Merge pull request #1 from zcoinofficial/sigma

Sigma
firoorg · May 9, 2019 · 6056fac · 6056fac
2 parents f1ddc35 + 6245dd5
commit 6056fac
Show file tree

Hide file tree

Showing 7 changed files with 557 additions and 535 deletions.
diff --git a/src/main.cpp b/src/main.cpp
@@ -4363,8 +4363,10 @@ bool CheckBlock(const CBlock &block, CValidationState &state,
         return true;
     } catch (const std::exception &e) {
         PrintExceptionContinue(&e, "CheckBlock() 1\n");
+        return false;
     } catch (...) {
         PrintExceptionContinue(NULL, "CheckBlock() 2\n");
+        return false;
     }
     return true;
 }

diff --git a/src/sigma/coinspend.cpp b/src/sigma/coinspend.cpp
@@ -1,5 +1,6 @@
 #include "coinspend.h"
 #include "openssl_context.h"
+#include "util.h"
 
 namespace sigma {
 
@@ -111,6 +112,7 @@ bool CoinSpendV3::Verify(
     // Verify ecdsa_signature, to make sure someone did not change the output of transaction.
     // Check sizes
     if (this->ecdsaPubkey.size() != 33 || this->ecdsaSignature.size() != 64) {
+        LogPrintf("Sigma spend failed due to incorrect size of ecdsaSignature.");
         return false;
     }
 
@@ -119,20 +121,24 @@ bool CoinSpendV3::Verify(
     secp256k1_ecdsa_signature signature;
 
     if (!secp256k1_ec_pubkey_parse(OpenSSLContext::get_context(), &pubkey, ecdsaPubkey.data(), 33)) {
+        LogPrintf("Sigma spend failed due to unable to parse ecdsaPubkey.");
         return false;
     }
 
     // Recompute and compare hash of public key
     Scalar coinSerialNumberExpected = PrivateCoinV3::serialNumberFromSerializedPublicKey(OpenSSLContext::get_context(), &pubkey);
     if (coinSerialNumber != coinSerialNumberExpected) {
+        LogPrintf("Sigma spend failed due to serial number does not match public key hash.");
         return false;
     }
 
     if (1 != secp256k1_ecdsa_signature_parse_compact(OpenSSLContext::get_context(), &signature, ecdsaSignature.data()) ) {
+        LogPrintf("Sigma spend failed due to signature cannot be parsed.");
         return false;
     }
     if (!secp256k1_ecdsa_verify(
             OpenSSLContext::get_context(), &signature, metahash.begin(), &pubkey)) {
+        LogPrintf("Sigma spend failed due to signature cannot be verified.");
         return false;
     }
 

diff --git a/src/sigma/sigmaplus_verifier.h b/src/sigma/sigmaplus_verifier.h
@@ -2,6 +2,7 @@
 #define ZCOIN_SIGMA_SIGMAPLUS_VERIFIER_H
 
 #include "r1_proof_verifier.h"
+#include "util.h"
 
 namespace sigma {
 template<class Exponent, class GroupElement>

diff --git a/src/sigma/sigmaplus_verifier.hpp b/src/sigma/sigmaplus_verifier.hpp
@@ -19,16 +19,22 @@ bool SigmaPlusVerifier<Exponent, GroupElement>::verify(
     R1ProofVerifier<Exponent, GroupElement> r1ProofVerifier(g_, h_, proof.B_, n, m);
     std::vector<Exponent> f;
     const R1Proof<Exponent, GroupElement>& r1Proof = proof.r1Proof_;
-    if (!r1ProofVerifier.verify(r1Proof, f, true /* Skip verification of final response */))
+    if (!r1ProofVerifier.verify(r1Proof, f, true /* Skip verification of final response */)) {
+        LogPrintf("Sigma spend failed due to r1 proof incorrect.");
         return false;
+    }
 
-    if (!(proof.B_).isMember())
+    if (!(proof.B_).isMember()) {
+        LogPrintf("Sigma spend failed due to value of B outside of group.");
         return false;
+    }
 
     const std::vector <GroupElement>& Gk = proof.Gk_;
     for (int k = 0; k < m; ++k) {
-        if (!Gk[k].isMember())
+        if (!Gk[k].isMember()) {
+            LogPrintf("Sigma spend failed due to value of GK[i] outside of group.");
             return false;
+        }
     }
 
     // Compute value of challenge X, then continue R1 proof and sigma final response proof.
@@ -40,11 +46,16 @@ bool SigmaPlusVerifier<Exponent, GroupElement>::verify(
     SigmaPrimitives<Exponent, GroupElement>::generate_challenge(group_elements, challenge_x);
 
     // Now verify the final response of r1 proof. Values of "f" are finalized only after this call.
-    if (!r1ProofVerifier.verify_final_response(r1Proof, challenge_x, f))
+    if (!r1ProofVerifier.verify_final_response(r1Proof, challenge_x, f)) {
+        LogPrintf("Sigma spend failed due to incorrect final response.");
         return false;
+    }
 
-    if(!proof.z_.isMember())
+    if(!proof.z_.isMember()) {
+        LogPrintf("Sigma spend failed due to value of Z outside of group.");
         return false;
+    }
+
     int N = commits.size();
     std::vector<Exponent> f_i_;
     f_i_.reserve(N);
@@ -67,8 +78,10 @@ bool SigmaPlusVerifier<Exponent, GroupElement>::verify(
     }
 
     GroupElement left(t1 + t2);
-    if(left != SigmaPrimitives<Exponent, GroupElement>::commit(g_, Exponent(uint64_t(0)), h_[0], proof.z_))
+    if (left != SigmaPrimitives<Exponent, GroupElement>::commit(g_, Exponent(uint64_t(0)), h_[0], proof.z_)) {
+        LogPrintf("Sigma spend failed due to final proof verification failure.");
         return false;
+    }
 
     return true;
 }

diff --git a/src/wallet/rpcwallet.cpp b/src/wallet/rpcwallet.cpp
@@ -2759,11 +2759,11 @@ UniValue mint(const UniValue& params, bool fHelp)
 
 UniValue mintzerocoin(const UniValue& params, bool fHelp)
 {
-    EnsureZerocoinMintIsAllowed();
-
     if (fHelp || params.size() != 1)
         throw runtime_error("mintzerocoin <amount>(1,10,25,50,100)\n" + HelpRequiringPassphrase());
 
+    EnsureZerocoinMintIsAllowed();
+
     int64_t nAmount = 0;
     libzerocoin::CoinDenomination denomination;
     // Amount
@@ -2915,8 +2915,6 @@ UniValue mintzerocoinV3(const UniValue& params, bool fHelp)
 
 UniValue mintmanyzerocoin(const UniValue& params, bool fHelp)
 {
-    EnsureZerocoinMintIsAllowed();
-
     if (fHelp || params.size() == 0 || params.size() % 2 != 0 || params.size() > 10)
         throw runtime_error(
                 "mintmanyzerocoin <denomination>(1,10,25,50,100), numberOfMints, <denomination>(1,10,25,50,100), numberOfMints, ... }\n"
@@ -2932,6 +2930,8 @@ UniValue mintmanyzerocoin(const UniValue& params, bool fHelp)
                     + HelpExampleCli("mintmanyzerocoin", "25 10 50 5")
         );
 
+    EnsureZerocoinMintIsAllowed();
+
     UniValue sendTo(UniValue::VOBJ);
 
     for(size_t i=0; i<params.size(); i+=2){

diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp
@@ -5912,7 +5912,7 @@ string CWallet::MintAndStoreZerocoin(vector<CRecipient> vecSend,
 
     LogPrintf("payTxFee.GetFeePerK()=%s\n", payTxFee.GetFeePerK());
     CReserveKey reservekey(this);
-    int64_t nFeeRequired;
+    int64_t nFeeRequired = 0;
 
     int nChangePosRet = -1;
     bool isSigmaMint = false;
@@ -5985,7 +5985,7 @@ string CWallet::MintAndStoreZerocoinV3(vector<CRecipient> vecSend,
 
     LogPrintf("payTxFee.GetFeePerK()=%s\n", payTxFee.GetFeePerK());
     CReserveKey reservekey(this);
-    int64_t nFeeRequired;
+    int64_t nFeeRequired = 0;
 
     int nChangePosRet = -1;
     bool isSigmaMint = true;
@@ -6056,7 +6056,7 @@ string CWallet::MintZerocoin(CScript pubCoin, int64_t nValue, bool isSigmaMint,
         return _("Insufficient funds");
     LogPrintf("payTxFee.GetFeePerK()=%s\n", payTxFee.GetFeePerK());
     CReserveKey reservekey(this);
-    int64_t nFeeRequired;
+    int64_t nFeeRequired = 0;
 
     if (IsLocked()) {
         string strError = _("Error: Wallet locked, unable to create transaction!");