bitcoin/bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2025-05-12 12:03:29 +00:00
Code Issues Releases Wiki Activity

BIP374

Browse Source
This commit is contained in:
Andrew Toth 2024-12-26 12:06:44 -05:00
parent b533b92ed3
commit 1350bc423e
No known key found for this signature in database
GPG Key ID: 60007AFC8938B018
3 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bip-DLEQ.mediawiki → bip-0374.mediawiki
View File

@ -71,14 +71,14 @@ The algorithm ''GenerateProof(a, B, r, G, m)'' is defined as:
* Fail if ''is_infinite(B)''. * Fail if ''is_infinite(B)''.
* Let ''A = a⋅G''. * Let ''A = a⋅G''.
* Let ''C = a⋅B''. * Let ''C = a⋅B''.
* Let ''t'' be the byte-wise xor of ''bytes(32, a)'' and ''hash<sub>BIP0???/aux</sub>(r)''. * Let ''t'' be the byte-wise xor of ''bytes(32, a)'' and ''hash<sub>BIP0374/aux</sub>(r)''.
* Let ''rand = hash<sub>BIP0???/nonce</sub>(t || cbytes(A) || cbytes(C))''. * Let ''rand = hash<sub>BIP0374/nonce</sub>(t || cbytes(A) || cbytes(C))''.
* Let ''k = int(rand) mod n''. * Let ''k = int(rand) mod n''.
* Fail if ''k = 0''. * Fail if ''k = 0''.
* Let ''R<sub>1</sub> = k⋅G''. * Let ''R<sub>1</sub> = k⋅G''.
* Let ''R<sub>2</sub> = k⋅B''. * Let ''R<sub>2</sub> = k⋅B''.
* Let ''m' = m if m is provided, otherwise an empty byte array''. * Let ''m' = m if m is provided, otherwise an empty byte array''.
* Let ''e = int(hash<sub>BIP0???/challenge</sub>(cbytes(A) || cbytes(B) || cbytes(C) || cbytes(G) || cbytes(R<sub>1</sub>) || cbytes(R<sub>2</sub>) || m'))''. * Let ''e = int(hash<sub>BIP0374/challenge</sub>(cbytes(A) || cbytes(B) || cbytes(C) || cbytes(G) || cbytes(R<sub>1</sub>) || cbytes(R<sub>2</sub>) || m'))''.
* Let ''s = (k + e⋅a) mod n''. * Let ''s = (k + e⋅a) mod n''.
* Let ''proof = bytes(32, e) || bytes(32, s)''. * Let ''proof = bytes(32, e) || bytes(32, s)''.
* If ''VerifyProof(A, B, C, proof)'' (see below) returns failure, abort. * If ''VerifyProof(A, B, C, proof)'' (see below) returns failure, abort.
@ -105,7 +105,7 @@ The algorithm ''VerifyProof(A, B, C, proof, G, m)'' is defined as:
* Let ''R<sub>2</sub> = s⋅B - e⋅C''. * Let ''R<sub>2</sub> = s⋅B - e⋅C''.
* Fail if ''is_infinite(R<sub>2</sub>)''. * Fail if ''is_infinite(R<sub>2</sub>)''.
* Let ''m' = m if m is provided, otherwise an empty byte array''. * Let ''m' = m if m is provided, otherwise an empty byte array''.
* Fail if ''e ≠ int(hash<sub>BIP0???/challenge</sub>(cbytes(A) || cbytes(B) || cbytes(C) || cbytes(G) || cbytes(R<sub>1</sub>) || cbytes(R<sub>2</sub>) || m'))''. * Fail if ''e ≠ int(hash<sub>BIP0374/challenge</sub>(cbytes(A) || cbytes(B) || cbytes(C) || cbytes(G) || cbytes(R<sub>1</sub>) || cbytes(R<sub>2</sub>) || m'))''.
* Return success iff no failure occurred before reaching this point. * Return success iff no failure occurred before reaching this point.
==Backwards Compatibility== ==Backwards Compatibility==

2
bip-DLEQ/gen_test_vectors.py
View File

@ -12,7 +12,7 @@ from secp256k1 import G, GE
NUM_SUCCESS_TEST_VECTORS = 5 NUM_SUCCESS_TEST_VECTORS = 5
DLEQ_TAG_TESTVECTORS_RNG = "BIP0???/testvectors_rng" DLEQ_TAG_TESTVECTORS_RNG = "BIP0374/testvectors_rng"
FILENAME_GENERATE_PROOF_TEST = os.path.join(sys.path[0], 'test_vectors_generate_proof.csv') FILENAME_GENERATE_PROOF_TEST = os.path.join(sys.path[0], 'test_vectors_generate_proof.csv')
FILENAME_VERIFY_PROOF_TEST = os.path.join(sys.path[0], 'test_vectors_verify_proof.csv') FILENAME_VERIFY_PROOF_TEST = os.path.join(sys.path[0], 'test_vectors_verify_proof.csv')

6
bip-DLEQ/reference.py
View File

@ -7,9 +7,9 @@ import sys
import unittest import unittest
DLEQ_TAG_AUX = "BIP0???/aux" DLEQ_TAG_AUX = "BIP0374/aux"
DLEQ_TAG_NONCE = "BIP0???/nonce" DLEQ_TAG_NONCE = "BIP0374/nonce"
DLEQ_TAG_CHALLENGE = "BIP0???/challenge" DLEQ_TAG_CHALLENGE = "BIP0374/challenge"
def TaggedHash(tag: str, data: bytes) -> bytes: def TaggedHash(tag: str, data: bytes) -> bytes: