Skip to content

Commit f047623

Browse files
apoelstraapoelstra
committed
rangeproof: refactor rangeproof_genrand into two functions
This is purely to reduce the number of arguments being passed into one function at once. Also improves const-correctness.
1 parent 14b72a2 commit f047623

File tree

1 file changed

+40
-19
lines changed

1 file changed

+40
-19
lines changed

src/modules/rangeproof/rangeproof_impl.h

+40-19
Original file line numberDiff line numberDiff line change
@@ -249,41 +249,56 @@ SECP256K1_INLINE static void secp256k1_rangeproof_serialize_point(unsigned char*
249249
secp256k1_fe_get_b32(data + 1, &pointx);
250250
}
251251

252-
SECP256K1_INLINE static int secp256k1_rangeproof_genrand(secp256k1_scalar *sec, secp256k1_scalar *s, unsigned char *message,
253-
size_t *rsizes, size_t rings, const unsigned char *nonce, const secp256k1_ge *commit, const unsigned char *proof, size_t len, const secp256k1_ge* genp) {
254-
unsigned char tmp[32];
252+
SECP256K1_INLINE static void secp256k1_rangeproof_init_rng(
253+
secp256k1_rfc6979_hmac_sha256* rng,
254+
const unsigned char* nonce,
255+
const secp256k1_ge* commit,
256+
const unsigned char *proof,
257+
const size_t len,
258+
const secp256k1_ge* genp
259+
) {
255260
unsigned char rngseed[32 + 33 + 33 + 10];
256-
secp256k1_rfc6979_hmac_sha256 rng;
261+
VERIFY_CHECK(len <= 10);
262+
263+
memcpy(rngseed, nonce, 32);
264+
secp256k1_rangeproof_serialize_point(rngseed + 32, commit);
265+
secp256k1_rangeproof_serialize_point(rngseed + 32 + 33, genp);
266+
memcpy(rngseed + 33 + 33 + 32, proof, len);
267+
secp256k1_rfc6979_hmac_sha256_initialize(rng, rngseed, 32 + 33 + 33 + len);
268+
}
269+
270+
SECP256K1_INLINE static int secp256k1_rangeproof_genrand(
271+
secp256k1_scalar *sec,
272+
secp256k1_scalar *s,
273+
unsigned char *message,
274+
const secp256k1_rangeproof_header* header,
275+
secp256k1_rfc6979_hmac_sha256* rng
276+
) {
277+
unsigned char tmp[32];
257278
secp256k1_scalar acc;
258279
int overflow;
259280
int ret;
260281
size_t i;
261282
size_t j;
262283
int b;
263284
size_t npub;
264-
VERIFY_CHECK(len <= 10);
265-
memcpy(rngseed, nonce, 32);
266-
secp256k1_rangeproof_serialize_point(rngseed + 32, commit);
267-
secp256k1_rangeproof_serialize_point(rngseed + 32 + 33, genp);
268-
memcpy(rngseed + 33 + 33 + 32, proof, len);
269-
secp256k1_rfc6979_hmac_sha256_initialize(&rng, rngseed, 32 + 33 + 33 + len);
270285
secp256k1_scalar_clear(&acc);
271286
npub = 0;
272287
ret = 1;
273-
for (i = 0; i < rings; i++) {
274-
if (i < rings - 1) {
275-
secp256k1_rfc6979_hmac_sha256_generate(&rng, tmp, 32);
288+
for (i = 0; i < header->n_rings; i++) {
289+
if (i < header->n_rings - 1) {
290+
secp256k1_rfc6979_hmac_sha256_generate(rng, tmp, 32);
276291
do {
277-
secp256k1_rfc6979_hmac_sha256_generate(&rng, tmp, 32);
292+
secp256k1_rfc6979_hmac_sha256_generate(rng, tmp, 32);
278293
secp256k1_scalar_set_b32(&sec[i], tmp, &overflow);
279294
} while (overflow || secp256k1_scalar_is_zero(&sec[i]));
280295
secp256k1_scalar_add(&acc, &acc, &sec[i]);
281296
} else {
282297
secp256k1_scalar_negate(&acc, &acc);
283298
sec[i] = acc;
284299
}
285-
for (j = 0; j < rsizes[i]; j++) {
286-
secp256k1_rfc6979_hmac_sha256_generate(&rng, tmp, 32);
300+
for (j = 0; j < header->rsizes[i]; j++) {
301+
secp256k1_rfc6979_hmac_sha256_generate(rng, tmp, 32);
287302
if (message) {
288303
for (b = 0; b < 32; b++) {
289304
tmp[b] ^= message[(i * 4 + j) * 32 + b];
@@ -295,7 +310,7 @@ SECP256K1_INLINE static int secp256k1_rangeproof_genrand(secp256k1_scalar *sec,
295310
npub++;
296311
}
297312
}
298-
secp256k1_rfc6979_hmac_sha256_finalize(&rng);
313+
secp256k1_rfc6979_hmac_sha256_finalize(rng);
299314
secp256k1_scalar_clear(&acc);
300315
memset(tmp, 0, 32);
301316
return ret;
@@ -318,6 +333,7 @@ SECP256K1_INLINE static int secp256k1_rangeproof_sign_impl(const secp256k1_ecmul
318333
unsigned char *signs; /* Location of sign flags in the proof. */
319334
uint64_t v;
320335
size_t secidx[32]; /* Which digit is the correct one. */
336+
secp256k1_rfc6979_hmac_sha256 genrand_rng;
321337
size_t len; /* Number of bytes used so far. */
322338
size_t i;
323339
size_t pub_idx;
@@ -380,7 +396,8 @@ SECP256K1_INLINE static int secp256k1_rangeproof_sign_impl(const secp256k1_ecmul
380396
}
381397
prep[idx] = 128;
382398
}
383-
if (!secp256k1_rangeproof_genrand(sec, s, prep, header.rsizes, header.n_rings, nonce, commit, proof, len, genp)) {
399+
secp256k1_rangeproof_init_rng(&genrand_rng, nonce, commit, proof, len, genp);
400+
if (!secp256k1_rangeproof_genrand(sec, s, prep, &header, &genrand_rng)) {
384401
return 0;
385402
}
386403
memset(prep, 0, 4096);
@@ -477,6 +494,7 @@ SECP256K1_INLINE static void secp256k1_rangeproof_ch32xor(unsigned char *x, cons
477494
SECP256K1_INLINE static int secp256k1_rangeproof_rewind_inner(secp256k1_scalar *blind, uint64_t *v,
478495
unsigned char *m, size_t *mlen, secp256k1_scalar *ev, secp256k1_scalar *s,
479496
secp256k1_rangeproof_header* header, const unsigned char *nonce, const secp256k1_ge *commit, const unsigned char *proof, size_t len, const secp256k1_ge *genp) {
497+
secp256k1_rfc6979_hmac_sha256 genrand_rng;
480498
secp256k1_scalar s_orig[128];
481499
secp256k1_scalar sec[32];
482500
secp256k1_scalar stmp;
@@ -491,7 +509,10 @@ SECP256K1_INLINE static int secp256k1_rangeproof_rewind_inner(secp256k1_scalar *
491509
size_t npub;
492510
memset(prep, 0, 4096);
493511
/* Reconstruct the provers random values. */
494-
secp256k1_rangeproof_genrand(sec, s_orig, prep, header->rsizes, header->n_rings, nonce, commit, proof, len, genp);
512+
secp256k1_rangeproof_init_rng(&genrand_rng, nonce, commit, proof, len, genp);
513+
if (!secp256k1_rangeproof_genrand(sec, s_orig, prep, header, &genrand_rng)) {
514+
return 0;
515+
}
495516
*v = UINT64_MAX;
496517
secp256k1_scalar_clear(blind);
497518
if (header->n_rings == 1 && header->rsizes[0] == 1) {

0 commit comments

Comments
 (0)