Implement Switch Commitments from monero-project/research-lab#105

kayabaNerve · Sep 4, 2022 · 5fa593f · 5fa593f
1 parent 73566e7
commit 5fa593f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/coins/monero/src/lib.rs b/coins/monero/src/lib.rs
@@ -19,6 +19,7 @@ pub mod frost;
 mod serialize;
 
 pub mod ringct;
+use ringct::raw_hash_to_point;
 
 pub mod transaction;
 pub mod block;
@@ -71,10 +72,18 @@ impl Commitment {
     Commitment { mask: Scalar::one(), amount: 0 }
   }
 
-  pub fn new(mask: Scalar, amount: u64) -> Commitment {
+  pub fn raw(mask: Scalar, amount: u64) -> Commitment {
     Commitment { mask, amount }
   }
 
+  pub fn new(mask: Scalar, amount: u64) -> Commitment {
+    #[allow(non_snake_case)]
+    let C = Commitment::raw(mask, amount).calculate().compress().to_bytes();
+    #[allow(non_snake_case)]
+    let D = (mask * raw_hash_to_point(hash(b"Switch Commitment"))).compress().to_bytes();
+    Commitment::raw(mask + hash_to_scalar(&[C.as_ref(), D.as_ref()].concat()), amount)
+  }
+
   pub fn calculate(&self) -> EdwardsPoint {
     (&self.mask * &ED25519_BASEPOINT_TABLE) + (&Scalar::from(self.amount) * &*H_TABLE)
   }

diff --git a/coins/monero/src/ringct/clsag/mod.rs b/coins/monero/src/ringct/clsag/mod.rs
@@ -210,7 +210,7 @@ impl Clsag {
   ) -> (Clsag, EdwardsPoint, Scalar, Scalar) {
     let r: usize = input.decoys.i.into();
 
-    let pseudo_out = Commitment::new(mask, input.commitment.amount).calculate();
+    let pseudo_out = Commitment::raw(mask, input.commitment.amount).calculate();
     let z = input.commitment.mask - mask;
 
     let H = hash_to_point(input.decoys.ring[r][0]);