/********************************************************************** * Copyright (c) 2014-2015 Gregory Maxwell * * Distributed under the MIT software license, see the accompanying * * file COPYING or http://www.opensource.org/licenses/mit-license.php.* **********************************************************************/ #ifndef SECP256K1_MODULE_RANGEPROOF_MAIN_H #define SECP256K1_MODULE_RANGEPROOF_MAIN_H #include "../../group.h" #include "../generator/main_impl.h" #include "../rangeproof/borromean_impl.h" #include "../rangeproof/rangeproof_impl.h" int secp256k1_rangeproof_info(const secp256k1_context* ctx, int *exp, int *mantissa, uint64_t *min_value, uint64_t *max_value, const unsigned char *proof, size_t plen) { size_t offset; uint64_t scale; ARG_CHECK(exp != NULL); ARG_CHECK(mantissa != NULL); ARG_CHECK(min_value != NULL); ARG_CHECK(max_value != NULL); ARG_CHECK(proof != NULL); offset = 0; scale = 1; (void)ctx; return secp256k1_rangeproof_getheader_impl(&offset, exp, mantissa, &scale, min_value, max_value, proof, plen); } int secp256k1_rangeproof_rewind(const secp256k1_context* ctx, unsigned char *blind_out, uint64_t *value_out, unsigned char *message_out, size_t *outlen, const unsigned char *nonce, uint64_t *min_value, uint64_t *max_value, const secp256k1_pedersen_commitment *commit, const unsigned char *proof, size_t plen, const unsigned char *extra_commit, size_t extra_commit_len, const secp256k1_generator* gen) { secp256k1_ge commitp; secp256k1_ge genp; VERIFY_CHECK(ctx != NULL); ARG_CHECK(commit != NULL); ARG_CHECK(proof != NULL); ARG_CHECK(min_value != NULL); ARG_CHECK(max_value != NULL); ARG_CHECK(message_out != NULL || outlen == NULL); ARG_CHECK(nonce != NULL); ARG_CHECK(extra_commit != NULL || extra_commit_len == 0); ARG_CHECK(gen != NULL); ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); secp256k1_pedersen_commitment_load(&commitp, commit); secp256k1_generator_load(&genp, gen); return secp256k1_rangeproof_verify_impl(&ctx->ecmult_gen_ctx, blind_out, value_out, message_out, outlen, nonce, min_value, max_value, &commitp, proof, plen, extra_commit, extra_commit_len, &genp); } int secp256k1_rangeproof_verify(const secp256k1_context* ctx, uint64_t *min_value, uint64_t *max_value, const secp256k1_pedersen_commitment *commit, const unsigned char *proof, size_t plen, const unsigned char *extra_commit, size_t extra_commit_len, const secp256k1_generator* gen) { secp256k1_ge commitp; secp256k1_ge genp; VERIFY_CHECK(ctx != NULL); ARG_CHECK(commit != NULL); ARG_CHECK(proof != NULL); ARG_CHECK(min_value != NULL); ARG_CHECK(max_value != NULL); ARG_CHECK(extra_commit != NULL || extra_commit_len == 0); ARG_CHECK(gen != NULL); secp256k1_pedersen_commitment_load(&commitp, commit); secp256k1_generator_load(&genp, gen); return secp256k1_rangeproof_verify_impl(NULL, NULL, NULL, NULL, NULL, NULL, min_value, max_value, &commitp, proof, plen, extra_commit, extra_commit_len, &genp); } int secp256k1_rangeproof_sign(const secp256k1_context* ctx, unsigned char *proof, size_t *plen, uint64_t min_value, const secp256k1_pedersen_commitment *commit, const unsigned char *blind, const unsigned char *nonce, int exp, int min_bits, uint64_t value, const unsigned char *message, size_t msg_len, const unsigned char *extra_commit, size_t extra_commit_len, const secp256k1_generator* gen){ secp256k1_ge commitp; secp256k1_ge genp; VERIFY_CHECK(ctx != NULL); ARG_CHECK(proof != NULL); ARG_CHECK(plen != NULL); ARG_CHECK(commit != NULL); ARG_CHECK(blind != NULL); ARG_CHECK(nonce != NULL); ARG_CHECK(message != NULL || msg_len == 0); ARG_CHECK(extra_commit != NULL || extra_commit_len == 0); ARG_CHECK(gen != NULL); ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); secp256k1_pedersen_commitment_load(&commitp, commit); secp256k1_generator_load(&genp, gen); return secp256k1_rangeproof_sign_impl(&ctx->ecmult_gen_ctx, proof, plen, min_value, &commitp, blind, nonce, exp, min_bits, value, message, msg_len, extra_commit, extra_commit_len, &genp); } size_t secp256k1_rangeproof_max_size(const secp256k1_context* ctx, uint64_t max_value, int min_bits) { const int val_mantissa = max_value > 0 ? 64 - secp256k1_clz64_var(max_value) : 1; const int mantissa = min_bits > val_mantissa ? min_bits : val_mantissa; const size_t rings = (mantissa + 1) / 2; const size_t npubs = rings * 4 - 2 * (mantissa % 2); VERIFY_CHECK(ctx != NULL); (void) ctx; return 10 + 32 * (npubs + rings - 1) + 32 + ((rings - 1 + 7) / 8); } #endif