Merge branch 'bright_boson_2.2RC' into mainnet_bright_boson_2.2RC

Author: anatolse

core/block_crypt.cpp

@@ -133,6 +133,9 @@ namespace beam
 		if (!iSubkey)
 			return pKdf; // by convention: scheme V0, Subkey=0 - is a master key
 
+		if (Key::IDV::Scheme::BB21 == kidv.get_Scheme())
+			return pKdf; // BB2.1 workaround
+
 		return get_Child(*pKdf, iSubkey);
 	}
 
@@ -178,17 +181,27 @@ namespace beam
 	void SwitchCommitment::get_Hash(ECC::Hash::Value& hv, const Key::IDV& kidv)
 	{
 		Key::Index nScheme = kidv.get_Scheme();
-		if (nScheme)
+		if (nScheme > Key::IDV::Scheme::V0)
 		{
-			// newer scheme - account for the Value.
-			// Make it infeasible to tamper with value for unknown blinding factor
-			ECC::Hash::Processor()
-				<< "kidv-1"
-				<< kidv.m_Idx
-				<< kidv.m_Type.V
-				<< kidv.m_SubIdx
-				<< kidv.m_Value
-				>> hv;
+			if (Key::IDV::Scheme::BB21 == nScheme)
+			{
+				// BB2.1 workaround
+				Key::IDV kidv2 = kidv;
+				kidv2.set_Subkey(kidv.get_Subkey(), Key::IDV::Scheme::V0);
+				kidv2.get_Hash(hv);
+			}
+			else
+			{
+				// newer scheme - account for the Value.
+				// Make it infeasible to tamper with value for unknown blinding factor
+				ECC::Hash::Processor()
+					<< "kidv-1"
+					<< kidv.m_Idx
+					<< kidv.m_Type.V
+					<< kidv.m_SubIdx
+					<< kidv.m_Value
+					>> hv;
+			}
 		}
 		else
 			kidv.get_Hash(hv); // legacy

core/ecc.cpp

@@ -1646,14 +1646,13 @@ namespace ECC {
 		InnerProduct::BatchContext* pBc = InnerProduct::BatchContext::s_pInstance;
 		if (pBc)
 		{
-			if (!pBc->EquationBegin(2))
-				return false;
+			pBc->EquationBegin();
 
 			pBc->AddPrepared(InnerProduct::BatchContext::s_Idx_G, m_k);
 			pBc->AddCasual(pk, e);
 			pBc->AddCasual(pubNonce, 1U);
 
-			return pBc->EquationEnd();
+			return true;
 		}
 
 		Point::Native pt = Context::get().G * m_k;

core/ecc.h

@@ -237,6 +237,7 @@ namespace ECC
 			{
 				static const uint8_t V0 = 0;
 				static const uint8_t V1 = 1;
+				static const uint8_t BB21 = 2; // worakround for BB.2.1
 
 				static const uint32_t s_SubKeyBits = 24;
 				static const Index s_SubKeyMask = (static_cast<Index>(1) << s_SubKeyBits) - 1;
@@ -284,6 +285,16 @@ namespace ECC
 #pragma pack (pop)
 
 			void operator = (const Packed&);
+
+			bool IsBb21Possible() const
+			{
+				return m_SubIdx && (Scheme::V0 == get_Scheme());
+			}
+
+			void set_WorkaroundBb21()
+			{
+				set_Subkey(get_Subkey(), Scheme::BB21);
+			}
 
 			int cmp(const IDV&) const;
 			COMPARISON_VIA_CMP

core/ecc_bulletproof.cpp

@@ -24,8 +24,9 @@ namespace ECC {
 
 	InnerProduct::BatchContext::BatchContext(uint32_t nCasualTotal)
 		:m_CasualTotal(nCasualTotal)
-		,m_bEnableBatch(false)
+		,m_bDirty(false)
 	{
+		assert(nCasualTotal);
 		m_Multiplier = Zero;
 
 		m_ppPrepared = m_Bufs.m_ppPrepared;
@@ -42,20 +43,15 @@ namespace ECC {
 		m_ppPrepared[s_Idx_H] = &Context::get().m_Ipp.H_;
 
 		m_Prepared = s_CountPrepared;
-		Reset();
 	}
 
-	void InnerProduct::BatchContext::Reset()
-	{
-		m_Casual = 0;
-		ZeroObject(m_Bufs.m_pKPrep);
-		m_bDirty = false;
-	}
-
-	void InnerProduct::BatchContext::Calculate(Point::Native& res)
+	void InnerProduct::BatchContext::Calculate()
 	{
+		Point::Native res;
 		Mode::Scope scope(Mode::Fast);
 		MultiMac::Calculate(res);
+
+		m_Sum += res;
 	}
 
 	bool InnerProduct::BatchContext::AddCasual(const Point& p, const Scalar::Native& k)
@@ -70,82 +66,61 @@ namespace ECC {
 
 	void InnerProduct::BatchContext::AddCasual(const Point::Native& pt, const Scalar::Native& k)
 	{
-		assert(uint32_t(m_Casual) < m_CasualTotal);
+		if (uint32_t(m_Casual) == m_CasualTotal)
+		{
+			assert(s_CountPrepared == m_Prepared);
+			m_Prepared = 0; // don't count them now
+			Calculate();
+
+			m_Casual = 0;
+			m_Prepared = s_CountPrepared;
+		}
 
 		Casual& c = m_pCasual[m_Casual++];
 
 		c.Init(pt, k);
-		if (m_bEnableBatch)
-			c.m_K *= m_Multiplier;
+		c.m_K *= m_Multiplier;
 	}
 
 	void InnerProduct::BatchContext::AddPrepared(uint32_t i, const Scalar::Native& k)
 	{
 		assert(i < s_CountPrepared);
 		Scalar::Native& trg = m_Bufs.m_pKPrep[i];
 
-		trg += m_bEnableBatch ? (k * m_Multiplier) : k;
+		trg += (k * m_Multiplier);
+	}
+
+	void InnerProduct::BatchContext::Reset()
+	{
+		m_bDirty = false;
 	}
 
 	bool InnerProduct::BatchContext::Flush()
 	{
 		if (!m_bDirty)
 			return true;
+		m_bDirty = false;
 
-		Point::Native pt;
-		Calculate(pt);
-		if (!(pt == Zero))
-			return false;
-
-		Reset();
-		return true;
+		Calculate();
+		return (m_Sum == Zero);
 	}
 
-	bool InnerProduct::BatchContext::EquationBegin(uint32_t nCasualNeeded)
+	void InnerProduct::BatchContext::EquationBegin()
 	{
-		if (nCasualNeeded > m_CasualTotal)
-		{
-			assert(false);
-			return false; // won't fit!
-		}
-
-#ifndef NDEBUG
-        m_CasualAtEndExpected = nCasualNeeded;
-#endif // NDEBUG
-
-		nCasualNeeded += m_Casual;
-		if (nCasualNeeded > m_CasualTotal)
+		if (!m_bDirty)
 		{
-			if (!Flush())
-				return false;
-		}
+			m_bDirty = true;
 
-		if (m_bEnableBatch)
-		{
-			// mutate multiplier
-			if (m_Multiplier == Zero)
-				m_Multiplier.GenRandomNnz();
-			else
-				Oracle() << m_Multiplier >> m_Multiplier;
+			m_Sum = Zero;
+			m_Casual = 0;
+			ZeroObject(m_Bufs.m_pKPrep);
 		}
 
-#ifndef NDEBUG
-        m_CasualAtEndExpected += m_Casual;
-#endif // NDEBUG
-
-		m_bDirty = true;
-		return true;
-	}
-
-	bool InnerProduct::BatchContext::EquationEnd()
-	{
-		assert(m_bDirty);
-        assert(m_Casual == m_CasualAtEndExpected);
-
-		if (!m_bEnableBatch)
-			return Flush();
-
-		return true;
+		// mutate multiplier
+		if (m_Multiplier == Zero)
+			m_Multiplier.GenRandomNnz();
+		else
+			Oracle() << m_Multiplier >> m_Multiplier;
 	}
 
 
@@ -495,14 +470,10 @@ namespace ECC {
 		Challenges cs_;
 		cs_.Init(oracle, dotAB, *this);
 
-		if (!bc.EquationBegin(1 + nCycles * 2))
-			return false;
-
+		bc.EquationBegin();
 		bc.AddCasual(commAB, cs_.m_Mul2);
 
-		return
-			IsValid(bc, cs_, dotAB, mod) &&
-			bc.EquationEnd();
+		return IsValid(bc, cs_, dotAB, mod);
 	}
 
 	bool InnerProduct::IsValid(BatchContext& bc, Challenges& cs_, const Scalar::Native& dotAB, const Modifier& mod) const
@@ -569,8 +540,7 @@ namespace ECC {
 			k = m_pCondensed[j];
 			k = -k;
 
-			if (bc.m_bEnableBatch)
-				k *= bc.m_Multiplier;
+			k *= bc.m_Multiplier;
 
 			k *= cs_.m_Mul1;
 
@@ -1039,8 +1009,6 @@ namespace ECC {
 			return IsValid(commitment, oracle, *InnerProduct::BatchContext::s_pInstance, pHGen);
 
 		InnerProduct::BatchContextEx<1> bc;
-		bc.m_bEnableBatch = true; // why not?
-
 		return
 			IsValid(commitment, oracle, bc, pHGen) &&
 			bc.Flush();
@@ -1090,10 +1058,9 @@ namespace ECC {
 
 		Point::Native p;
 
-		if (!bc.EquationBegin(3 + (bCustom != false)))
-			return false;
-
+		bc.EquationBegin();
 		bc.AddCasual(commitment, -zz);
+
 		if (!bc.AddCasual(m_Part2.m_T1, -cs.x))
 			return false;
 		if (!bc.AddCasual(m_Part2.m_T2, -xx))
@@ -1110,13 +1077,9 @@ namespace ECC {
 		else
 			bc.AddPrepared(InnerProduct::BatchContext::s_Idx_H, sumY);
 
-		if (!bc.EquationEnd())
-			return false;
-
 		// (P - m_Mu*G) + m_Mu*G =?= m_A + m_S*x - vec(G)*vec(z) + vec(H)*( vec(z) + vec(z^2*2^n*y^-n) )
 
-		if (!bc.EquationBegin(2 + InnerProduct::nCycles * 2))
-			return false;
+		bc.EquationBegin();
 
 		InnerProduct::Challenges cs_;
 		cs_.Init(oracle, tDot, m_P_Tag);
@@ -1156,10 +1119,7 @@ namespace ECC {
 		InnerProduct::Modifier mod;
 		mod.m_pMultiplier[1] = &cs.yInv;
 
-		if (!m_P_Tag.IsValid(bc, cs_, tDot, mod))
-			return false;
-
-		return bc.EquationEnd();
+		return m_P_Tag.IsValid(bc, cs_, tDot, mod);
 	}
 
 	int RangeProof::Confidential::cmp(const Confidential& x) const

core/ecc_native.h

@@ -669,25 +669,20 @@ namespace ECC
 		} m_Bufs;
 
 
-		void Reset();
-		void Calculate(Point::Native& res);
+		void Calculate();
 
 		const uint32_t m_CasualTotal;
-		bool m_bEnableBatch;
 		bool m_bDirty;
 		Scalar::Native m_Multiplier; // must be initialized in a non-trivial way
-
-#ifndef NDEBUG
-        int m_CasualAtEndExpected;
-#endif // NDEBUG
+		Point::Native m_Sum; // intermediate result, sum of Casuals
 
 		bool AddCasual(const Point& p, const Scalar::Native& k);
 		void AddCasual(const Point::Native& pt, const Scalar::Native& k);
 		void AddPrepared(uint32_t i, const Scalar::Native& k);
 
-		bool EquationBegin(uint32_t nCasualNeeded);
-		bool EquationEnd();
+		void EquationBegin();
 
+		void Reset();
 		bool Flush();
 
 	protected:

core/treasury.cpp

@@ -100,10 +100,9 @@ namespace beam
 
 			virtual void Do(size_t iTask) override
 			{
-				typedef InnerProduct::BatchContextEx<100> MyBatch;
+				typedef InnerProduct::BatchContextEx<4> MyBatch;
 
 				std::unique_ptr<MyBatch> p(new MyBatch);
-				p->m_bEnableBatch = true;
 				MyBatch::Scope scope(*p);
 
 				if (!Verify(iTask) || !p->Flush())

core/unittest/ecc_test.cpp

@@ -721,7 +721,6 @@ void TestRangeProof(bool bCustomTag)
 	}
 
 	InnerProduct::BatchContextEx<2> bc;
-	bc.m_bEnableBatch = true;
 
 	{
 		Oracle oracle;
@@ -2451,9 +2450,8 @@ void RunBenchmark()
 		const uint32_t nBatch = 100;
 		bm.N = 10 * nBatch;
 
-		typedef InnerProduct::BatchContextEx<100> MyBatch;
+		typedef InnerProduct::BatchContextEx<4> MyBatch;
 		std::unique_ptr<MyBatch> p(new MyBatch);
-		p->m_bEnableBatch = true;
 
 		InnerProduct::BatchContext::Scope scope(*p);