 |
PRCYCoin
2.0.0.7rc1
P2P Digital Currency
|
|
PRCYCoin
2.0.0.7rc1
P2P Digital Currency
|
#include "scalar.h"#include "field.h"#include "group.h"#include "ecmult.h"#include "ecmult_gen.h"Go to the source code of this file.
Functions | |
| int | secp256k1_borromean_verify (const secp256k1_ecmult_context *ecmult_ctx, secp256k1_scalar *evalues, const unsigned char *e0, const secp256k1_scalar *s, const secp256k1_gej *pubs, const size_t *rsizes, size_t nrings, const unsigned char *m, size_t mlen) |
| "Borromean" ring signature. More... | |
| int | secp256k1_borromean_sign (const secp256k1_ecmult_context *ecmult_ctx, const secp256k1_ecmult_gen_context *ecmult_gen_ctx, unsigned char *e0, secp256k1_scalar *s, const secp256k1_gej *pubs, const secp256k1_scalar *k, const secp256k1_scalar *sec, const size_t *rsizes, const size_t *secidx, size_t nrings, const unsigned char *m, size_t mlen) |
| int secp256k1_borromean_sign | ( | const secp256k1_ecmult_context * | ecmult_ctx, |
| const secp256k1_ecmult_gen_context * | ecmult_gen_ctx, | ||
| unsigned char * | e0, | ||
| secp256k1_scalar * | s, | ||
| const secp256k1_gej * | pubs, | ||
| const secp256k1_scalar * | k, | ||
| const secp256k1_scalar * | sec, | ||
| const size_t * | rsizes, | ||
| const size_t * | secidx, | ||
| size_t | nrings, | ||
| const unsigned char * | m, | ||
| size_t | mlen | ||
| ) |
The signing algorithm as a whole is not memory uniform so there is likely a cache sidechannel that leaks which members are non-forgeries. That the forgeries themselves are variable time may leave an additional privacy impacting timing side-channel, but not a key loss one.
Definition at line 112 of file borromean_impl.h.
| int secp256k1_borromean_verify | ( | const secp256k1_ecmult_context * | ecmult_ctx, |
| secp256k1_scalar * | evalues, | ||
| const unsigned char * | e0, | ||
| const secp256k1_scalar * | s, | ||
| const secp256k1_gej * | pubs, | ||
| const size_t * | rsizes, | ||
| size_t | nrings, | ||
| const unsigned char * | m, | ||
| size_t | mlen | ||
| ) |
"Borromean" ring signature.
Verifies nrings concurrent ring signatures all sharing a challenge value. Signature is one s value per pubkey and a hash. Verification equation: | m = H(P_{0..}||message) (Message must contain pubkeys or a pubkey commitment) | For each ring i: | | en = to_scalar(H(e0||m||i||0)) | | For each pubkey j: | | | r = s_i_j G + en * P_i_j | | | e = H(r||m||i||j) | | | en = to_scalar(e) | | r_i = r | return e_0 ==== H(r_{0..i}||m)
Definition at line 58 of file borromean_impl.h.
1.8.17