputs[] = {5000};
728 const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000, 1000};
729 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
730}
731
732TEST(ringct, range_proofs_accept_1_to_1)
733{
734 const uint64_t inputs[] = {5000};
735 const uint64_t outputs[] = {5000};
736 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
737}
738
739TEST(ringct, range_proofs_accept_1_to_1_simple)
740{
741 const uint64_t inputs[] = {5000};
742 const uint64_t outputs[] = {5000};
743 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
744}
745
746TEST(ringct, range_proofs_accept_1_to_N)
747{
748 const uint64_t inputs[] = {5000};
749 const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000};
750 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
751}
752
753TEST(ringct, range_proofs_accept_1_to_N_simple)
754{
755 const uint64_t inputs[] = {5000};
756 const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000};
757 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false,true));
758}
759
760TEST(ringct, range_proofs_accept_N_to_1_simple)
761{
762 const uint64_t inputs[] = {1000, 1000, 1000, 1000, 1000};
763 const uint64_t outputs[] = {5000};
764 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
765}
766
767TEST(ringct, range_proofs_accept_N_to_N_simple)
768{
769 const uint64_t inputs[] = {1000, 1000, 1000, 1000, 1000};
770 const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000};
771 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
772}
773
774TEST(ringct, range_proofs_accept_very_long_simple)
775{
776 const size_t N=12;
777 uint64_t inputs[N];
778 uint64_t outputs[N];
779 for (size_t n = 0; n < N; ++n) {
780 inputs[n] = n;
781 outputs[n] = n;
782 }
783 std::random_shuffle(inputs, inputs + N);
784 std::random_shuffle(outputs, outputs + N);
785 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
786}
787
788TEST(ringct, HPow2)
789{
790 key G = scalarmultBase(d2h(1));
791
792 key H = hashToPointSimple(G);
793 for (int j = 0 ; j < ATOMS ; j++) {
794 ASSERT_TRUE(equalKeys(H, H2[j]));
795 addKeys(H, H, H);
796 }
797}
798
799static const etn_amount test_amounts[]={0, 1, 2, 3, 4, 5, 10000, 10000000000000000000ull, 10203040506070809000ull, 123456789123456789};
800
801TEST(ringct, d2h)
802{
803 key k, P1;
804 skpkGen(k, P1);
805 for (auto amount: test_amounts) {
806 d2h(k, amount);
807 ASSERT_TRUE(amount == h2d(k));
808 }
809}
810
811TEST(ringct, d2b)
812{
813 for (auto amount: test_amounts) {
814 bits b;
815 d2b(b, amount);
816 ASSERT_TRUE(amount == b2d(b));
817 }
818}
819
820TEST(ringct, prooveRange_is_non_deterministic)
821{
822 key C[2], mask[2];
823 for (int n = 0; n < 2; ++n)
824 proveRange(C[n], mask[n], 80);
825 ASSERT_TRUE(memcmp(C[0].bytes, C[1].bytes, sizeof(C[0].bytes)));
826 ASSERT_TRUE(memcmp(mask[0].bytes, mask[1].bytes, sizeof(mask[0].bytes)));
827}
828
829TEST(ringct, fee_0_valid)
830{
831 const uint64_t inputs[] = {2000};
832 const uint64_t outputs[] = {2000, 0};
833 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
834}
835
836TEST(ringct, fee_0_valid_simple)
837{
838 const uint64_t inputs[] = {1000, 1000};
839 const uint64_t outputs[] = {2000, 0};
840 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
841}
842
843TEST(ringct, fee_non_0_valid)
844{
845 const uint64_t inputs[] = {2000};
846 const uint64_t outputs[] = {1900, 100};
847 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
848}
849
850TEST(ringct, fee_non_0_valid_simple)
851{
852 const uint64_t inputs[] = {1000, 1000};
853 const uint64_t outputs[] = {1900, 100};
854 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
855}
856
857TEST(ringct, fee_non_0_invalid_higher)
858{
859 const uint64_t inputs[] = {1000, 1000};
860 const uint64_t outputs[] = {1990, 100};
861 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
862}
863
864TEST(ringct, fee_non_0_invalid_higher_simple)
865{
866 const uint64_t inputs[] = {1000, 1000};
867 const uint64_t outputs[] = {1990, 100};
868 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
869}
870
871TEST(ringct, fee_non_0_invalid_lower)
872{
873 const uint64_t inputs[] = {1000, 1000};
874 const uint64_t outputs[] = {1000, 100};
875 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
876}
877
878TEST(ringct, fee_non_0_invalid_lower_simple)
879{
880 const uint64_t inputs[] = {1000, 1000};
881 const uint64_t outputs[] = {1000, 100};
882 EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
883}
884
885TEST(ringct, fee_burn_valid_one_out)
886{
887 const uint64_t inputs[] = {2000};
888 const uint64_t outputs[] = {0, 2000};
889 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
890}
891
892TEST(ringct, fee_burn_valid_one_out_simple)
893{
894 const uint64_t inputs[] = {1000, 1000};
895 const uint64_t outputs[] = {0, 2000};
896 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
897}
898
899TEST(ringct, fee_burn_valid_zero_out)
900{
901 const uint64_t inputs[] = {2000};
902 const uint64_t outputs[] = {2000};
903 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
904}
905
906TEST(ringct, fee_burn_valid_zero_out_simple)
907{
908 const uint64_t inputs[] = {1000, 1000};
909 const uint64_t outputs[] = {2000};
910 EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
911}
912
913static rctSig make_sig()
914{
915 static const uint64_t inputs[] = {2000};
916 static const uint64_t outputs[] = {1000, 1000};
917 static rct::rctSig sig = make_sample_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, true);
918 return sig;
919}
920
921#define TEST_rctSig_elements(name, op) \
922TEST(ringct, rctSig_##name) \
923{ \
924 rct::rctSig sig = make_sig(); \
925 ASSERT_TRUE(rct::verRct(sig)); \
926 op; \
927 ASSERT_FALSE(rct::verRct(sig)); \
928}
929
930TEST_rctSig_elements(rangeSigs_empty, sig.p.rangeSigs.resize(0));
931TEST_rctSig_elements(rangeSigs_too_many, sig.p.rangeSigs.push_back(sig.p.rangeSigs.back()));
932TEST_rctSig_elements(rangeSigs_too_few, sig.p.rangeSigs.pop_back());
933TEST_rctSig_elements(mgSig_MG_empty, sig.p.MGs.resize(0));
934TEST_rctSig_elements(mgSig_ss_empty, sig.p.MGs[0].ss.resize(0));
935TEST_rctSig_elements(mgSig_ss_too_many, sig.p.MGs[0].ss.push_back(sig.p.MGs[0].ss.back()));
936TEST_rctSig_elements(mgSig_ss_too_few, sig.p.MGs[0].ss.pop_back());
937TEST_rctSig_elements(mgSig_ss0_empty, sig.p.MGs[0].ss[0].resize(0));
938TEST_rctSig_elements(mgSig_ss0_too_many, sig.p.MGs[0].ss[0].push_back(sig.p.MGs[0].ss[0].back()));
939TEST_rctSig_elements(mgSig_ss0_too_few, sig.p.MGs[0].ss[0].pop_back());
940TEST_rctSig_elements(mgSig_II_empty, sig.p.MGs[0].II.resize(0));
941TEST_rctSig_elements(mgSig_II_too_many, sig.p.MGs[0].II.push_back(sig.p.MGs[0].II.back()));
942TEST_rctSig_elements(mgSig_II_too_few, sig.p.MGs[0].II.pop_back());
943TEST_rctSig_elements(mixRing_empty, sig.mixRing.resize(0));
944TEST_rctSig_elements(mixRing_too_many, sig.mixRing.push_back(sig.mixRing.back()));
945TEST_rctSig_elements(mixRing_too_few, sig.mixRing.pop_back());
946TEST_rctSig_elements(mixRing0_empty, sig.mixRing[0].resize(0));
947TEST_rctSig_elements(mixRing0_too_many, sig.mixRing[0].push_back(sig.mixRing[0].back()));
948TEST_rctSig_elements(mixRing0_too_few, sig.mixRing[0].pop_back());
949TEST_rctSig_elements(ecdhInfo_empty, sig.ecdhInfo.resize(0));
950TEST_rctSig_elements(ecdhInfo_too_many, sig.ecdhInfo.push_back(sig.ecdhInfo.back()));
951TEST_rctSig_elements(ecdhInfo_too_few, sig.ecdhInfo.pop_back());
952TEST_rctSig_elements(outPk_empty, sig.outPk.resize(0));
953TEST_rctSig_elements(outPk_too_many, sig.outPk.push_back(sig.outPk.back()));
954TEST_rctSig_elements(outPk_too_few, sig.outPk.pop_back());
955
956static rct::rctSig make_sig_simple()
957{
958 static const uint64_t inputs[] = {1000, 1000};
959 static const uint64_t outputs[] = {1000};
960 static rct::rctSig sig = make_sample_simple_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, 1000);
961 return sig;
962}
963
964#define TEST_rctSig_elements_simple(name, op) \
965TEST(ringct, rctSig_##name##_simple) \
966{ \
967 rct::rctSig sig = make_sig_simple(); \
968 ASSERT_TRUE(rct::verRctSimple(sig)); \
969 op; \
970 ASSERT_FALSE(rct::verRctSimple(sig)); \
971}
972
973TEST_rctSig_elements_simple(rangeSigs_empty, sig.p.rangeSigs.resize(0));
974TEST_rctSig_elements_simple(rangeSigs_too_many, sig.p.rangeSigs.push_back(sig.p.rangeSigs.back()));
975TEST_rctSig_elements_simple(rangeSigs_too_few, sig.p.rangeSigs.pop_back());
976TEST_rctSig_elements_simple(mgSig_empty, sig.p.MGs.resize(0));
977TEST_rctSig_elements_simple(mgSig_too_many, sig.p.MGs.push_back(sig.p.MGs.back()));
978TEST_rctSig_elements_simple(mgSig_too_few, sig.p.MGs.pop_back());
979TEST_rctSig_elements_simple(mgSig0_ss_empty, sig.p.MGs[0].ss.resize(0));
980TEST_rctSig_elements_simple(mgSig0_ss_too_many, sig.p.MGs[0].ss.push_back(sig.p.MGs[0].ss.back()));
981TEST_rctSig_elements_simple(mgSig0_ss_too_few, sig.p.MGs[0].ss.pop_back());
982TEST_rctSig_elements_simple(mgSig_ss0_empty, sig.p.MGs[0].ss[0].resize(0));
983TEST_rctSig_elements_simple(mgSig_ss0_too_many, sig.p.MGs[0].ss[0].push_back(sig.p.MGs[0].ss[0].back()));
984TEST_rctSig_elements_simple(mgSig_ss0_too_few, sig.p.MGs[0].ss[0].pop_back());
985TEST_rctSig_elements_simple(mgSig0_II_empty, sig.p.MGs[0].II.resize(0));
986TEST_rctSig_elements_simple(mgSig0_II_too_many, sig.p.MGs[0].II.push_back(sig.p.MGs[0].II.back()));
987TEST_rctSig_elements_simple(mgSig0_II_too_few, sig.p.MGs[0].II.pop_back());
988TEST_rctSig_elements_simple(mixRing_empty, sig.mixRing.resize(0));
989TEST_rctSig_elements_simple(mixRing_too_many, sig.mixRing.push_back(sig.mixRing.back()));
990TEST_rctSig_elements_simple(mixRing_too_few, sig.mixRing.pop_back());
991TEST_rctSig_elements_simple(mixRing0_empty, sig.mixRing[0].resize(0));
992TEST_rctSig_elements_simple(mixRing0_too_many, sig.mixRing[0].push_back(sig.mixRing[0].back()));
993TEST_rctSig_elements_simple(mixRing0_too_few, sig.mixRing[0].pop_back());
994TEST_rctSig_elements_simple(pseudoOuts_empty, sig.pseudoOuts.resize(0));
995TEST_rctSig_elements_simple(pseudoOuts_too_many, sig.pseudoOuts.push_back(sig.pseudoOuts.back()));
996TEST_rctSig_elements_simple(pseudoOuts_too_few, sig.pseudoOuts.pop_back());
997TEST_rctSig_elements_simple(ecdhInfo_empty, sig.ecdhInfo.resize(0));
998TEST_rctSig_elements_simple(ecdhInfo_too_many, sig.ecdhInfo.push_back(sig.ecdhInfo.back()));
999TEST_rctSig_elements_simple(ecdhInfo_too_few, sig.ecdhInfo.pop_back());
1000TEST_rctSig_elements_simple(outPk_empty, sig.outPk.resize(0));
1001TEST_rctSig_elements_simple(outPk_too_many, sig.outPk.push_back(sig.outPk.back()));
1002TEST_rctSig_elements_simple(outPk_too_few, sig.outPk.pop_back());
1003
1004TEST(ringct, reject_gen_simple_ver_non_simple)
1005{
1006 const uint64_t inputs[] = {1000, 1000};
1007 const uint64_t outputs[] = {1000};
1008 rct::rctSig sig = make_sample_simple_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, 1000);
1009 ASSERT_FALSE(rct::verRct(sig));
1010}
1011
1012TEST(ringct, reject_gen_non_simple_ver_simple)
1013{
1014 const uint64_t inputs[] = {2000};
1015 const uint64_t outputs[] = {1000, 1000};
1016 rct::rctSig sig = make_sample_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, true);
1017 ASSERT_FALSE(rct::verRctSimple(sig));
1018}
1019
1020TEST(ringct, key_ostream)
1021{
1022 std::stringstream out;
1023 out << "BEGIN" << rct::H << "END";
1024 EXPECT_EQ(
1025 std::string{"BEGIN<8b655970153799af2aeadc9ff1add0ea6c7251d54154cfa92c173a0dd39c1f94>END"},
1026 out.str()
1027 );
1028}
1029
1030TEST(ringct, zeroCommmit)
1031{
1032 static const uint64_t amount = crypto::rand<uint64_t>();
1033 const rct::key z = rct::zeroCommit(amount);
1034 const rct::key a = rct::scalarmultBase(rct::identity());
1035 const rct::key b = rct::scalarmultH(rct::d2h(amount));
1036 const rct::key manual = rct::addKeys(a, b);
1037 ASSERT_EQ(z, manual);
1038}
1039
1040static rct::key uncachedZeroCommit(uint64_t amount)
1041{
1042 const rct::key am = rct::d2h(amount);
1043 const rct::key bH = rct::scalarmultH(am);
1044 return rct::addKeys(rct::G, bH);
1045}
1046
1047TEST(ringct, zeroCommitCache)
1048{
1049 ASSERT_EQ(rct::zeroCommit(0), uncachedZeroCommit(0));
1050 ASSERT_EQ(rct::zeroCommit(1), uncachedZeroCommit(1));
1051 ASSERT_EQ(rct::zeroCommit(2), uncachedZeroCommit(2));
1052 ASSERT_EQ(rct::zeroCommit(10), uncachedZeroCommit(10));
1053 ASSERT_EQ(rct::zeroCommit(200), uncachedZeroCommit(200));
1054 ASSERT_EQ(rct::zeroCommit(1000000000), uncachedZeroCommit(1000000000));
1055 ASSERT_EQ(rct::zeroCommit(3000000000000), uncachedZeroCommit(3000000000000));
1056 ASSERT_EQ(rct::zeroCommit(900000000000000), uncachedZeroCommit(900000000000000));
1057}
1058
1059TEST(ringct, H)
1060{
1061 ge_p3 p3;
1062 ASSERT_EQ(ge_frombytes_vartime(&p3, rct::H.bytes), 0);
1063 ASSERT_EQ(memcmp(&p3, &ge_p3_H, sizeof(ge_p3)), 0);
1064}
1065
1066TEST(ringct, mul8)
1067{
1068 ASSERT_EQ(rct::scalarmult8(rct::identity()), rct::identity());
1069 ASSERT_EQ(rct::scalarmult8(rct::H), rct::scalarmultKey(rct::H, rct::EIGHT));
1070 ASSERT_EQ(rct::scalarmultKey(rct::scalarmultKey(rct::H, rct::INV_EIGHT), rct::EIGHT), rct::H);
1071}
1072
1073TEST(ringct, aggregated)
1074{
1075 static const size_t N_PROOFS = 16;
1076 std::vector<rctSig> s(N_PROOFS);
1077 std::vector<const rctSig*> sp(N_PROOFS);
1078
1079 for (size_t n = 0; n < N_PROOFS; ++n)
1080 {
1081 static const uint64_t inputs[] = {1000, 1000};
1082 static const uint64_t outputs[] = {500, 1500};
1083 s[n] = make_sample_simple_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, 0);
1084 sp[n] = &s[n];
1085 }
1086
1087 ASSERT_TRUE(verRctSemanticsSimple(sp));
1088}
ge_p3_H
const ge_p3 ge_p3_H
message
std::string message("Message requiring signing")
ASSERT_EQ
#define ASSERT_EQ(val1, val2)
Definition gtest.h:1956
EXPECT_EQ
#define EXPECT_EQ(val1, val2)
Definition gtest.h:1922
ASSERT_FALSE
#define ASSERT_FALSE(condition)
Definition gtest.h:1868
EXPECT_TRUE
#define EXPECT_TRUE(condition)
Definition gtest.h:1859
TEST
#define TEST(test_case_name, test_name)
Definition gtest.h:2187
ASSERT_TRUE
#define ASSERT_TRUE(condition)
Definition gtest.h:1865
crypto
crypto namespace.
Definition crypto.cpp:58
crypto::addKeys
public_key addKeys(const public_key &A, const public_key &B)
Definition crypto.h:339
crypto::rand
std::enable_if< std::is_pod< T >::value, T >::type rand()
Definition crypto.h:216
crypto::ge_frombytes_vartime
int ge_frombytes_vartime(ge_p3 *, const unsigned char *)
crypto::hash_to_scalar
void hash_to_scalar(const void *data, size_t length, ec_scalar &res)
Definition crypto.cpp:126
hw::get_device
device & get_device(const std::string &device_descriptor)
Definition device.cpp:95
rct::scalarmultBase
void scalarmultBase(key &aG, const key &a)
Definition rctOps.cpp:350
rct::hash_to_scalar
void hash_to_scalar(key &hash, const void *data, const std::size_t l)
Definition rctOps.cpp:536
rct::decodeRctSimple
etn_amount decodeRctSimple(const rctSig &rv, const key &sk, unsigned int i, key &mask, hw::device &hwdev)
Definition rctSigs.cpp:1180
rct::etn_amount
uint64_t etn_amount
Definition rctTypes.h:135
rct::hashToPointSimple
key hashToPointSimple(const key &hh)
Definition rctOps.cpp:624
rct::keyV
std::vector< key > keyV
Definition rctTypes.h:88
rct::keyM
std::vector< keyV > keyM
Definition rctTypes.h:89
rct::scalarmultH
key scalarmultH(const key &a)
Definition rctOps.cpp:389
rct::skGen
key skGen()
Definition rctOps.cpp:258
rct::subKeys
void subKeys(key &AB, const key &A, const key &B)
Definition rctOps.cpp:505
rct::zeroCommit
key zeroCommit(etn_amount amount)
Definition rctOps.cpp:322
rct::genBorromean
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices)
Definition rctSigs.cpp:109
rct::key64
key key64[64]
Definition rctTypes.h:137
rct::verRct
bool verRct(const rctSig &rv, bool semantics)
Definition rctSigs.cpp:913
rct::skpkGen
tuple< key, key > skpkGen()
Definition rctOps.cpp:290
rct::bits
unsigned int bits[ATOMS]
Definition rctTypes.h:136
rct::genRct
rctSig genRct(const key &message, const ctkeyV &inSk, const keyV &destinations, const vector< etn_amount > &amounts, const ctkeyM &mixRing, const keyV &amount_keys, const multisig_kLRki *kLRki, multisig_out *msout, unsigned int index, ctkeyV &outSk, const RCTConfig &rct_config, hw::device &hwdev)
Definition rctSigs.cpp:690
rct::scalarmultKey
void scalarmultKey(key &aP, const key &P, const key &a)
Definition rctOps.cpp:368
rct::h2d
etn_amount h2d(const key &test)
Definition rctTypes.cpp:161
rct::addKeys1
void addKeys1(key &aGB, const key &a, const key &B)
Definition rctOps.cpp:459
rct::ctkeyV
std::vector< ctkey > ctkeyV
Definition rctTypes.h:100
rct::skvGen
keyV skvGen(size_t rows)
Definition rctOps.cpp:266
rct::addKeys
void addKeys(key &AB, const key &A, const key &B)
Definition rctOps.cpp:420
rct::verRctSemanticsSimple
bool verRctSemanticsSimple(const std::vector< const rctSig * > &rvv)
Definition rctSigs.cpp:975
rct::scalarmult8
key scalarmult8(const key &P)
Definition rctOps.cpp:398
rct::MLSAG_Gen
mgSig MLSAG_Gen(const key &message, const keyM &pk, const keyV &xx, const multisig_kLRki *kLRki, key *mscout, const unsigned int index, size_t dsRows, hw::device &hwdev)
Definition rctSigs.cpp:174
rct::d2h
void d2h(key &amounth, const etn_amount in)
Definition rctTypes.cpp:119
rct::b2d
etn_amount b2d(bits amountb)
Definition rctTypes.cpp:205
rct::zero
key zero()
Definition rctOps.h:70
rct::ctskpkGen
tuple< ctkey, ctkey > ctskpkGen(etn_amount amount)
Definition rctOps.cpp:302
rct::RangeProofBorromean
@ RangeProofBorromean
Definition rctTypes.h:235
rct::d2b
void d2b(bits amountb, etn_amount val)
Definition rctTypes.cpp:145
rct::genRctSimple
rctSig genRctSimple(const key &message, const ctkeyV &inSk, const keyV &destinations, const vector< etn_amount > &inamounts, const vector< etn_amount > &outamounts, etn_amount txnFee, const ctkeyM &mixRing, const keyV &amount_keys, const std::vector< multisig_kLRki > *kLRki, multisig_out *msout, const std::vector< unsigned int > &index, ctkeyV &outSk, const RCTConfig &rct_config, hw::device &hwdev)
Definition rctSigs.cpp:752
rct::MLSAG_Ver
bool MLSAG_Ver(const key &message, const keyM &pk, const mgSig &rv, size_t dsRows)
Definition rctSigs.cpp:271
rct::keyMInit
keyM keyMInit(size_t rows, size_t cols)
Definition rctOps.cpp:227
rct::equalKeys
bool equalKeys(const key &a, const key &b)
Definition rctOps.cpp:519
rct::proveRange
rangeSig proveRange(key &C, key &mask, const etn_amount &amount)
Definition rctSigs.cpp:336
rct::verifyBorromean
bool verifyBorromean(const boroSig &bb, const ge_p3 P1[64], const ge_p3 P2[64])
Definition rctSigs.cpp:140
rct::identity
key identity()
Definition rctOps.h:73
rct::randEtnAmount
etn_amount randEtnAmount(etn_amount upperlimit)
Definition rctOps.cpp:343
std
STL namespace.
testing::AssertionSuccess
GTEST_API_ AssertionResult AssertionSuccess()
testing::AssertionFailure
GTEST_API_ AssertionResult AssertionFailure()
a
const GenericPointer< typename T::ValueType > T2 T::AllocatorType & a
Definition pointer.h:1124
ATOMS
#define ATOMS
Definition rctTypes.h:65
TEST_rctSig_elements_simple
#define TEST_rctSig_elements_simple(name, op)
Definition ringct.cpp:964
NELTS
#define NELTS(array)
Definition ringct.cpp:422
TEST_rctSig_elements
#define TEST_rctSig_elements(name, op)
Definition ringct.cpp:921
uint64_t
unsigned __int64 uint64_t
Definition stdint.h:136
ge_p3
Definition crypto-ops.h:46
rct::rctSigBase::ecdhInfo
std::vector< ecdhTuple > ecdhInfo
Definition rctTypes.h:246
rct::rctSig::p
rctSigPrunable p
Definition rctTypes.h:437
rct::rctSigPrunable::MGs
std::vector< mgSig > MGs
Definition rctTypes.h:321
rct::rctSigPrunable::rangeSigs
std::vector< rangeSig > rangeSigs
Definition rctTypes.h:319