Skip to content

Commit 6f04f55

Browse files
committed
rangeproof: introduce rangeproof_header structure and use it for verification/rewind
1 parent 1bde705 commit 6f04f55

File tree

3 files changed

+196
-118
lines changed

3 files changed

+196
-118
lines changed

src/modules/rangeproof/main_impl.h

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -232,17 +232,23 @@ int secp256k1_pedersen_blind_generator_blind_sum(const secp256k1_context* ctx, c
232232

233233
int secp256k1_rangeproof_info(const secp256k1_context* ctx, int *exp, int *mantissa,
234234
uint64_t *min_value, uint64_t *max_value, const unsigned char *proof, size_t plen) {
235+
secp256k1_rangeproof_header header;
235236
size_t offset;
236-
uint64_t scale;
237237
ARG_CHECK(exp != NULL);
238238
ARG_CHECK(mantissa != NULL);
239239
ARG_CHECK(min_value != NULL);
240240
ARG_CHECK(max_value != NULL);
241241
ARG_CHECK(proof != NULL);
242242
offset = 0;
243-
scale = 1;
244243
(void)ctx;
245-
return secp256k1_rangeproof_getheader_impl(&offset, exp, mantissa, &scale, min_value, max_value, proof, plen);
244+
if (!secp256k1_rangeproof_header_parse(&header, &offset, proof, plen)) {
245+
return 0;
246+
}
247+
*exp = header.exp;
248+
*mantissa = header.mantissa;
249+
*min_value = header.min_value;
250+
*max_value = header.max_value;
251+
return 1;
246252
}
247253

248254
int secp256k1_rangeproof_rewind(const secp256k1_context* ctx,

src/modules/rangeproof/rangeproof.h

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,64 @@
1212
#include "ecmult.h"
1313
#include "ecmult_gen.h"
1414

15+
/** Structure representing data directly encoded into a rangeproof header
16+
*
17+
* A rangeproof is a proof, associated with a Pedersen commitment, that a
18+
* "proven value" in is the range [0, 2^mantissa]. The committed value is
19+
* related to the proven value by the contents of this header, as
20+
*
21+
* committed = min_value + 10^exp * proven
22+
*/
23+
typedef struct secp256k1_rangeproof_header {
24+
/** Power of ten to multiply the proven value by, or -1 for an exact proof
25+
*
26+
* Encoded in the header. */
27+
int exp;
28+
/** Number of bits used to represent the proven value
29+
*
30+
* Encoded in the header. */
31+
int mantissa;
32+
/** 10 to the power of exp, or 1 for a proof of an exact value.
33+
*
34+
* Implied by `exp`, not encoded. */
35+
uint64_t scale;
36+
/** Minimum value for the range (added to the proven value).
37+
*
38+
* Encoded in the header. */
39+
uint64_t min_value;
40+
/** Maximum value for the range (min_value + 10^exp * 2^mantissa).
41+
*
42+
* Implied by `min_value`, `exp`, `mantissa`. Not encoded. */
43+
uint64_t max_value;
44+
/** Number of rings to use in the underlying borromean ring signature
45+
*
46+
* Implied by `mantissa`. Not encoded. */
47+
size_t n_rings;
48+
/** Number of public keys to use in the underlying borromean ring signature
49+
*
50+
* Implied by `mantissa`. Not encoded. */
51+
size_t n_pubs;
52+
/** Number of keys in each ring
53+
*
54+
* Implied by `mantissa`. Not encoded. */
55+
size_t rsizes[32];
56+
} secp256k1_rangeproof_header;
57+
58+
/** Parses out a rangeproof header from a rangeproof and fills in all fields
59+
*
60+
* Returns: 1 on success, 0 on failure
61+
* Out: header: the parsed header
62+
* offset: the number of bytes of `proof` that the header occupied
63+
* In: proof: the proof to parse the header out of
64+
* plen: the length of the proof
65+
*/
66+
static int secp256k1_rangeproof_header_parse(
67+
secp256k1_rangeproof_header* header,
68+
size_t* offset,
69+
const unsigned char* proof,
70+
size_t plen
71+
);
72+
1573
static int secp256k1_rangeproof_verify_impl(const secp256k1_ecmult_gen_context* ecmult_gen_ctx,
1674
unsigned char *blindout, uint64_t *value_out, unsigned char *message_out, size_t *outlen, const unsigned char *nonce,
1775
uint64_t *min_value, uint64_t *max_value, const secp256k1_ge *commit, const unsigned char *proof, size_t plen,

0 commit comments

Comments
 (0)