-
Notifications
You must be signed in to change notification settings - Fork 50
/
HackyAOSRing.sol
54 lines (40 loc) · 1.3 KB
/
HackyAOSRing.sol
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
pragma solidity 0.4.24;
library HackyAOSRing
{
function sbmul_add_smul(uint256 a, uint256 x, uint256 y, uint256 c)
internal pure returns(address)
{
uint256 Q = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141;
a = mulmod((Q - a) % Q, x, Q);
return ecrecover(
bytes32(a), // 'msghash'
y % 2 != 0 ? 28 : 27, // v
bytes32(x), // r
bytes32(mulmod(c, x, Q))); // s
}
function HackySchnorrCalc( uint256 x, uint256 y, uint256 message, uint256 t, uint256 s )
internal pure returns(uint256)
{
address hashed_point = sbmul_add_smul(t, x, y, s);
bytes memory ring_link = abi.encodePacked(x, y, uint256(hashed_point), message);
return uint256(keccak256(ring_link));
}
function Verify( uint256[] pubkeys, uint256[] tees, uint256 seed, uint256 message )
public pure returns (bool)
{
require( pubkeys.length % 2 == 0 );
require( pubkeys.length > 0 );
uint256 c = seed;
uint256 nkeys = pubkeys.length / 2;
uint256 j = 0;
for( uint256 i = 0; i < nkeys; i++ )
{
// TODO: verify (pubkeys[j], pubkeys[j+1]) is on curve
// TODO: verify 0 < tees[i] < P
// TODO: c = c % N ?
c = HackySchnorrCalc(pubkeys[j], pubkeys[j+1], message, tees[i], c);
j += 2;
}
return c == seed;
}
}