Commit Graph

255 Commits

Author SHA1 Message Date
moneromooo-monero c3b3260ae5
New "Halfway RingCT" outputs for coinbase transactions
When RingCT is enabled, outputs from coinbase transactions
are created as a single output, and stored as RingCT output,
with a fake mask. Their amount is not hidden on the blockchain
itself, but they are then able to be used as fake inputs in
a RingCT ring. Since the output amounts are hidden, their
"dustiness" is not an obstacle anymore to mixing, and this
makes the coinbase transactions a lot smaller, as well as
helping the TXO set to grow more slowly.

Also add a new "Null" type of rct signature, which decreases
the size required when no signatures are to be stored, as
in a coinbase tx.
2016-08-28 21:30:26 +01:00
moneromooo-monero d4b62a1e29
rct amount key modified as per luigi1111's recommendations
This allows the key to be not the same for two outputs sent to
the same address (eg, if you pay yourself, and also get change
back). Also remove the key amounts lists and return parameters
since we don't actually generate random ones, so we don't need
to save them as we can recalculate them when needed if we have
the correct keys.
2016-08-28 21:30:19 +01:00
moneromooo-monero 93f5c625f0
rct: rework v2 txes into prunable and non prunable data
Nothing is pruned, but this allows easier changes later.
2016-08-28 21:30:18 +01:00
moneromooo-monero d93746b6d3
rct: rework the verification preparation process
The whole rct data apart from the MLSAGs is now included in
the signed message, to avoid malleability issues.

Instead of passing the data that's not serialized as extra
parameters to the verification API, the transaction is modified
to fill all that information. This means the transaction can
not be const anymore, but it cleaner in other ways.
2016-08-28 21:30:16 +01:00
moneromooo-monero 3ab2ab3e76
rct: change the simple flag to a type
for future expansion
2016-08-28 21:30:14 +01:00
Shen Noether c5be4b0bea
rct: avoid the need for the last II element
This element is used in the generation of the MLSAG, but isn't
needed in verification.
Also misc changes in the cryptonote code to match, by mooo.
2016-08-28 21:30:12 +01:00
moneromooo-monero a47ceee83b
wallet: do not store signatures in the wallet cache
Saves some substantial space.
Also avoid calculating tx hashes we don't need.
2016-08-28 21:30:10 +01:00
moneromooo-monero b337aea6cc
rct: do not serialize senderPk - it is not used anymore 2016-08-28 21:30:01 +01:00
moneromooo-monero e5a9a4755b
core_tests: fix a couple pre-rct tests using rct 2016-08-28 21:29:58 +01:00
moneromooo-monero 37bdf6ebe3
change fork settings to allow pre-rct txes for one more fork cycle 2016-08-28 21:29:50 +01:00
moneromooo-monero 9b70856ccb
rct: make the amount key derivable by a third party with the tx key
Scheme design from luigi1114.
2016-08-28 21:29:46 +01:00
moneromooo-monero cf33e1a52a
rct: do not serialize public keys in outPk
They can be reconstructed from vout
2016-08-28 21:29:43 +01:00
moneromooo-monero ce5de8b430
tests: add tests for wallet output selection 2016-08-28 21:29:34 +01:00
moneromooo-monero e81a2b2cfa
port get_tx_key/check_tx_key to rct 2016-08-28 21:29:24 +01:00
moneromooo-monero e06faefde4
tests: add basic tests for simple rct api 2016-08-28 21:29:22 +01:00
moneromooo-monero a4d4d6194b
integrate simple rct api 2016-08-28 21:29:20 +01:00
moneromooo-monero 59a66e209a
move the rct commitments to the output_amounts database
Since these are needed at the same time as the output pubkeys,
this is a whole lot faster, and takes less space. Only outputs
of 0 amount store the commitment. When reading other outputs,
a fake commitment is regenerated on the fly. This avoids having
to rewrite the database to add space for fake commitments for
existing outputs.

This code relies on two things:

- LMDB must support fixed size records per key, rather than
per database (ie, all records on key 0 are the same size, all
records for non 0 keys are same size, but records from key 0
and non 0 keys do have different sizes).

- the commitment must be directly after the rest of the data
in outkey and output_data_t.
2016-08-28 21:29:02 +01:00
moneromooo-monero 6d0e47148b
rct: add the tx prefix hash into the MLSAG
to protect the non-signatures parts of the tx from tampering.
2016-08-28 21:28:58 +01:00
moneromooo-monero 20e50ec7f7
ringct: do not serialize what can be reconstructed
The mixRing (output keys and commitments) and II fields (key images)
can be reconstructed from vin data.
This saves some modest amount of space in the tx.
2016-08-28 21:28:55 +01:00
moneromooo-monero 106e3dc3d4
Add rct core tests 2016-08-28 21:28:53 +01:00
moneromooo-monero 161551e13b
tests: test for ringct rctSig data sizes
ie, more data or less data than expected in various fields
2016-08-28 21:28:42 +01:00
moneromooo-monero dc4aad7eb5
add rct to the protocol
It is not yet constrained to a fork, so don't use on the real network
or you'll be orphaned or rejected.
2016-08-28 21:28:37 +01:00
moneromooo-monero cc7f449d57
make rct tx serialization work
It may be suboptimal, but it's a pain to have to rebuild everything
when some of this changes.
Also, no clue why there seems to be two different code paths for
serializing a tx...
2016-08-28 21:28:31 +01:00
moneromooo-monero 54f7429cf6
ringct: allow no outputs, and add tests for this and fees 2016-08-28 21:28:27 +01:00
Shen Noether f8c04ad94f
ringct: txn fee stuff 2016-08-28 21:28:23 +01:00
moneromooo-monero eb56d0f994
blockchain_db: add functions for adding/removing/getting rct commitments 2016-08-28 21:28:11 +01:00
Shen Noether 53cdf4df5e
tests: new ringct test for checking H2 values
Ported from Shen's RingCT repo
2016-08-28 21:28:01 +01:00
moneromooo-monero 720ac85553
tests: zero inputs/outputs are in fact supposed to be accepted 2016-08-28 21:27:52 +01:00
moneromooo-monero 84948eabae
ringct: add a test for prooveRange being non deterministic 2016-08-28 21:27:50 +01:00
moneromooo-monero 700248f59e
tests: more ringct range proof tests 2016-08-28 21:27:43 +01:00
moneromooo-monero 9e82b694da
remove original Cryptonote blockchain_storage blockchain format 2016-08-28 21:27:32 +01:00
moneromooo-monero 57779abe27
tests: add some more ringct building block tests 2016-08-28 21:27:26 +01:00
moneromooo-monero 2d6303fb2c
tests: add Shen Noether's basic ringct tests 2016-08-28 21:27:19 +01:00
Ilya Kitaev 99dd57258f libwallet_api: tests: checking for result while opening wallet 2016-08-23 14:13:30 +03:00
Ilya Kitaev bcf7b67cd6 libwallet_api: Wallet::amountFromString fixed 2016-08-23 13:47:21 +03:00
Ilya Kitaev cbe534db1a libwallet_api: tests: removed logged passwords 2016-08-22 23:14:58 +03:00
Ilya Kitaev b1a5a937ff libwallet_api: do not store wallet on close if status is not ok 2016-08-22 22:47:59 +03:00
moneromooo-monero 11dc091464
Fake outs set is now decided by the wallet
This plugs a privacy leak from the wallet to the daemon,
as the daemon could previously see what input is included
as a transaction input, which the daemon hadn't previously
supplied. Now, the wallet requests a particular set of
outputs, including the real one.

This can result in transactions that can't be accepted if
the wallet happens to select too many outputs with non standard
unlock times. The daemon could know this and select another
output, but the wallet is blind to it. It's currently very
unlikely since I don't think anything uses non default
unlock times. The wallet requests more outputs than necessary
so it can use spares if any of the returns outputs are still
locked. If there are not enough spares to reach the desired
mixin, the transaction will fail.
2016-08-11 14:35:27 +01:00
moneromooo-monero 46188734f6
tests: fix a bitflag test typo 2016-07-26 22:40:46 +01:00
moneromooo-monero 89e68d778d
unit_tests: check adding checkpoints succeeded 2016-07-26 22:40:38 +01:00
Riccardo Spagni b582764bd6
Merge pull request #915
d7597c5 refreshing wallet even if error happened (Ilya Kitaev)
6d32a3d wallet_api: async init, Wallet::connected status, log level (Ilya Kitaev)
193d251 libwallet_api cmake: conditionally creating libwallet_merged2 only for STATIC build (Ilya Kitaev)
10c06dd wallet_api: segfault on refresh fixed (Ilya Kitaev)
9d2cb4f WalletListener functionality (Ilya Kitaev)
d27b883 hack to successfull linking for MSYS2 (Ilya Kitaev)
083380c Transaction fee multiplier aka priority integraged (Ilya Kitaev)
00ed12b Wallet::paymentIdValid (Ilya Kitaev)
2016-07-23 09:17:21 +02:00
anonimal 61ed40a618
Tests: fix signed/unsigned comparison in hash-target
* References #886
2016-07-22 22:05:35 +00:00
Ilya Kitaev 6d32a3d16b wallet_api: async init, Wallet::connected status, log level 2016-07-18 23:03:09 +03:00
Ilya Kitaev 9d2cb4f36c WalletListener functionality 2016-07-18 23:02:47 +03:00
Ilya Kitaev 083380cb8f Transaction fee multiplier aka priority integraged 2016-07-18 23:02:18 +03:00
moneromooo-monero d7b681cd65
remove hf_starting_height db
It's not really needed, it used to be an optimization for when
that code was not using the db and needed to recalculate things
fast on startup.
2016-07-13 21:38:34 +01:00
Ilya Kitaev ab61ba0c9b Merge branch 'master' of https://github.com/mbg033/bitmonero 2016-06-23 16:23:09 +03:00
Ilya Kitaev ca61153003 Wallet: payment id and integrated address 2016-06-23 16:01:41 +03:00
Ilya Kitaev 2efec04f74 Wallet::createTransaction: added mixin_count param 2016-06-23 16:01:41 +03:00
Ilya Kitaev 85a632244e double/string to monero integer convertion methods 2016-06-23 16:01:41 +03:00