Electroneum
ringct.cpp
Go to the documentation of this file.
1 // Copyrights(c) 2017-2021, The Electroneum Project
2 // Copyrights(c) 2014-2019, The Monero Project
3 //
4 // All rights reserved.
5 //
6 // Redistribution and use in source and binary forms, with or without modification, are
7 // permitted provided that the following conditions are met:
8 //
9 // 1. Redistributions of source code must retain the above copyright notice, this list of
10 // conditions and the following disclaimer.
11 //
12 // 2. Redistributions in binary form must reproduce the above copyright notice, this list
13 // of conditions and the following disclaimer in the documentation and/or other
14 // materials provided with the distribution.
15 //
16 // 3. Neither the name of the copyright holder nor the names of its contributors may be
17 // used to endorse or promote products derived from this software without specific
18 // prior written permission.
19 //
20 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
21 // EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
22 // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
23 // THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27 // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
28 // THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 //
30 // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
31 
32 #include "gtest/gtest.h"
33 
34 #include <cstdint>
35 #include <algorithm>
36 #include <sstream>
37 
38 #include "ringct/rctTypes.h"
39 #include "ringct/rctSigs.h"
40 #include "ringct/rctOps.h"
41 #include "device/device.hpp"
42 
43 using namespace std;
44 using namespace crypto;
45 using namespace rct;
46 
47 TEST(ringct, Borromean)
48 {
49  int j = 0;
50 
51  //Tests for Borromean signatures
52  //#boro true one, false one, C != sum Ci, and one out of the range..
53  int N = 64;
54  key64 xv;
55  key64 P1v;
56  key64 P2v;
57  bits indi;
58 
59  for (j = 0 ; j < N ; j++) {
60  indi[j] = (int)randEtnAmount(2);
61 
62  xv[j] = skGen();
63  if ( (int)indi[j] == 0 ) {
64  scalarmultBase(P1v[j], xv[j]);
65  } else {
66  addKeys1(P1v[j], xv[j], H2[j]);
67  }
68  subKeys(P2v[j], P1v[j], H2[j]);
69  }
70 
71  //#true one
72  boroSig bb = genBorromean(xv, P1v, P2v, indi);
73  ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
74 
75  //#false one
76  indi[3] = (indi[3] + 1) % 2;
77  bb = genBorromean(xv, P1v, P2v, indi);
78  ASSERT_FALSE(verifyBorromean(bb, P1v, P2v));
79 
80  //#true one again
81  indi[3] = (indi[3] + 1) % 2;
82  bb = genBorromean(xv, P1v, P2v, indi);
83  ASSERT_TRUE(verifyBorromean(bb, P1v, P2v));
84 
85  //#false one
86  bb = genBorromean(xv, P2v, P1v, indi);
87  ASSERT_FALSE(verifyBorromean(bb, P1v, P2v));
88 }
89 
90 TEST(ringct, MG_sigs)
91 {
92  int j = 0;
93  int N = 0;
94 
95  //Tests for MG Sigs
96  //#MG sig: true one
97  N = 3;// #cols
98  int R = 3;// #rows
99  keyV xtmp = skvGen(R);
100  keyM xm = keyMInit(R, N);// = [[None]*N] #just used to generate test public keys
101  keyV sk = skvGen(R);
102  keyM P = keyMInit(R, N);// = keyM[[None]*N] #stores the public keys;
103  int ind = 2;
104  int i = 0;
105  for (j = 0 ; j < R ; j++) {
106  for (i = 0 ; i < N ; i++)
107  {
108  xm[i][j] = skGen();
109  P[i][j] = scalarmultBase(xm[i][j]);
110  }
111  }
112  for (j = 0 ; j < R ; j++) {
113  sk[j] = xm[ind][j];
114  }
115  key message = identity();
116  mgSig IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R, hw::get_device("default"));
117  ASSERT_TRUE(MLSAG_Ver(message, P, IIccss, R));
118 
119  //#MG sig: false one
120  N = 3;// #cols
121  R = 3;// #rows
122  xtmp = skvGen(R);
123  keyM xx(N, xtmp);// = [[None]*N] #just used to generate test public keys
124  sk = skvGen(R);
125  //P (N, xtmp);// = keyM[[None]*N] #stores the public keys;
126 
127  ind = 2;
128  for (j = 0 ; j < R ; j++) {
129  for (i = 0 ; i < N ; i++)
130  {
131  xx[i][j] = skGen();
132  P[i][j] = scalarmultBase(xx[i][j]);
133  }
134  sk[j] = xx[ind][j];
135  }
136  sk[2] = skGen();//assume we don't know one of the private keys..
137  IIccss = MLSAG_Gen(message, P, sk, NULL, NULL, ind, R, hw::get_device("default"));
138  ASSERT_FALSE(MLSAG_Ver(message, P, IIccss, R));
139 }
140 
141 TEST(ringct, range_proofs)
142 {
143  //Ring CT Stuff
144  //ct range proofs
145  ctkeyV sc, pc;
146  ctkey sctmp, pctmp;
147  std::vector<uint64_t> inamounts;
148  //add fake input 6000
149  inamounts.push_back(6000);
150  tie(sctmp, pctmp) = ctskpkGen(inamounts.back());
151  sc.push_back(sctmp);
152  pc.push_back(pctmp);
153 
154 
155  inamounts.push_back(7000);
156  tie(sctmp, pctmp) = ctskpkGen(inamounts.back());
157  sc.push_back(sctmp);
158  pc.push_back(pctmp);
159  vector<etn_amount >amounts;
160  rct::keyV amount_keys;
161  key mask;
162 
163  //add output 500
164  amounts.push_back(500);
165  amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
166  keyV destinations;
167  key Sk, Pk;
168  skpkGen(Sk, Pk);
169  destinations.push_back(Pk);
170 
171 
172  //add output for 12500
173  amounts.push_back(12500);
174  amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
175  skpkGen(Sk, Pk);
176  destinations.push_back(Pk);
177 
178  const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
179 
180  //compute rct data with mixin 3 - should fail since full type with > 1 input
181  bool ok = false;
182  try { genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, rct_config, hw::get_device("default")); }
183  catch(...) { ok = true; }
184  ASSERT_TRUE(ok);
185 
186  //compute rct data with mixin 3
187  rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config, hw::get_device("default"));
188 
189  //verify rct data
190  ASSERT_TRUE(verRctSimple(s));
191 
192  //decode received amount
193  decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default"));
194 
195  // Ring CT with failing MG sig part should not verify!
196  // Since sum of inputs != outputs
197 
198  amounts[1] = 12501;
199  skpkGen(Sk, Pk);
200  destinations[1] = Pk;
201 
202 
203  //compute rct data with mixin 3
204  s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 0, 3, rct_config, hw::get_device("default"));
205 
206  //verify rct data
207  ASSERT_FALSE(verRctSimple(s));
208 
209  //decode received amount
210  decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default"));
211 }
212 
213 TEST(ringct, range_proofs_with_fee)
214 {
215  //Ring CT Stuff
216  //ct range proofs
217  ctkeyV sc, pc;
218  ctkey sctmp, pctmp;
219  std::vector<uint64_t> inamounts;
220  //add fake input 6001
221  inamounts.push_back(6001);
222  tie(sctmp, pctmp) = ctskpkGen(inamounts.back());
223  sc.push_back(sctmp);
224  pc.push_back(pctmp);
225 
226 
227  inamounts.push_back(7000);
228  tie(sctmp, pctmp) = ctskpkGen(inamounts.back());
229  sc.push_back(sctmp);
230  pc.push_back(pctmp);
231  vector<etn_amount >amounts;
232  keyV amount_keys;
233  key mask;
234 
235  //add output 500
236  amounts.push_back(500);
237  amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
238  keyV destinations;
239  key Sk, Pk;
240  skpkGen(Sk, Pk);
241  destinations.push_back(Pk);
242 
243  //add output for 12500
244  amounts.push_back(12500);
245  amount_keys.push_back(hash_to_scalar(zero()));
246  skpkGen(Sk, Pk);
247  destinations.push_back(Pk);
248 
249  const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
250 
251  //compute rct data with mixin 3
252  rctSig s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 1, 3, rct_config, hw::get_device("default"));
253 
254  //verify rct data
255  ASSERT_TRUE(verRctSimple(s));
256 
257  //decode received amount
258  decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default"));
259 
260  // Ring CT with failing MG sig part should not verify!
261  // Since sum of inputs != outputs
262 
263  amounts[1] = 12501;
264  skpkGen(Sk, Pk);
265  destinations[1] = Pk;
266 
267 
268  //compute rct data with mixin 3
269  s = genRctSimple(rct::zero(), sc, pc, destinations, inamounts, amounts, amount_keys, NULL, NULL, 500, 3, rct_config, hw::get_device("default"));
270 
271  //verify rct data
272  ASSERT_FALSE(verRctSimple(s));
273 
274  //decode received amount
275  decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default"));
276 }
277 
278 TEST(ringct, simple)
279 {
280  ctkeyV sc, pc;
281  ctkey sctmp, pctmp;
282  //this vector corresponds to output amounts
283  vector<etn_amount>outamounts;
284  //this vector corresponds to input amounts
285  vector<etn_amount>inamounts;
286  //this keyV corresponds to destination pubkeys
287  keyV destinations;
288  keyV amount_keys;
289  key mask;
290 
291  //add fake input 3000
292  //the sc is secret data
293  //pc is public data
294  tie(sctmp, pctmp) = ctskpkGen(3000);
295  sc.push_back(sctmp);
296  pc.push_back(pctmp);
297  inamounts.push_back(3000);
298 
299  //add fake input 3000
300  //the sc is secret data
301  //pc is public data
302  tie(sctmp, pctmp) = ctskpkGen(3000);
303  sc.push_back(sctmp);
304  pc.push_back(pctmp);
305  inamounts.push_back(3000);
306 
307  //add output 5000
308  outamounts.push_back(5000);
309  amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
310  //add the corresponding destination pubkey
311  key Sk, Pk;
312  skpkGen(Sk, Pk);
313  destinations.push_back(Pk);
314 
315  //add output 999
316  outamounts.push_back(999);
317  amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
318  //add the corresponding destination pubkey
319  skpkGen(Sk, Pk);
320  destinations.push_back(Pk);
321 
322  key message = skGen(); //real message later (hash of txn..)
323 
324  //compute sig with mixin 2
325  etn_amount txnfee = 1;
326 
327  const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
328  rctSig s = genRctSimple(message, sc, pc, destinations,inamounts, outamounts, amount_keys, NULL, NULL, txnfee, 2, rct_config, hw::get_device("default"));
329 
330  //verify ring ct signature
331  ASSERT_TRUE(verRctSimple(s));
332 
333  //decode received amount corresponding to output pubkey index 1
334  decodeRctSimple(s, amount_keys[1], 1, mask, hw::get_device("default"));
335 }
336 
337 static rct::rctSig make_sample_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], bool last_is_fee)
338 {
339  ctkeyV sc, pc;
340  ctkey sctmp, pctmp;
341  vector<etn_amount >amounts;
342  keyV destinations;
343  keyV amount_keys;
344  key Sk, Pk;
345 
346  for (int n = 0; n < n_inputs; ++n) {
347  tie(sctmp, pctmp) = ctskpkGen(input_amounts[n]);
348  sc.push_back(sctmp);
349  pc.push_back(pctmp);
350  }
351 
352  for (int n = 0; n < n_outputs; ++n) {
353  amounts.push_back(output_amounts[n]);
354  skpkGen(Sk, Pk);
355  if (n < n_outputs - 1 || !last_is_fee)
356  {
357  destinations.push_back(Pk);
358  amount_keys.push_back(rct::hash_to_scalar(rct::zero()));
359  }
360  }
361 
362  const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
363  return genRct(rct::zero(), sc, pc, destinations, amounts, amount_keys, NULL, NULL, 3, rct_config, hw::get_device("default"));
364 }
365 
366 static rct::rctSig make_sample_simple_rct_sig(int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], uint64_t fee)
367 {
368  ctkeyV sc, pc;
369  ctkey sctmp, pctmp;
370  vector<etn_amount> inamounts, outamounts;
371  keyV destinations;
372  keyV amount_keys;
373  key Sk, Pk;
374 
375  for (int n = 0; n < n_inputs; ++n) {
376  inamounts.push_back(input_amounts[n]);
377  tie(sctmp, pctmp) = ctskpkGen(input_amounts[n]);
378  sc.push_back(sctmp);
379  pc.push_back(pctmp);
380  }
381 
382  for (int n = 0; n < n_outputs; ++n) {
383  outamounts.push_back(output_amounts[n]);
384  amount_keys.push_back(hash_to_scalar(zero()));
385  skpkGen(Sk, Pk);
386  destinations.push_back(Pk);
387  }
388 
389  const rct::RCTConfig rct_config { RangeProofBorromean, 0 };
390  return genRctSimple(rct::zero(), sc, pc, destinations, inamounts, outamounts, amount_keys, NULL, NULL, fee, 3, rct_config, hw::get_device("default"));
391 }
392 
393 static bool range_proof_test(bool expected_valid,
394  int n_inputs, const uint64_t input_amounts[], int n_outputs, const uint64_t output_amounts[], bool last_is_fee, bool simple)
395 {
396  //compute rct data
397  bool valid;
398  try {
399  rctSig s;
400  // simple takes fee as a parameter, non-simple takes it as an extra element to output amounts
401  if (simple) {
402  s = make_sample_simple_rct_sig(n_inputs, input_amounts, last_is_fee ? n_outputs - 1 : n_outputs, output_amounts, last_is_fee ? output_amounts[n_outputs - 1] : 0);
403  valid = verRctSimple(s);
404  }
405  else {
406  s = make_sample_rct_sig(n_inputs, input_amounts, n_outputs, output_amounts, last_is_fee);
407  valid = verRct(s);
408  }
409  }
410  catch (const std::exception &e) {
411  valid = false;
412  }
413 
414  if (valid == expected_valid) {
415  return testing::AssertionSuccess();
416  }
417  else {
418  return testing::AssertionFailure();
419  }
420 }
421 
422 #define NELTS(array) (sizeof(array)/sizeof(array[0]))
423 
424 TEST(ringct, range_proofs_reject_empty_outs)
425 {
426  const uint64_t inputs[] = {5000};
427  const uint64_t outputs[] = {};
428  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
429 }
430 
431 TEST(ringct, range_proofs_reject_empty_outs_simple)
432 {
433  const uint64_t inputs[] = {5000};
434  const uint64_t outputs[] = {};
435  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
436 }
437 
438 TEST(ringct, range_proofs_reject_empty_ins)
439 {
440  const uint64_t inputs[] = {};
441  const uint64_t outputs[] = {5000};
442  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
443 }
444 
445 TEST(ringct, range_proofs_reject_empty_ins_simple)
446 {
447  const uint64_t inputs[] = {};
448  const uint64_t outputs[] = {5000};
449  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
450 }
451 
452 TEST(ringct, range_proofs_reject_all_empty)
453 {
454  const uint64_t inputs[] = {};
455  const uint64_t outputs[] = {};
456  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
457 }
458 
459 TEST(ringct, range_proofs_reject_all_empty_simple)
460 {
461  const uint64_t inputs[] = {};
462  const uint64_t outputs[] = {};
463  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
464 }
465 
466 TEST(ringct, range_proofs_accept_zero_empty)
467 {
468  const uint64_t inputs[] = {0};
469  const uint64_t outputs[] = {};
470  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
471 }
472 
473 TEST(ringct, range_proofs_accept_zero_empty_simple)
474 {
475  const uint64_t inputs[] = {0};
476  const uint64_t outputs[] = {};
477  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
478 }
479 
480 TEST(ringct, range_proofs_reject_empty_zero)
481 {
482  const uint64_t inputs[] = {};
483  const uint64_t outputs[] = {0};
484  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
485 }
486 
487 TEST(ringct, range_proofs_reject_empty_zero_simple)
488 {
489  const uint64_t inputs[] = {};
490  const uint64_t outputs[] = {0};
491  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
492 }
493 
494 TEST(ringct, range_proofs_accept_zero_zero)
495 {
496  const uint64_t inputs[] = {0};
497  const uint64_t outputs[] = {0};
498  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
499 }
500 
501 TEST(ringct, range_proofs_accept_zero_zero_simple)
502 {
503  const uint64_t inputs[] = {0};
504  const uint64_t outputs[] = {0};
505  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
506 }
507 
508 TEST(ringct, range_proofs_accept_zero_out_first)
509 {
510  const uint64_t inputs[] = {5000};
511  const uint64_t outputs[] = {0, 5000};
512  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
513 }
514 
515 TEST(ringct, range_proofs_accept_zero_out_first_simple)
516 {
517  const uint64_t inputs[] = {5000};
518  const uint64_t outputs[] = {0, 5000};
519  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
520 }
521 
522 TEST(ringct, range_proofs_accept_zero_out_last)
523 {
524  const uint64_t inputs[] = {5000};
525  const uint64_t outputs[] = {5000, 0};
526  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
527 }
528 
529 TEST(ringct, range_proofs_accept_zero_out_last_simple)
530 {
531  const uint64_t inputs[] = {5000};
532  const uint64_t outputs[] = {5000, 0};
533  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
534 }
535 
536 TEST(ringct, range_proofs_accept_zero_out_middle)
537 {
538  const uint64_t inputs[] = {5000};
539  const uint64_t outputs[] = {2500, 0, 2500};
540  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
541 }
542 
543 TEST(ringct, range_proofs_accept_zero_out_middle_simple)
544 {
545  const uint64_t inputs[] = {5000};
546  const uint64_t outputs[] = {2500, 0, 2500};
547  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
548 }
549 
550 TEST(ringct, range_proofs_accept_zero)
551 {
552  const uint64_t inputs[] = {0};
553  const uint64_t outputs[] = {0};
554  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
555 }
556 
557 TEST(ringct, range_proofs_accept_zero_in_first_simple)
558 {
559  const uint64_t inputs[] = {0, 5000};
560  const uint64_t outputs[] = {5000};
561  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
562 }
563 
564 TEST(ringct, range_proofs_accept_zero_in_last_simple)
565 {
566  const uint64_t inputs[] = {5000, 0};
567  const uint64_t outputs[] = {5000};
568  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
569 }
570 
571 TEST(ringct, range_proofs_accept_zero_in_middle_simple)
572 {
573  const uint64_t inputs[] = {2500, 0, 2500};
574  const uint64_t outputs[] = {5000};
575  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
576 }
577 
578 TEST(ringct, range_proofs_reject_single_lower)
579 {
580  const uint64_t inputs[] = {5000};
581  const uint64_t outputs[] = {1};
582  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
583 }
584 
585 TEST(ringct, range_proofs_reject_single_lower_simple)
586 {
587  const uint64_t inputs[] = {5000};
588  const uint64_t outputs[] = {1};
589  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
590 }
591 
592 TEST(ringct, range_proofs_reject_single_higher)
593 {
594  const uint64_t inputs[] = {5000};
595  const uint64_t outputs[] = {5001};
596  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
597 }
598 
599 TEST(ringct, range_proofs_reject_single_higher_simple)
600 {
601  const uint64_t inputs[] = {5000};
602  const uint64_t outputs[] = {5001};
603  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
604 }
605 
606 TEST(ringct, range_proofs_reject_single_out_negative)
607 {
608  const uint64_t inputs[] = {5000};
609  const uint64_t outputs[] = {(uint64_t)-1000ll};
610  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
611 }
612 
613 TEST(ringct, range_proofs_reject_single_out_negative_simple)
614 {
615  const uint64_t inputs[] = {5000};
616  const uint64_t outputs[] = {(uint64_t)-1000ll};
617  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
618 }
619 
620 TEST(ringct, range_proofs_reject_out_negative_first)
621 {
622  const uint64_t inputs[] = {5000};
623  const uint64_t outputs[] = {(uint64_t)-1000ll, 6000};
624  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
625 }
626 
627 TEST(ringct, range_proofs_reject_out_negative_first_simple)
628 {
629  const uint64_t inputs[] = {5000};
630  const uint64_t outputs[] = {(uint64_t)-1000ll, 6000};
631  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
632 }
633 
634 TEST(ringct, range_proofs_reject_out_negative_last)
635 {
636  const uint64_t inputs[] = {5000};
637  const uint64_t outputs[] = {6000, (uint64_t)-1000ll};
638  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
639 }
640 
641 TEST(ringct, range_proofs_reject_out_negative_last_simple)
642 {
643  const uint64_t inputs[] = {5000};
644  const uint64_t outputs[] = {6000, (uint64_t)-1000ll};
645  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
646 }
647 
648 TEST(ringct, range_proofs_reject_out_negative_middle)
649 {
650  const uint64_t inputs[] = {5000};
651  const uint64_t outputs[] = {3000, (uint64_t)-1000ll, 3000};
652  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
653 }
654 
655 TEST(ringct, range_proofs_reject_out_negative_middle_simple)
656 {
657  const uint64_t inputs[] = {5000};
658  const uint64_t outputs[] = {3000, (uint64_t)-1000ll, 3000};
659  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
660 }
661 
662 TEST(ringct, range_proofs_reject_single_in_negative)
663 {
664  const uint64_t inputs[] = {(uint64_t)-1000ll};
665  const uint64_t outputs[] = {5000};
666  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
667 }
668 
669 TEST(ringct, range_proofs_reject_single_in_negative_simple)
670 {
671  const uint64_t inputs[] = {(uint64_t)-1000ll};
672  const uint64_t outputs[] = {5000};
673  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
674 }
675 
676 TEST(ringct, range_proofs_reject_in_negative_first)
677 {
678  const uint64_t inputs[] = {(uint64_t)-1000ll, 6000};
679  const uint64_t outputs[] = {5000};
680  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
681 }
682 
683 TEST(ringct, range_proofs_reject_in_negative_first_simple)
684 {
685  const uint64_t inputs[] = {(uint64_t)-1000ll, 6000};
686  const uint64_t outputs[] = {5000};
687  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
688 }
689 
690 TEST(ringct, range_proofs_reject_in_negative_last)
691 {
692  const uint64_t inputs[] = {6000, (uint64_t)-1000ll};
693  const uint64_t outputs[] = {5000};
694  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
695 }
696 
697 TEST(ringct, range_proofs_reject_in_negative_last_simple)
698 {
699  const uint64_t inputs[] = {6000, (uint64_t)-1000ll};
700  const uint64_t outputs[] = {5000};
701  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
702 }
703 
704 TEST(ringct, range_proofs_reject_in_negative_middle)
705 {
706  const uint64_t inputs[] = {3000, (uint64_t)-1000ll, 3000};
707  const uint64_t outputs[] = {5000};
708  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
709 }
710 
711 TEST(ringct, range_proofs_reject_in_negative_middle_simple)
712 {
713  const uint64_t inputs[] = {3000, (uint64_t)-1000ll, 3000};
714  const uint64_t outputs[] = {5000};
715  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
716 }
717 
718 TEST(ringct, range_proofs_reject_higher_list)
719 {
720  const uint64_t inputs[] = {5000};
721  const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000, 1000};
722  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
723 }
724 
725 TEST(ringct, range_proofs_reject_higher_list_simple)
726 {
727  const uint64_t inputs[] = {5000};
728  const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000, 1000};
729  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
730 }
731 
732 TEST(ringct, range_proofs_accept_1_to_1)
733 {
734  const uint64_t inputs[] = {5000};
735  const uint64_t outputs[] = {5000};
736  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
737 }
738 
739 TEST(ringct, range_proofs_accept_1_to_1_simple)
740 {
741  const uint64_t inputs[] = {5000};
742  const uint64_t outputs[] = {5000};
743  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
744 }
745 
746 TEST(ringct, range_proofs_accept_1_to_N)
747 {
748  const uint64_t inputs[] = {5000};
749  const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000};
750  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, false));
751 }
752 
753 TEST(ringct, range_proofs_accept_1_to_N_simple)
754 {
755  const uint64_t inputs[] = {5000};
756  const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000};
757  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false,true));
758 }
759 
760 TEST(ringct, range_proofs_accept_N_to_1_simple)
761 {
762  const uint64_t inputs[] = {1000, 1000, 1000, 1000, 1000};
763  const uint64_t outputs[] = {5000};
764  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
765 }
766 
767 TEST(ringct, range_proofs_accept_N_to_N_simple)
768 {
769  const uint64_t inputs[] = {1000, 1000, 1000, 1000, 1000};
770  const uint64_t outputs[] = {1000, 1000, 1000, 1000, 1000};
771  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
772 }
773 
774 TEST(ringct, range_proofs_accept_very_long_simple)
775 {
776  const size_t N=12;
777  uint64_t inputs[N];
778  uint64_t outputs[N];
779  for (size_t n = 0; n < N; ++n) {
780  inputs[n] = n;
781  outputs[n] = n;
782  }
783  std::random_shuffle(inputs, inputs + N);
784  std::random_shuffle(outputs, outputs + N);
785  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, false, true));
786 }
787 
788 TEST(ringct, HPow2)
789 {
790  key G = scalarmultBase(d2h(1));
791 
792  key H = hashToPointSimple(G);
793  for (int j = 0 ; j < ATOMS ; j++) {
794  ASSERT_TRUE(equalKeys(H, H2[j]));
795  addKeys(H, H, H);
796  }
797 }
798 
799 static const etn_amount test_amounts[]={0, 1, 2, 3, 4, 5, 10000, 10000000000000000000ull, 10203040506070809000ull, 123456789123456789};
800 
801 TEST(ringct, d2h)
802 {
803  key k, P1;
804  skpkGen(k, P1);
805  for (auto amount: test_amounts) {
806  d2h(k, amount);
807  ASSERT_TRUE(amount == h2d(k));
808  }
809 }
810 
811 TEST(ringct, d2b)
812 {
813  for (auto amount: test_amounts) {
814  bits b;
815  d2b(b, amount);
816  ASSERT_TRUE(amount == b2d(b));
817  }
818 }
819 
820 TEST(ringct, prooveRange_is_non_deterministic)
821 {
822  key C[2], mask[2];
823  for (int n = 0; n < 2; ++n)
824  proveRange(C[n], mask[n], 80);
825  ASSERT_TRUE(memcmp(C[0].bytes, C[1].bytes, sizeof(C[0].bytes)));
826  ASSERT_TRUE(memcmp(mask[0].bytes, mask[1].bytes, sizeof(mask[0].bytes)));
827 }
828 
829 TEST(ringct, fee_0_valid)
830 {
831  const uint64_t inputs[] = {2000};
832  const uint64_t outputs[] = {2000, 0};
833  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
834 }
835 
836 TEST(ringct, fee_0_valid_simple)
837 {
838  const uint64_t inputs[] = {1000, 1000};
839  const uint64_t outputs[] = {2000, 0};
840  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
841 }
842 
843 TEST(ringct, fee_non_0_valid)
844 {
845  const uint64_t inputs[] = {2000};
846  const uint64_t outputs[] = {1900, 100};
847  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
848 }
849 
850 TEST(ringct, fee_non_0_valid_simple)
851 {
852  const uint64_t inputs[] = {1000, 1000};
853  const uint64_t outputs[] = {1900, 100};
854  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
855 }
856 
857 TEST(ringct, fee_non_0_invalid_higher)
858 {
859  const uint64_t inputs[] = {1000, 1000};
860  const uint64_t outputs[] = {1990, 100};
861  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
862 }
863 
864 TEST(ringct, fee_non_0_invalid_higher_simple)
865 {
866  const uint64_t inputs[] = {1000, 1000};
867  const uint64_t outputs[] = {1990, 100};
868  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
869 }
870 
871 TEST(ringct, fee_non_0_invalid_lower)
872 {
873  const uint64_t inputs[] = {1000, 1000};
874  const uint64_t outputs[] = {1000, 100};
875  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
876 }
877 
878 TEST(ringct, fee_non_0_invalid_lower_simple)
879 {
880  const uint64_t inputs[] = {1000, 1000};
881  const uint64_t outputs[] = {1000, 100};
882  EXPECT_TRUE(range_proof_test(false, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
883 }
884 
885 TEST(ringct, fee_burn_valid_one_out)
886 {
887  const uint64_t inputs[] = {2000};
888  const uint64_t outputs[] = {0, 2000};
889  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
890 }
891 
892 TEST(ringct, fee_burn_valid_one_out_simple)
893 {
894  const uint64_t inputs[] = {1000, 1000};
895  const uint64_t outputs[] = {0, 2000};
896  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
897 }
898 
899 TEST(ringct, fee_burn_valid_zero_out)
900 {
901  const uint64_t inputs[] = {2000};
902  const uint64_t outputs[] = {2000};
903  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, false));
904 }
905 
906 TEST(ringct, fee_burn_valid_zero_out_simple)
907 {
908  const uint64_t inputs[] = {1000, 1000};
909  const uint64_t outputs[] = {2000};
910  EXPECT_TRUE(range_proof_test(true, NELTS(inputs), inputs, NELTS(outputs), outputs, true, true));
911 }
912 
913 static rctSig make_sig()
914 {
915  static const uint64_t inputs[] = {2000};
916  static const uint64_t outputs[] = {1000, 1000};
917  static rct::rctSig sig = make_sample_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, true);
918  return sig;
919 }
920 
921 #define TEST_rctSig_elements(name, op) \
922 TEST(ringct, rctSig_##name) \
923 { \
924  rct::rctSig sig = make_sig(); \
925  ASSERT_TRUE(rct::verRct(sig)); \
926  op; \
927  ASSERT_FALSE(rct::verRct(sig)); \
928 }
929 
930 TEST_rctSig_elements(rangeSigs_empty, sig.p.rangeSigs.resize(0));
931 TEST_rctSig_elements(rangeSigs_too_many, sig.p.rangeSigs.push_back(sig.p.rangeSigs.back()));
932 TEST_rctSig_elements(rangeSigs_too_few, sig.p.rangeSigs.pop_back());
933 TEST_rctSig_elements(mgSig_MG_empty, sig.p.MGs.resize(0));
934 TEST_rctSig_elements(mgSig_ss_empty, sig.p.MGs[0].ss.resize(0));
935 TEST_rctSig_elements(mgSig_ss_too_many, sig.p.MGs[0].ss.push_back(sig.p.MGs[0].ss.back()));
936 TEST_rctSig_elements(mgSig_ss_too_few, sig.p.MGs[0].ss.pop_back());
937 TEST_rctSig_elements(mgSig_ss0_empty, sig.p.MGs[0].ss[0].resize(0));
938 TEST_rctSig_elements(mgSig_ss0_too_many, sig.p.MGs[0].ss[0].push_back(sig.p.MGs[0].ss[0].back()));
939 TEST_rctSig_elements(mgSig_ss0_too_few, sig.p.MGs[0].ss[0].pop_back());
940 TEST_rctSig_elements(mgSig_II_empty, sig.p.MGs[0].II.resize(0));
941 TEST_rctSig_elements(mgSig_II_too_many, sig.p.MGs[0].II.push_back(sig.p.MGs[0].II.back()));
942 TEST_rctSig_elements(mgSig_II_too_few, sig.p.MGs[0].II.pop_back());
943 TEST_rctSig_elements(mixRing_empty, sig.mixRing.resize(0));
944 TEST_rctSig_elements(mixRing_too_many, sig.mixRing.push_back(sig.mixRing.back()));
945 TEST_rctSig_elements(mixRing_too_few, sig.mixRing.pop_back());
946 TEST_rctSig_elements(mixRing0_empty, sig.mixRing[0].resize(0));
947 TEST_rctSig_elements(mixRing0_too_many, sig.mixRing[0].push_back(sig.mixRing[0].back()));
948 TEST_rctSig_elements(mixRing0_too_few, sig.mixRing[0].pop_back());
949 TEST_rctSig_elements(ecdhInfo_empty, sig.ecdhInfo.resize(0));
950 TEST_rctSig_elements(ecdhInfo_too_many, sig.ecdhInfo.push_back(sig.ecdhInfo.back()));
951 TEST_rctSig_elements(ecdhInfo_too_few, sig.ecdhInfo.pop_back());
952 TEST_rctSig_elements(outPk_empty, sig.outPk.resize(0));
953 TEST_rctSig_elements(outPk_too_many, sig.outPk.push_back(sig.outPk.back()));
954 TEST_rctSig_elements(outPk_too_few, sig.outPk.pop_back());
955 
956 static rct::rctSig make_sig_simple()
957 {
958  static const uint64_t inputs[] = {1000, 1000};
959  static const uint64_t outputs[] = {1000};
960  static rct::rctSig sig = make_sample_simple_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, 1000);
961  return sig;
962 }
963 
964 #define TEST_rctSig_elements_simple(name, op) \
965 TEST(ringct, rctSig_##name##_simple) \
966 { \
967  rct::rctSig sig = make_sig_simple(); \
968  ASSERT_TRUE(rct::verRctSimple(sig)); \
969  op; \
970  ASSERT_FALSE(rct::verRctSimple(sig)); \
971 }
972 
973 TEST_rctSig_elements_simple(rangeSigs_empty, sig.p.rangeSigs.resize(0));
974 TEST_rctSig_elements_simple(rangeSigs_too_many, sig.p.rangeSigs.push_back(sig.p.rangeSigs.back()));
975 TEST_rctSig_elements_simple(rangeSigs_too_few, sig.p.rangeSigs.pop_back());
976 TEST_rctSig_elements_simple(mgSig_empty, sig.p.MGs.resize(0));
977 TEST_rctSig_elements_simple(mgSig_too_many, sig.p.MGs.push_back(sig.p.MGs.back()));
978 TEST_rctSig_elements_simple(mgSig_too_few, sig.p.MGs.pop_back());
979 TEST_rctSig_elements_simple(mgSig0_ss_empty, sig.p.MGs[0].ss.resize(0));
980 TEST_rctSig_elements_simple(mgSig0_ss_too_many, sig.p.MGs[0].ss.push_back(sig.p.MGs[0].ss.back()));
981 TEST_rctSig_elements_simple(mgSig0_ss_too_few, sig.p.MGs[0].ss.pop_back());
982 TEST_rctSig_elements_simple(mgSig_ss0_empty, sig.p.MGs[0].ss[0].resize(0));
983 TEST_rctSig_elements_simple(mgSig_ss0_too_many, sig.p.MGs[0].ss[0].push_back(sig.p.MGs[0].ss[0].back()));
984 TEST_rctSig_elements_simple(mgSig_ss0_too_few, sig.p.MGs[0].ss[0].pop_back());
985 TEST_rctSig_elements_simple(mgSig0_II_empty, sig.p.MGs[0].II.resize(0));
986 TEST_rctSig_elements_simple(mgSig0_II_too_many, sig.p.MGs[0].II.push_back(sig.p.MGs[0].II.back()));
987 TEST_rctSig_elements_simple(mgSig0_II_too_few, sig.p.MGs[0].II.pop_back());
988 TEST_rctSig_elements_simple(mixRing_empty, sig.mixRing.resize(0));
989 TEST_rctSig_elements_simple(mixRing_too_many, sig.mixRing.push_back(sig.mixRing.back()));
990 TEST_rctSig_elements_simple(mixRing_too_few, sig.mixRing.pop_back());
991 TEST_rctSig_elements_simple(mixRing0_empty, sig.mixRing[0].resize(0));
992 TEST_rctSig_elements_simple(mixRing0_too_many, sig.mixRing[0].push_back(sig.mixRing[0].back()));
993 TEST_rctSig_elements_simple(mixRing0_too_few, sig.mixRing[0].pop_back());
994 TEST_rctSig_elements_simple(pseudoOuts_empty, sig.pseudoOuts.resize(0));
995 TEST_rctSig_elements_simple(pseudoOuts_too_many, sig.pseudoOuts.push_back(sig.pseudoOuts.back()));
996 TEST_rctSig_elements_simple(pseudoOuts_too_few, sig.pseudoOuts.pop_back());
997 TEST_rctSig_elements_simple(ecdhInfo_empty, sig.ecdhInfo.resize(0));
998 TEST_rctSig_elements_simple(ecdhInfo_too_many, sig.ecdhInfo.push_back(sig.ecdhInfo.back()));
999 TEST_rctSig_elements_simple(ecdhInfo_too_few, sig.ecdhInfo.pop_back());
1000 TEST_rctSig_elements_simple(outPk_empty, sig.outPk.resize(0));
1001 TEST_rctSig_elements_simple(outPk_too_many, sig.outPk.push_back(sig.outPk.back()));
1002 TEST_rctSig_elements_simple(outPk_too_few, sig.outPk.pop_back());
1003 
1004 TEST(ringct, reject_gen_simple_ver_non_simple)
1005 {
1006  const uint64_t inputs[] = {1000, 1000};
1007  const uint64_t outputs[] = {1000};
1008  rct::rctSig sig = make_sample_simple_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, 1000);
1009  ASSERT_FALSE(rct::verRct(sig));
1010 }
1011 
1012 TEST(ringct, reject_gen_non_simple_ver_simple)
1013 {
1014  const uint64_t inputs[] = {2000};
1015  const uint64_t outputs[] = {1000, 1000};
1016  rct::rctSig sig = make_sample_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, true);
1017  ASSERT_FALSE(rct::verRctSimple(sig));
1018 }
1019 
1020 TEST(ringct, key_ostream)
1021 {
1022  std::stringstream out;
1023  out << "BEGIN" << rct::H << "END";
1024  EXPECT_EQ(
1025  std::string{"BEGIN<8b655970153799af2aeadc9ff1add0ea6c7251d54154cfa92c173a0dd39c1f94>END"},
1026  out.str()
1027  );
1028 }
1029 
1030 TEST(ringct, zeroCommmit)
1031 {
1032  static const uint64_t amount = crypto::rand<uint64_t>();
1033  const rct::key z = rct::zeroCommit(amount);
1035  const rct::key b = rct::scalarmultH(rct::d2h(amount));
1036  const rct::key manual = rct::addKeys(a, b);
1037  ASSERT_EQ(z, manual);
1038 }
1039 
1040 static rct::key uncachedZeroCommit(uint64_t amount)
1041 {
1042  const rct::key am = rct::d2h(amount);
1043  const rct::key bH = rct::scalarmultH(am);
1044  return rct::addKeys(rct::G, bH);
1045 }
1046 
1047 TEST(ringct, zeroCommitCache)
1048 {
1049  ASSERT_EQ(rct::zeroCommit(0), uncachedZeroCommit(0));
1050  ASSERT_EQ(rct::zeroCommit(1), uncachedZeroCommit(1));
1051  ASSERT_EQ(rct::zeroCommit(2), uncachedZeroCommit(2));
1052  ASSERT_EQ(rct::zeroCommit(10), uncachedZeroCommit(10));
1053  ASSERT_EQ(rct::zeroCommit(200), uncachedZeroCommit(200));
1054  ASSERT_EQ(rct::zeroCommit(1000000000), uncachedZeroCommit(1000000000));
1055  ASSERT_EQ(rct::zeroCommit(3000000000000), uncachedZeroCommit(3000000000000));
1056  ASSERT_EQ(rct::zeroCommit(900000000000000), uncachedZeroCommit(900000000000000));
1057 }
1058 
1059 TEST(ringct, H)
1060 {
1061  ge_p3 p3;
1062  ASSERT_EQ(ge_frombytes_vartime(&p3, rct::H.bytes), 0);
1063  ASSERT_EQ(memcmp(&p3, &ge_p3_H, sizeof(ge_p3)), 0);
1064 }
1065 
1066 TEST(ringct, mul8)
1067 {
1069  ASSERT_EQ(rct::scalarmult8(rct::H), rct::scalarmultKey(rct::H, rct::EIGHT));
1070  ASSERT_EQ(rct::scalarmultKey(rct::scalarmultKey(rct::H, rct::INV_EIGHT), rct::EIGHT), rct::H);
1071 }
1072 
1073 TEST(ringct, aggregated)
1074 {
1075  static const size_t N_PROOFS = 16;
1076  std::vector<rctSig> s(N_PROOFS);
1077  std::vector<const rctSig*> sp(N_PROOFS);
1078 
1079  for (size_t n = 0; n < N_PROOFS; ++n)
1080  {
1081  static const uint64_t inputs[] = {1000, 1000};
1082  static const uint64_t outputs[] = {500, 1500};
1083  s[n] = make_sample_simple_rct_sig(NELTS(inputs), inputs, NELTS(outputs), outputs, 0);
1084  sp[n] = &s[n];
1085  }
1086 
1088 }
keyV skvGen(size_t rows)
Definition: rctOps.cpp:266
boroSig genBorromean(const key64 x, const key64 P1, const key64 P2, const bits indices)
Definition: rctSigs.cpp:109
rctSig genRctSimple(const key &message, const ctkeyV &inSk, const keyV &destinations, const vector< etn_amount > &inamounts, const vector< etn_amount > &outamounts, etn_amount txnFee, const ctkeyM &mixRing, const keyV &amount_keys, const std::vector< multisig_kLRki > *kLRki, multisig_out *msout, const std::vector< unsigned int > &index, ctkeyV &outSk, const RCTConfig &rct_config, hw::device &hwdev)
Definition: rctSigs.cpp:752
etn_amount h2d(const key &test)
Definition: rctTypes.cpp:161
#define EXPECT_TRUE(condition)
Definition: gtest.h:1859
void addKeys1(key &aGB, const key &a, const key &B)
Definition: rctOps.cpp:459
void d2h(key &amounth, const etn_amount in)
Definition: rctTypes.cpp:119
std::vector< mgSig > MGs
Definition: rctTypes.h:321
::std::string string
Definition: gtest-port.h:1097
void scalarmultKey(key &aP, const key &P, const key &a)
Definition: rctOps.cpp:368
std::vector< rangeSig > rangeSigs
Definition: rctTypes.h:319
GTEST_API_ AssertionResult AssertionFailure()
#define TEST_rctSig_elements(name, op)
Definition: ringct.cpp:921
bool verRct(const rctSig &rv, bool semantics)
Definition: rctSigs.cpp:913
bool verifyBorromean(const boroSig &bb, const ge_p3 P1[64], const ge_p3 P2[64])
Definition: rctSigs.cpp:140
crypto namespace.
Definition: crypto.cpp:58
STL namespace.
tuple< ctkey, ctkey > ctskpkGen(etn_amount amount)
Definition: rctOps.cpp:302
public_key addKeys(const public_key &A, const public_key &B)
Definition: crypto.h:339
void d2b(bits amountb, etn_amount val)
Definition: rctTypes.cpp:145
GTEST_API_ AssertionResult AssertionSuccess()
#define ATOMS
Definition: rctTypes.h:65
keyM keyMInit(size_t rows, size_t cols)
Definition: rctOps.cpp:227
std::vector< key > keyV
Definition: rctTypes.h:88
#define ASSERT_FALSE(condition)
Definition: gtest.h:1868
std::vector< ecdhTuple > ecdhInfo
Definition: rctTypes.h:246
#define ASSERT_EQ(val1, val2)
Definition: gtest.h:1956
#define TEST_rctSig_elements_simple(name, op)
Definition: ringct.cpp:964
uint64_t etn_amount
Definition: rctTypes.h:135
rctSigPrunable p
Definition: rctTypes.h:437
key key64[64]
Definition: rctTypes.h:137
device & get_device(const std::string &device_descriptor)
Definition: device.cpp:95
std::vector< ctkey > ctkeyV
Definition: rctTypes.h:100
unsigned __int64 uint64_t
Definition: stdint.h:136
bool MLSAG_Ver(const key &message, const keyM &pk, const mgSig &rv, size_t dsRows)
Definition: rctSigs.cpp:271
key scalarmultH(const key &a)
Definition: rctOps.cpp:389
rctSig genRct(const key &message, const ctkeyV &inSk, const keyV &destinations, const vector< etn_amount > &amounts, const ctkeyM &mixRing, const keyV &amount_keys, const multisig_kLRki *kLRki, multisig_out *msout, unsigned int index, ctkeyV &outSk, const RCTConfig &rct_config, hw::device &hwdev)
Definition: rctSigs.cpp:690
void hash_to_scalar(key &hash, const void *data, const std::size_t l)
Definition: rctOps.cpp:536
void skGen(key &sk)
Definition: rctOps.cpp:253
std::string message("Message requiring signing")
etn_amount randEtnAmount(etn_amount upperlimit)
Definition: rctOps.cpp:343
const GenericPointer< typename T::ValueType > T2 T::AllocatorType & a
Definition: pointer.h:1124
void scalarmultBase(key &aG, const key &a)
Definition: rctOps.cpp:350
std::vector< keyV > keyM
Definition: rctTypes.h:89
#define NELTS(array)
Definition: ringct.cpp:422
key identity()
Definition: rctOps.h:73
rangeSig proveRange(key &C, key &mask, const etn_amount &amount)
Definition: rctSigs.cpp:336
void hash_to_scalar(const void *data, std::size_t length, crypto::ec_scalar &res)
Definition: crypto.cpp:44
const ge_p3 ge_p3_H
#define ASSERT_TRUE(condition)
Definition: gtest.h:1865
ctkeyV outPk
Definition: rctTypes.h:247
void subKeys(key &AB, const key &A, const key &B)
Definition: rctOps.cpp:505
etn_amount b2d(bits amountb)
Definition: rctTypes.cpp:205
void skpkGen(key &sk, key &pk)
Definition: rctOps.cpp:284
key scalarmult8(const key &P)
Definition: rctOps.cpp:398
key zeroCommit(etn_amount amount)
Definition: rctOps.cpp:322
int ge_frombytes_vartime(ge_p3 *, const unsigned char *)
void addKeys(key &AB, const key &A, const key &B)
Definition: rctOps.cpp:420
bool equalKeys(const key &a, const key &b)
Definition: rctOps.cpp:519
key zero()
Definition: rctOps.h:70
unsigned int bits[ATOMS]
Definition: rctTypes.h:136
#define EXPECT_EQ(val1, val2)
Definition: gtest.h:1922
ctkeyM mixRing
Definition: rctTypes.h:243
etn_amount decodeRctSimple(const rctSig &rv, const key &sk, unsigned int i, key &mask, hw::device &hwdev)
Definition: rctSigs.cpp:1180
bool verRctSemanticsSimple(const std::vector< const rctSig *> &rvv)
Definition: rctSigs.cpp:975
TEST(ringct, Borromean)
Definition: ringct.cpp:47
key hashToPointSimple(const key &hh)
Definition: rctOps.cpp:624
mgSig MLSAG_Gen(const key &message, const keyM &pk, const keyV &xx, const multisig_kLRki *kLRki, key *mscout, const unsigned int index, size_t dsRows, hw::device &hwdev)
Definition: rctSigs.cpp:174