|
| 1 | +// |
| 2 | +// Surjection.swift |
| 3 | +// GigaBitcoin/secp256k1.swift |
| 4 | +// |
| 5 | +// Copyright (c) 2023 GigaBitcoin LLC |
| 6 | +// Distributed under the MIT software license |
| 7 | +// |
| 8 | +// See the accompanying file LICENSE for information |
| 9 | +// |
| 10 | + |
| 11 | +import Foundation |
| 12 | +import zkp_bindings |
| 13 | + |
| 14 | +// MARK: - secp256k1 + SurjectionProof |
| 15 | + |
| 16 | +public extension secp256k1 { |
| 17 | + enum Surjection { |
| 18 | + struct Proof { |
| 19 | + let length = Int(32 * (1 + SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS)) |
| 20 | + /// Total number of input asset tags |
| 21 | + public let nInputs: Int |
| 22 | + /// Bitmap of which input tags are used in the surjection proof |
| 23 | + public let usedInputs: Data |
| 24 | + /// Borromean signature: e0, scalars |
| 25 | + public let rawRepresentation: Data |
| 26 | + /// The index of the actual input that is secretly mapped to the output |
| 27 | + public let inputIndex: Int |
| 28 | + /// The ephemeral asset tag of the output |
| 29 | + public let ephemeralOutputTag: Data |
| 30 | + /// the blinding key of the output |
| 31 | + public let blindingKey: [UInt8] |
| 32 | + |
| 33 | + /// Surjection proof initialization and generation functions |
| 34 | + @usableFromInline init( |
| 35 | + fixedInputTags: [secp256k1_fixed_asset_tag], |
| 36 | + ephemeralInputTags: [secp256k1_generator], |
| 37 | + inputBlindingKey: [UInt8] |
| 38 | + ) throws { |
| 39 | + var outSurjectionProof = secp256k1_surjectionproof() |
| 40 | + var ephemeralOutputTag = secp256k1_generator() |
| 41 | + var outputBlindingKey = [UInt8](repeating: 0, count: 64) |
| 42 | + var outInputIndex = 0 |
| 43 | + var fixedOutputTag = secp256k1_fixed_asset_tag() |
| 44 | + var randomSeed: Int8 = 3 |
| 45 | + var proofData = [UInt8](repeating: 0, count: length) |
| 46 | + |
| 47 | + guard secp256k1_surjectionproof_initialize( |
| 48 | + secp256k1.Context.raw, |
| 49 | + &outSurjectionProof, |
| 50 | + &outInputIndex, |
| 51 | + fixedInputTags, |
| 52 | + fixedInputTags.count, |
| 53 | + fixedInputTags.count, |
| 54 | + &fixedOutputTag, |
| 55 | + 100, |
| 56 | + &randomSeed |
| 57 | + ).boolValue, |
| 58 | + secp256k1_surjectionproof_generate( |
| 59 | + secp256k1.Context.raw, |
| 60 | + &outSurjectionProof, |
| 61 | + ephemeralInputTags, |
| 62 | + ephemeralInputTags.count, |
| 63 | + &ephemeralOutputTag, |
| 64 | + outInputIndex, |
| 65 | + inputBlindingKey, |
| 66 | + &outputBlindingKey |
| 67 | + ).boolValue else { |
| 68 | + throw secp256k1Error.underlyingCryptoError |
| 69 | + } |
| 70 | + |
| 71 | + secp256k1_swift_surjection_proof_parse(&proofData, outSurjectionProof) |
| 72 | + |
| 73 | + self.blindingKey = outputBlindingKey |
| 74 | + self.nInputs = outSurjectionProof.n_inputs |
| 75 | + self.inputIndex = outInputIndex |
| 76 | + self.usedInputs = Data(outSurjectionProof.used_inputs) |
| 77 | + self.rawRepresentation = Data(proofData) |
| 78 | + self.ephemeralOutputTag = Data(ephemeralOutputTag.data) |
| 79 | + } |
| 80 | + |
| 81 | + static func verify( |
| 82 | + proof: inout secp256k1_surjectionproof, |
| 83 | + ephemeralInputTags: [secp256k1_generator], |
| 84 | + ephemeralOutputTag: inout secp256k1_generator |
| 85 | + ) -> Bool { |
| 86 | + secp256k1_surjectionproof_verify( |
| 87 | + secp256k1.Context.raw, |
| 88 | + &proof, |
| 89 | + ephemeralInputTags, |
| 90 | + ephemeralInputTags.count, |
| 91 | + &ephemeralOutputTag |
| 92 | + ).boolValue |
| 93 | + } |
| 94 | + } |
| 95 | + } |
| 96 | +} |
| 97 | + |
| 98 | +internal extension Data { |
| 99 | + init(_ usedInputs: UsedInputsType) { |
| 100 | + self = Data(Swift.withUnsafeBytes(of: usedInputs) { [UInt8]($0) }) |
| 101 | + } |
| 102 | + |
| 103 | + init(_ ephemeralTag: EphemeralTagType) { |
| 104 | + self = Data(Swift.withUnsafeBytes(of: ephemeralTag) { [UInt8]($0) }) |
| 105 | + } |
| 106 | +} |
| 107 | + |
| 108 | +typealias UsedInputsType = ( |
| 109 | + UInt8, |
| 110 | + UInt8, |
| 111 | + UInt8, |
| 112 | + UInt8, |
| 113 | + UInt8, |
| 114 | + UInt8, |
| 115 | + UInt8, |
| 116 | + UInt8, |
| 117 | + UInt8, |
| 118 | + UInt8, |
| 119 | + UInt8, |
| 120 | + UInt8, |
| 121 | + UInt8, |
| 122 | + UInt8, |
| 123 | + UInt8, |
| 124 | + UInt8, |
| 125 | + UInt8, |
| 126 | + UInt8, |
| 127 | + UInt8, |
| 128 | + UInt8, |
| 129 | + UInt8, |
| 130 | + UInt8, |
| 131 | + UInt8, |
| 132 | + UInt8, |
| 133 | + UInt8, |
| 134 | + UInt8, |
| 135 | + UInt8, |
| 136 | + UInt8, |
| 137 | + UInt8, |
| 138 | + UInt8, |
| 139 | + UInt8, |
| 140 | + UInt8 |
| 141 | +) |
| 142 | + |
| 143 | +typealias EphemeralTagType = ( |
| 144 | + UInt8, |
| 145 | + UInt8, |
| 146 | + UInt8, |
| 147 | + UInt8, |
| 148 | + UInt8, |
| 149 | + UInt8, |
| 150 | + UInt8, |
| 151 | + UInt8, |
| 152 | + UInt8, |
| 153 | + UInt8, |
| 154 | + UInt8, |
| 155 | + UInt8, |
| 156 | + UInt8, |
| 157 | + UInt8, |
| 158 | + UInt8, |
| 159 | + UInt8, |
| 160 | + UInt8, |
| 161 | + UInt8, |
| 162 | + UInt8, |
| 163 | + UInt8, |
| 164 | + UInt8, |
| 165 | + UInt8, |
| 166 | + UInt8, |
| 167 | + UInt8, |
| 168 | + UInt8, |
| 169 | + UInt8, |
| 170 | + UInt8, |
| 171 | + UInt8, |
| 172 | + UInt8, |
| 173 | + UInt8, |
| 174 | + UInt8, |
| 175 | + UInt8, |
| 176 | + UInt8, |
| 177 | + UInt8, |
| 178 | + UInt8, |
| 179 | + UInt8, |
| 180 | + UInt8, |
| 181 | + UInt8, |
| 182 | + UInt8, |
| 183 | + UInt8, |
| 184 | + UInt8, |
| 185 | + UInt8, |
| 186 | + UInt8, |
| 187 | + UInt8, |
| 188 | + UInt8, |
| 189 | + UInt8, |
| 190 | + UInt8, |
| 191 | + UInt8, |
| 192 | + UInt8, |
| 193 | + UInt8, |
| 194 | + UInt8, |
| 195 | + UInt8, |
| 196 | + UInt8, |
| 197 | + UInt8, |
| 198 | + UInt8, |
| 199 | + UInt8, |
| 200 | + UInt8, |
| 201 | + UInt8, |
| 202 | + UInt8, |
| 203 | + UInt8, |
| 204 | + UInt8, |
| 205 | + UInt8, |
| 206 | + UInt8, |
| 207 | + UInt8 |
| 208 | +) |
0 commit comments