From ac346ea2d8b9e6958b3050b0ae91aa7fb325abe4 Mon Sep 17 00:00:00 2001 From: narodnik Date: Tue, 23 Nov 2021 14:00:59 +0100 Subject: [PATCH] use merkle path inside the burn proof generation --- src/bin/tx2.rs | 17 ++++++++++++++++- src/crypto/spend_proof.rs | 6 +++++- src/tx/builder.rs | 14 ++------------ 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/src/bin/tx2.rs b/src/bin/tx2.rs index e659320d0..2a894e62e 100644 --- a/src/bin/tx2.rs +++ b/src/bin/tx2.rs @@ -663,7 +663,6 @@ impl Hashable for MerkleNode { */ fn main() -> std::result::Result<(), failure::Error> { - use incrementalmerkletree::Hashable; use drk::{ crypto::{ merkle_node2::MerkleNode, @@ -672,6 +671,7 @@ fn main() -> std::result::Result<(), failure::Error> { }, types::{DrkCircuitField, DrkCoinBlind, DrkSerial}, }; + use incrementalmerkletree::Hashable; let cashier_secret = schnorr::SecretKey::random(); let cashier_public = cashier_secret.public_key(); @@ -703,12 +703,27 @@ fn main() -> std::result::Result<(), failure::Error> { let tx = builder.build()?; + tx.verify(&state.mint_vk, &state.spend_vk) + .expect("tx verify"); + let mut tree = BridgeTree::::new(100); let node = MerkleNode(tx.outputs[0].revealed.coin.clone()); tree.append(&node); tree.witness(); let (merkle_position, merkle_path) = tree.authentication_path(&node).unwrap(); + let mut current = node; + let position: u64 = merkle_position.into(); + for (level, sibling) in merkle_path.iter().enumerate() { + let level = level as u8; + current = if position & (1 << level) == 0 { + MerkleNode::combine(level.into(), ¤t, sibling) + } else { + MerkleNode::combine(level.into(), sibling, ¤t) + }; + } + assert_eq!(current, tree.root()); + let note = tx.outputs[0].enc_note.decrypt(&secret)?; //let update = state_transition(&state, tx)?; diff --git a/src/crypto/spend_proof.rs b/src/crypto/spend_proof.rs index 782e1b96c..9c8d1baa8 100644 --- a/src/crypto/spend_proof.rs +++ b/src/crypto/spend_proof.rs @@ -9,6 +9,7 @@ use log::debug; use pasta_curves::{ arithmetic::{CurveAffine, FieldExt}, group::Curve, + pallas, }; use super::{ @@ -18,6 +19,7 @@ use super::{ }; use crate::{ circuit::spend_contract::SpendContract, + crypto::merkle_node2::MerkleNode, serial::{Decodable, Encodable}, types::*, Result, @@ -130,11 +132,13 @@ pub fn create_spend_proof( serial: DrkSerial, coin_blind: DrkCoinBlind, secret: DrkSecretKey, - merkle_path: Vec, + merkle_path: Vec, signature_secret: DrkSecretKey, ) -> Result<(Proof, SpendRevealedValues)> { const K: u32 = 11; + let merkle_path: Vec = merkle_path.iter().map(|node| node.0).collect(); + let revealed = SpendRevealedValues::compute( value, token_id, diff --git a/src/tx/builder.rs b/src/tx/builder.rs index cc6729498..89e91d7c5 100644 --- a/src/tx/builder.rs +++ b/src/tx/builder.rs @@ -83,21 +83,11 @@ impl TransactionBuilder { let mut inputs = vec![]; let mut input_blinds = vec![]; let mut signature_secrets = vec![]; - for input in &self.inputs { + for input in self.inputs { input_blinds.push(input.note.value_blind); let signature_secret = DrkSecretKey::random(&mut OsRng); - /* - // TODO: Some stupid glue code. Need to sort this out - let auth_path: Vec<(bls12_381::Scalar, bool)> = input - .merkle_path - .auth_path - .iter() - .map(|(node, b)| ((*node).into(), *b)) - .collect(); - */ - let (proof, revealed) = create_spend_proof( input.note.value, input.note.token_id, @@ -106,7 +96,7 @@ impl TransactionBuilder { input.note.serial, input.note.coin_blind, input.secret, - vec![], + input.merkle_path, signature_secret, )?;