Skip to content

Commit

Permalink
xmr: bp - gc.collect() after expensive inversion
Browse files Browse the repository at this point in the history
  • Loading branch information
@ph4r05
ph4r05 committed Aug 17, 2018
1 parent e7fad55 commit 92d37c8
Showing 1 changed file with 31 additions and 14 deletions.
45 changes: 31 additions & 14 deletions src/apps/monero/xmr/bulletproof.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,21 +80,31 @@ def copy_vector(dst, src):
copy_key(dst[i], src[i])


def mul_inverse_egcd(x, n, s=1, t=0, N=0):
return (
n < 2 and t % N or mul_inverse_egcd(n, x % n, t, s - x // n * t, N or n),
-1,
)[n < 1]
def extended_gcd(aa, bb):
lastremainder, remainder = abs(aa), abs(bb)
x, lastx, y, lasty = 0, 1, 1, 0
while remainder:
lastremainder, (quotient, remainder) = remainder, divmod(lastremainder, remainder)
x, lastx = lastx - quotient * x, x
y, lasty = lasty - quotient * y, y
return lastremainder, lastx * (-1 if aa < 0 else 1), lasty * (-1 if bb < 0 else 1)


def modinv(a, m):
g, x, y = extended_gcd(a, m)
if g != 1:
raise ValueError
return x % m


def mul_inverse(x, n):
return pow(x, n - 2, n)


mul_inverse_used = mul_inverse_egcd
mul_inverse_used = modinv
try:
pow(2, 5, 7)
mul_inverse_used = mul_inverse_egcd
mul_inverse_used = mul_inverse
except NotImplementedError:
pass

Expand Down Expand Up @@ -736,13 +746,15 @@ def prove_s2(self, x_ip, y, hash_cache, l, r, L, R, aprime0, bprime0):
bprime = r

yinv = invert(None, y)
self.gc(20)

yinvpow = _ensure_dst_key()
copy_key(yinvpow, ONE)
for i in range(BP_N):
Gprime[i] = self.Gprec[i]
scalarmult_key(Hprime[i], self.Hprec[i], yinvpow)
sc_mul(yinvpow, yinvpow, yinv)
self.gc(20)
self.gc(21)

round = 0
nprime = BP_N
Expand All @@ -765,7 +777,7 @@ def prove_s2(self, x_ip, y, hash_cache, l, r, L, R, aprime0, bprime0):
_tmp_vct_2.resize(nprime, chop=True)
_tmp_vct_3.resize(nprime, chop=True)
_tmp_vct_4.resize(nprime, chop=True)
self.gc(21)
self.gc(22)

# PAPER LINES 16-17
cL = inner_product(
Expand Down Expand Up @@ -797,7 +809,7 @@ def prove_s2(self, x_ip, y, hash_cache, l, r, L, R, aprime0, bprime0):
bprime.slice(_tmp_vct_4, 0, nprime),
R[round],
)
self.gc(22)
self.gc(23)

sc_mul(tmp, cR, x_ip)
add_keys(R[round], R[round], scalarmult_key(_tmp_k_1, XMR_H, tmp))
Expand All @@ -807,6 +819,8 @@ def prove_s2(self, x_ip, y, hash_cache, l, r, L, R, aprime0, bprime0):

# PAPER LINES 24-25
invert(winv, w[round])
self.gc(24)

hadamard2(
vector_scalar2(Gprime.slice(_tmp_vct_1, 0, nprime), winv, _tmp_vct_3),
vector_scalar2(
Expand All @@ -824,7 +838,7 @@ def prove_s2(self, x_ip, y, hash_cache, l, r, L, R, aprime0, bprime0):
),
Hprime,
)
self.gc(23)
self.gc(25)

# PAPER LINES 28-29
vector_add(
Expand All @@ -846,7 +860,7 @@ def prove_s2(self, x_ip, y, hash_cache, l, r, L, R, aprime0, bprime0):
)

round += 1
self.gc(24)
self.gc(26)

copy_key(aprime0, aprime[0])
copy_key(bprime0, bprime[0])
Expand Down Expand Up @@ -994,9 +1008,12 @@ def verify(self, proof):
copy_key(ypow, ONE)

invert(yinv, y)
self.gc(61)

winv = _ensure_dst_keyvect(None, rounds)
for i in range(rounds):
invert(winv[i], w[i])
self.gc(62)

g_scalar = _ensure_dst_key()
h_scalar = _ensure_dst_key()
Expand Down Expand Up @@ -1031,7 +1048,7 @@ def verify(self, proof):

del g_scalar
del h_scalar
self.gc(61)
self.gc(63)

# PAPER LINE 26
pprime = _ensure_dst_key()
Expand All @@ -1052,7 +1069,7 @@ def verify(self, proof):
sc_mul(tmp, tmp, x_ip)
scalarmult_key(tmp, XMR_H, tmp)
add_keys(tmp, tmp, inner_prod)
self.gc(62)
self.gc(64)

if pprime != tmp:
raise ValueError("Verification failure step 2")
Expand Down

0 comments on commit 92d37c8

Please sign in to comment.