pivx/doxygen/zpivmodule_8cpp_source.html

 // Copyright (c) 2019-2021 The PIVX Core developers

 // Distributed under the MIT software license, see the accompanying

 // file COPYING or http://www.opensource.org/licenses/mit-license.php.


 #include "zpiv/zpivmodule.h"


 #include "hash.h"

 #include "libzerocoin/Commitment.h"

 #include "libzerocoin/Coin.h"

 #include "validation.h"


 template <typename Stream>

 PublicCoinSpend::PublicCoinSpend(libzerocoin::ZerocoinParams* params, Stream& strm): pubCoin(params) {

     strm >> *this;

     this->spendType = libzerocoin::SpendType::SPEND;


     if (this->version < PUBSPEND_SCHNORR) {

         // coinVersion is serialized only from v4 spends

         this->coinVersion = libzerocoin::ExtractVersionFromSerial(this->coinSerialNumber);


     } else {

         // from v4 spends, serialNumber is not serialized for v2 coins anymore.

         // in this case, we extract it from the coin public key

         if (this->coinVersion >= libzerocoin::PUBKEY_VERSION)

             this->coinSerialNumber = libzerocoin::ExtractSerialFromPubKey(this->pubkey);


     }


 }


 bool PublicCoinSpend::Verify() const {

     bool fUseV1Params = getCoinVersion() < libzerocoin::PUBKEY_VERSION;

     if (version < PUBSPEND_SCHNORR) {

         // spend contains the randomness of the coin

         if (fUseV1Params) {

             // Only v2+ coins can publish the randomness

             std::string errMsg = strprintf("PublicCoinSpend version %d with coin version 1 not allowed. "

                     "Minimum spend version required: %d", version, PUBSPEND_SCHNORR);

             return error("%s: %s", __func__, errMsg);

         }


         // Check that the coin is a commitment to serial and randomness.

         libzerocoin::ZerocoinParams* params = Params().GetConsensus().Zerocoin_Params(false);

         libzerocoin::Commitment comm(&params->coinCommitmentGroup, getCoinSerialNumber(), randomness);

         if (comm.getCommitmentValue() != pubCoin.getValue()) {

             return error("%s: commitments values are not equal", __func__);

         }


     } else {

         // for v1 coins, double check that the serialized coin serial is indeed a v1 serial

         if (coinVersion < libzerocoin::PUBKEY_VERSION &&

                 libzerocoin::ExtractVersionFromSerial(this->coinSerialNumber) != coinVersion) {

             return error("%s: invalid coin version", __func__);

         }


         // spend contains a shnorr signature of ptxHash with the randomness of the coin

         libzerocoin::ZerocoinParams* params = Params().GetConsensus().Zerocoin_Params(fUseV1Params);

         if (!schnorrSig.Verify(params, getCoinSerialNumber(), pubCoin.getValue(), getTxOutHash())) {

             return error("%s: schnorr signature does not verify", __func__);

         }


     }


     // Now check that the signature validates with the serial

     if (!HasValidSignature()) {

         return error("%s: signature invalid", __func__);;

     }


     return true;

 }


 bool PublicCoinSpend::HasValidSignature() const

 {

     if (coinVersion < libzerocoin::PUBKEY_VERSION)

         return true;


     // for spend version 3 we must check that the provided pubkey and serial number match

     if (version < PUBSPEND_SCHNORR) {

         CBigNum extractedSerial = libzerocoin::ExtractSerialFromPubKey(this->pubkey);

         if (extractedSerial != this->coinSerialNumber)

             return error("%s: hashedpubkey is not equal to the serial!", __func__);

     }


     return pubkey.Verify(signatureHash(), vchSig);

 }


 const uint256 PublicCoinSpend::signatureHash() const

 {

     CHashWriter h(0, 0);

     h << ptxHash << denomination << getCoinSerialNumber() << randomness << txHash << outputIndex << getSpendType();

     return h.GetHash();

 }


 // 6 comes from OPCODE (1) + vch.size() (1) + BIGNUM size (4)

 #define SCRIPT_OFFSET 6


 static bool TxOutToPublicCoin(const CTxOut& txout, libzerocoin::PublicCoin& pubCoin, CValidationState& state)

 {

     CBigNum publicZerocoin;

     std::vector<unsigned char> vchZeroMint;

     vchZeroMint.insert(vchZeroMint.end(), txout.scriptPubKey.begin() + SCRIPT_OFFSET,

                        txout.scriptPubKey.begin() + txout.scriptPubKey.size());

     publicZerocoin.setvch(vchZeroMint);


     libzerocoin::CoinDenomination denomination = libzerocoin::AmountToZerocoinDenomination(txout.nValue);

     LogPrint(BCLog::LEGACYZC, "%s : denomination %d for pubcoin %s\n", __func__, denomination, publicZerocoin.GetHex());

     if (denomination == libzerocoin::ZQ_ERROR)

         return state.DoS(100, error("%s: txout.nValue is not correct", __func__));


     libzerocoin::PublicCoin checkPubCoin(Params().GetConsensus().Zerocoin_Params(false), publicZerocoin, denomination);

     pubCoin = checkPubCoin;


     return true;

 }


 // TODO: do not create g_coinspends_cache if the node passed the last zc checkpoint.

 class CoinSpendCache {

 private:

     mutable Mutex cs;

     std::map<CScript, libzerocoin::CoinSpend> cache_coinspend;

     std::map<CScript, PublicCoinSpend> cache_public_coinspend;


     template<typename T>

     Optional<T> Get(const CScript& in, const std::map<CScript, T>& map) const {

         LOCK(cs);

         auto it = map.find(in);

         return it != map.end() ? Optional<T>{it->second} : nullopt;

     }


 public:

     void Add(const CScript& in, libzerocoin::CoinSpend& spend) { WITH_LOCK(cs, cache_coinspend.emplace(in, spend)); }

     void AddPub(const CScript& in, PublicCoinSpend& spend) { WITH_LOCK(cs, cache_public_coinspend.emplace(in, spend)); }


     Optional<libzerocoin::CoinSpend> Get(const CScript& in) const { return Get<libzerocoin::CoinSpend>(in, cache_coinspend); }

     Optional<PublicCoinSpend> GetPub(const CScript& in) const { return Get<PublicCoinSpend>(in, cache_public_coinspend); }

     void Clear() {

         LOCK(cs);

         cache_coinspend.clear();

         cache_public_coinspend.clear();

     }

 };

 std::unique_ptr<CoinSpendCache> g_coinspends_cache = std::make_unique<CoinSpendCache>();


 namespace ZPIVModule {


     // Return stream of CoinSpend from tx input scriptsig

     CDataStream ScriptSigToSerializedSpend(const CScript& scriptSig)

     {

         std::vector<char, zero_after_free_allocator<char> > data;

         // skip opcode and data-len

         uint8_t byteskip = ((uint8_t) scriptSig[1] + 2);

         data.insert(data.end(), scriptSig.begin() + byteskip, scriptSig.end());

         return CDataStream(data, SER_NETWORK, PROTOCOL_VERSION);

     }


     PublicCoinSpend parseCoinSpend(const CTxIn &in)

     {

         libzerocoin::ZerocoinParams *params = Params().GetConsensus().Zerocoin_Params(false);

         CDataStream serializedCoinSpend = ScriptSigToSerializedSpend(in.scriptSig);

         return PublicCoinSpend(params, serializedCoinSpend);

     }


     bool parseCoinSpend(const CTxIn &in, const CTransaction &tx, const CTxOut &prevOut, PublicCoinSpend &publicCoinSpend) {

         if (auto op = g_coinspends_cache->GetPub(in.scriptSig)) {

             publicCoinSpend = *op;

             return true;

         }


         if (!in.IsZerocoinPublicSpend() || !prevOut.IsZerocoinMint())

             return error("%s: invalid argument/s", __func__);


         PublicCoinSpend spend = parseCoinSpend(in);

         spend.outputIndex = in.prevout.n;

         spend.txHash = in.prevout.hash;

         CMutableTransaction txNew(tx);

         txNew.vin.clear();

         spend.setTxOutHash(txNew.GetHash());


         // Check prev out now

         CValidationState state;

         if (!TxOutToPublicCoin(prevOut, spend.pubCoin, state))

             return error("%s: cannot get mint from output", __func__);


         spend.setDenom(spend.pubCoin.getDenomination());

         publicCoinSpend = spend;

         g_coinspends_cache->AddPub(in.scriptSig, publicCoinSpend);

         return true;

     }


     libzerocoin::CoinSpend TxInToZerocoinSpend(const CTxIn& txin)

     {

         if (auto op = g_coinspends_cache->Get(txin.scriptSig)) return *op;

         CDataStream serializedCoinSpend = ScriptSigToSerializedSpend(txin.scriptSig);

         libzerocoin::CoinSpend spend(serializedCoinSpend);

         g_coinspends_cache->Add(txin.scriptSig, spend);

         return spend;

     }


     bool validateInput(const CTxIn &in, const CTxOut &prevOut, const CTransaction &tx, PublicCoinSpend &publicSpend) {

         // Now prove that the commitment value opens to the input

         if (!parseCoinSpend(in, tx, prevOut, publicSpend)) {

             return false;

         }

         if (libzerocoin::ZerocoinDenominationToAmount(

                 libzerocoin::IntToZerocoinDenomination(in.nSequence)) != prevOut.nValue) {

             return error("PublicCoinSpend validateInput :: input nSequence different to prevout value");

         }

         return publicSpend.Verify();

     }


     bool ParseZerocoinPublicSpend(const CTxIn &txIn, const CTransaction& tx, CValidationState& state, PublicCoinSpend& publicSpend)

     {

         CTxOut prevOut;

         if(!GetOutput(txIn.prevout.hash, txIn.prevout.n ,state, prevOut)){

             return state.DoS(100, error("%s: public zerocoin spend prev output not found, prevTx %s, index %d",

                                         __func__, txIn.prevout.hash.GetHex(), txIn.prevout.n));

         }

         if (!ZPIVModule::parseCoinSpend(txIn, tx, prevOut, publicSpend)) {

             return state.Invalid(error("%s: invalid public coin spend parse %s\n", __func__,

                                        tx.GetHash().GetHex()), REJECT_INVALID, "bad-txns-invalid-zpiv");

         }

         return true;

     }


     void CleanCoinSpendsCache()

     {

         g_coinspends_cache->Clear();

     }

 }

Coin.h
PublicCoin class for the Zerocoin library.

Commitment.h
Commitment and CommitmentProof classes for the Zerocoin library.

Params
const CChainParams & Params()
Return the currently selected parameters.
Definition: chainparams.cpp:666

AnnotatedMixin< std::mutex >

BaseOutPoint::hash
uint256 hash
Definition: transaction.h:35

BaseOutPoint::n
uint32_t n
Definition: transaction.h:36

CBaseDataStream::insert
iterator insert(iterator it, const char x=char())
Definition: streams.h:176

CBigNum
C++ wrapper for BIGNUM.
Definition: bignum.h:35

CBigNum::GetHex
std::string GetHex() const
Definition: bignum.cpp:321

CBigNum::setvch
void setvch(const std::vector< unsigned char > &vch)
Definition: bignum.cpp:123

CChainParams::GetConsensus
const Consensus::Params & GetConsensus() const
Definition: chainparams.h:72

CDataStream
Definition: streams.h:409

CHashWriter
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:216

CHashWriter::GetHash
uint256 GetHash()
Definition: hash.h:236

CPubKey::Verify
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:169

CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:381

CTransaction
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:244

CTransaction::GetHash
const uint256 & GetHash() const
Definition: transaction.h:301

CTxIn
An input of a transaction.
Definition: transaction.h:94

CTxIn::nSequence
uint32_t nSequence
Definition: transaction.h:98

CTxIn::IsZerocoinPublicSpend
bool IsZerocoinPublicSpend() const
Definition: transaction.cpp:48

CTxIn::scriptSig
CScript scriptSig
Definition: transaction.h:97

CTxIn::prevout
COutPoint prevout
Definition: transaction.h:96

CTxOut
An output of a transaction.
Definition: transaction.h:137

CTxOut::scriptPubKey
CScript scriptPubKey
Definition: transaction.h:140

CTxOut::IsZerocoinMint
bool IsZerocoinMint() const
Definition: transaction.cpp:83

CTxOut::nValue
CAmount nValue
Definition: transaction.h:139

CValidationState
Capture information about block/transaction validation.
Definition: validation.h:24

CValidationState::Invalid
bool Invalid(bool ret=false, unsigned int _chRejectCode=0, const std::string &_strRejectReason="", const std::string &_strDebugMessage="")
Definition: validation.h:55

CValidationState::DoS
bool DoS(int level, bool ret=false, unsigned int chRejectCodeIn=0, std::string strRejectReasonIn="", bool corruptionIn=false, const std::string &strDebugMessageIn="")
Definition: validation.h:39

CoinSpendCache
Definition: zpivmodule.cpp:118

CoinSpendCache::cache_coinspend
std::map< CScript, libzerocoin::CoinSpend > cache_coinspend
Definition: zpivmodule.cpp:121

CoinSpendCache::cs
Mutex cs
Definition: zpivmodule.cpp:120

CoinSpendCache::Get
Optional< libzerocoin::CoinSpend > Get(const CScript &in) const
Definition: zpivmodule.cpp:135

CoinSpendCache::Clear
void Clear()
Definition: zpivmodule.cpp:137

CoinSpendCache::GetPub
Optional< PublicCoinSpend > GetPub(const CScript &in) const
Definition: zpivmodule.cpp:136

CoinSpendCache::cache_public_coinspend
std::map< CScript, PublicCoinSpend > cache_public_coinspend
Definition: zpivmodule.cpp:122

CoinSpendCache::Get
Optional< T > Get(const CScript &in, const std::map< CScript, T > &map) const
Definition: zpivmodule.cpp:125

CoinSpendCache::AddPub
void AddPub(const CScript &in, PublicCoinSpend &spend)
Definition: zpivmodule.cpp:133

CoinSpendCache::Add
void Add(const CScript &in, libzerocoin::CoinSpend &spend)
Definition: zpivmodule.cpp:132

PublicCoinSpend
Definition: zpivmodule.h:24

PublicCoinSpend::txHash
uint256 txHash
Definition: zpivmodule.h:42

PublicCoinSpend::randomness
CBigNum randomness
Definition: zpivmodule.h:39

PublicCoinSpend::signatureHash
const uint256 signatureHash() const override
Definition: zpivmodule.cpp:88

PublicCoinSpend::getCoinVersion
int getCoinVersion() const
Definition: zpivmodule.h:35

PublicCoinSpend::HasValidSignature
bool HasValidSignature() const
Definition: zpivmodule.cpp:72

PublicCoinSpend::coinVersion
int coinVersion
Definition: zpivmodule.h:38

PublicCoinSpend::PublicCoinSpend
PublicCoinSpend(libzerocoin::ZerocoinParams *params)
Definition: zpivmodule.h:27

PublicCoinSpend::pubCoin
libzerocoin::PublicCoin pubCoin
Definition: zpivmodule.h:44

PublicCoinSpend::Verify
bool Verify() const
Definition: zpivmodule.cpp:31

PublicCoinSpend::schnorrSig
libzerocoin::CoinRandomnessSchnorrSignature schnorrSig
Definition: zpivmodule.h:40

PublicCoinSpend::outputIndex
unsigned int outputIndex
Definition: zpivmodule.h:43

base_blob::GetHex
std::string GetHex() const
Definition: uint256.cpp:21

libzerocoin::CoinRandomnessSchnorrSignature::Verify
bool Verify(const ZerocoinParams *zcparams, const CBigNum &S, const CBigNum &C, const uint256 msghash) const
Verifies the Schnorr signature on message msghash with public key pk = Cg^-S mod p.
Definition: CoinRandomnessSchnorrSignature.cpp:36

libzerocoin::CoinSpend
The complete proof needed to spend a zerocoin.
Definition: CoinSpend.h:79

libzerocoin::CoinSpend::getCoinSerialNumber
const CBigNum & getCoinSerialNumber() const
Definition: CoinSpend.h:86

libzerocoin::CoinSpend::setDenom
void setDenom(libzerocoin::CoinDenomination denom)
Definition: CoinSpend.h:104

libzerocoin::CoinSpend::setTxOutHash
void setTxOutHash(uint256 txOutHash)
Definition: CoinSpend.h:103

libzerocoin::CoinSpend::version
uint8_t version
Definition: CoinSpend.h:125

libzerocoin::CoinSpend::getTxOutHash
uint256 getTxOutHash() const
Definition: CoinSpend.h:89

libzerocoin::CoinSpend::ptxHash
uint256 ptxHash
Definition: CoinSpend.h:130

libzerocoin::CoinSpend::getSpendType
SpendType getSpendType() const
Definition: CoinSpend.h:95

libzerocoin::CoinSpend::coinSerialNumber
CBigNum coinSerialNumber
Definition: CoinSpend.h:124

libzerocoin::CoinSpend::denomination
CoinDenomination denomination
Definition: CoinSpend.h:123

libzerocoin::CoinSpend::pubkey
CPubKey pubkey
Definition: CoinSpend.h:127

libzerocoin::CoinSpend::vchSig
std::vector< unsigned char > vchSig
Definition: CoinSpend.h:128

libzerocoin::CoinSpend::spendType
SpendType spendType
Definition: CoinSpend.h:129

libzerocoin::Commitment
A commitment, complete with contents and opening randomness.
Definition: Commitment.h:33

libzerocoin::Commitment::getCommitmentValue
const CBigNum & getCommitmentValue() const
Definition: Commitment.h:47

libzerocoin::PublicCoin
A Public coin is the part of a coin that is published to the network and what is handled by other cli...
Definition: Coin.h:49

libzerocoin::PublicCoin::getDenomination
CoinDenomination getDenomination() const
Definition: Coin.h:68

libzerocoin::PublicCoin::getValue
const CBigNum & getValue() const
Definition: Coin.h:66

libzerocoin::ZerocoinParams
Definition: Params.h:141

libzerocoin::ZerocoinParams::coinCommitmentGroup
IntegerGroupParams coinCommitmentGroup
The Quadratic Residue group from which we form a coin as a commitment to a serial number.
Definition: Params.h:169

prevector::size
size_type size() const
Definition: prevector.h:277

prevector::begin
iterator begin()
Definition: prevector.h:285

prevector::end
iterator end()
Definition: prevector.h:287

uint256
256-bit opaque blob.
Definition: uint256.h:138

LOCK
@ LOCK
Definition: lockunlock.h:16

LogPrint
#define LogPrint(category,...)
Definition: logging.h:163

BCLog::LEGACYZC
@ LEGACYZC
Definition: logging.h:62

ZPIVModule
Definition: zpivmodule.cpp:145

ZPIVModule::validateInput
bool validateInput(const CTxIn &in, const CTxOut &prevOut, const CTransaction &tx, PublicCoinSpend &publicSpend)
Definition: zpivmodule.cpp:200

ZPIVModule::TxInToZerocoinSpend
libzerocoin::CoinSpend TxInToZerocoinSpend(const CTxIn &txin)
Definition: zpivmodule.cpp:191

ZPIVModule::CleanCoinSpendsCache
void CleanCoinSpendsCache()
Definition: zpivmodule.cpp:226

ZPIVModule::ParseZerocoinPublicSpend
bool ParseZerocoinPublicSpend(const CTxIn &txIn, const CTransaction &tx, CValidationState &state, PublicCoinSpend &publicSpend)
Definition: zpivmodule.cpp:212

ZPIVModule::parseCoinSpend
PublicCoinSpend parseCoinSpend(const CTxIn &in)
Definition: zpivmodule.cpp:157

ZPIVModule::ScriptSigToSerializedSpend
CDataStream ScriptSigToSerializedSpend(const CScript &scriptSig)
Definition: zpivmodule.cpp:148

libzerocoin::AmountToZerocoinDenomination
CoinDenomination AmountToZerocoinDenomination(CAmount amount)
Definition: Denominations.cpp:51

libzerocoin::SPEND
@ SPEND
Definition: SpendType.h:12

libzerocoin::IntToZerocoinDenomination
CoinDenomination IntToZerocoinDenomination(int64_t amount)
Definition: Denominations.cpp:12

libzerocoin::CoinDenomination
CoinDenomination
Definition: Denominations.h:14

libzerocoin::ZQ_ERROR
@ ZQ_ERROR
Definition: Denominations.h:15

libzerocoin::ZerocoinDenominationToAmount
CAmount ZerocoinDenominationToAmount(const CoinDenomination &denomination)
Definition: Denominations.cpp:92

libzerocoin::ExtractVersionFromSerial
int ExtractVersionFromSerial(const CBigNum &bnSerial)
Definition: Coin.cpp:61

libzerocoin::ExtractSerialFromPubKey
CBigNum ExtractSerialFromPubKey(const CPubKey pubkey)
Definition: Coin.cpp:108

Optional
boost::optional< T > Optional
Substitute for C++17 std::optional.
Definition: optional.h:12

SER_NETWORK
@ SER_NETWORK
Definition: serialize.h:174

CMutableTransaction
A mutable version of CTransaction.
Definition: transaction.h:409

CMutableTransaction::GetHash
uint256 GetHash() const
Compute the hash of this CMutableTransaction.
Definition: transaction.cpp:96

CMutableTransaction::vin
std::vector< CTxIn > vin
Definition: transaction.h:410

Consensus::Params::Zerocoin_Params
libzerocoin::ZerocoinParams * Zerocoin_Params(bool useModulusV1) const
Definition: params.h:260

WITH_LOCK
#define WITH_LOCK(cs, code)
Run code while locking a mutex.
Definition: sync.h:247

error
bool error(const char *fmt, const Args &... args)
Definition: system.h:77

strprintf
#define strprintf
Definition: tinyformat.h:1056

GetOutput
bool GetOutput(const uint256 &hash, unsigned int index, CValidationState &state, CTxOut &out)
Retrieve an output (from memory pool, or from disk, if possible)
Definition: validation.cpp:656

SCRIPT_OFFSET
#define SCRIPT_OFFSET
Definition: zpivmodule.cpp:96

g_coinspends_cache
std::unique_ptr< CoinSpendCache > g_coinspends_cache
Definition: zpivmodule.cpp:143

zpivmodule.h