Skip to content

Commit

Permalink
Merge branch 'master' into elements-22-fix-ci
Browse files Browse the repository at this point in the history
  • Loading branch information
@psgreco
psgreco committed Sep 7, 2022
2 parents 519d4a8 + f49e97d commit c4d5a2e
Show file tree
Hide file tree
Showing 10 changed files with 260 additions and 20 deletions.
2 changes: 1 addition & 1 deletion .cirrus.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ task:
<< : *GLOBAL_TASK_TEMPLATE
container:
image: ubuntu:focal
cpu: 4 # Increase CPU and memory to avoid timeout
cpu: 8 # Increase CPU and memory to avoid timeout
memory: 16G
env:
<< : *CIRRUS_EPHEMERAL_WORKER_TEMPLATE_ENV
Expand Down
26 changes: 13 additions & 13 deletions doc/elements-tx-format.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ This document assumes some familiarity with Bitcoin and Elements (UTXOs, [Script
| Flags | Yes | 1 byte | `unsigned char` | | 1 if the transaction contains a witness, otherwise 0. All other values are invalid. |
| Num Inputs | Yes | Varies | `VarInt` | | Number of inputs to the transaction. |
| Inputs | Yes | Varies | `Vector<TxIn>` | | |
| Num Inputs | Yes | Varies | `VarInt` | | Number of outputs from the transaction. |
| Num Outputs | Yes | Varies | `VarInt` | | Number of outputs from the transaction. |
| Outputs | Yes | Varies | `Vector<TxOut>` | | |
| Locktime | Yes | 4 bytes | `uint32_t` | Little-endian | See [BIP 113](https://github.com/bitcoin/bips/blob/master/bip-0113.mediawiki). |
| Witness | Only if flags is 1 | Varies | `Witness` | | See [BIP 141](https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki). Note that Elements witnesses contain more data than Bitcoin witnesses. This extra data is described further below. |
Expand Down Expand Up @@ -203,13 +203,13 @@ Deserialization:
| Input #2
| 8d83eb1b0826f46d473003d041116927
| 470e2ce0f7cc0c634a983d438d770ac8 ... Outpoint TXID: c80a778d433d984a630cccf7e02c0e4727691141d00330476df426081beb838d
| 00000000 ........................... Outpoint index
| 00000000 ........................... Outpoint index
|
| 00 ................................. ScriptSig length
| | .................................. ScriptSig (empty)
|
| ffffffff ........................... Sequence number: UINT32_MAX
02 ................................... Num Outputs
|
| Output #1
Expand Down Expand Up @@ -239,7 +239,7 @@ Deserialization:
| 03 ................................. Nonce header (0x03 → compressed point)
| 72fdd5c6e805a50d73ab15ec41cfaadc
| be408ecc7a5867621918f1070f84ec95 ... Nonce x-coordinate (big-endian)
|
|
| 16 ................................. ScriptPubKey length (0x16 = 22 bytes)
| | 001424ae71d4804ca7dd1fa66486a8
| | 7af9dff1663c84 ................... ScriptPubKey
Expand Down Expand Up @@ -317,18 +317,18 @@ Deserialization:
| | .................................. ScriptSig (empty: segwit transaction)
|
| fdffffff ........................... Sequence number
|
|
| .................................... Asset issuance
| | 000000000000000000000000000000
| | 000000000000000000000000000000
| | 0000 ............................. Asset blinding nonce (0 for new asset issuance)
| |
| |
| | 000000000000000000000000000000
| | 000000000000000000000000000000
| | 0000 ............................. Asset entropy
| |
| | 01 ............................... Amount header (0x01 → explicit, unblinded value)
| | 00000000c4b20100 ................. Amount: 0xc4b20100 = 3,300,000,000 → 33 units (each divisible by 100,000,000)
| | 00000000c4b20100 ................. Amount: 0xc4b20100 = 3,300,000,000 → 33 units (each divisible by 100,000,000)
| |
| | 01 ............................... Num inflation keys header (0x01 → explicit, unblinded value)
| | 0000000029b92700 ................. Value. 0x29b92700 = 700,000,000 inflation keys
Expand All @@ -343,7 +343,7 @@ Deserialization:
| 08 ................................. Amount header (0x08 → blinded value)
| 66abe471dfadfb650825abe6f757860b
| 6760d30ff62bc7c9ebd438608f45368b ... Amount x-coordinate (big-endian)
|
|
| 02 ................................. Nonce header (0x02 → blinded value)
| 115750003261bc64bb73d83401a91279
| 6d0c0fb9d54c72751a7ca7a5149a9bdf ... Nonce x-coordinate (big-endian)
Expand Down Expand Up @@ -518,7 +518,7 @@ Deserialization:
| 6d521c38ec1ea15734ae22b7c4606441
| 2829c0d0579f0a713d1c04ede979026f ... Asset ID: 6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d
|
| 01 ................................. Amount header (0x01 → explicit, unblinded value)
| 01 ................................. Amount header (0x01 → explicit, unblinded value)
| 00000000002b09c1 ................... Amount: 0.02820545 L-BTC
|
| 00 ................................. Nonce header (0x00 → null)
Expand All @@ -532,7 +532,7 @@ Deserialization:
| 6d521c38ec1ea15734ae22b7c4606441
| 2829c0d0579f0a713d1c04ede979026f ... Asset ID: 6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d
|
| 01 ................................. Amount header (0x01 → explicit, unblinded value)
| 01 ................................. Amount header (0x01 → explicit, unblinded value)
| 0000000000000027 ................... Amount: 0.00000039 L-BTC
|
| 00 ................................. Nonce header (0x00 → null)
Expand Down Expand Up @@ -560,10 +560,10 @@ Deserialization:
| | | f34227cbba1cf25eb0778aa45f8b
| | | 7cb3495046 ..................... Stack item #2
| 06 ................................. Peg-in witness stack length
| | 08 ............................... Stack item #1 length
| | 08 ............................... Stack item #1 length
| | | e8092b0000000000 ............... Peg-in value (little-endian): 0x2b09e8 = 0.02820545 BTC)
| | 20 ............................... Stack item #2 length (0x20 = 32)
| | | 6d521c38ec1ea15734ae22b7c46064
| | | 6d521c38ec1ea15734ae22b7c46064
| | | 412829c0d0579f0a713d1c04ede979
| | | 026f ........................... Asset ID: 6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d
| | 20 ............................... Stack item #3 length (0x20 = 32)
Expand Down Expand Up @@ -592,4 +592,4 @@ Deserialization:
| Output #2 witness
| 00 ................................. Surjection proof length
| 00 ................................. Range proof length
```
```
50 changes: 50 additions & 0 deletions doc/pset.mediawiki
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,56 @@ The currently defined elements per-input proprietary types are as follows:
|
| 0
| 2
|-
| Explicit Value
| <tt>PSBT_ELEMENTS_IN_EXPLICIT_VALUE = 0x11</tt>
| None
| No key data
| <tt><64-bit little endian int value></tt>
| The explicit value for the input being spent. If provided, <tt>PSBT_ELEMENTS_IN_VALUE_PROOF</tt> must be provided too. Must not be provided if the input's value in the UTXO is already explicit.
|
| 0
| 2
|-
| Explicit Value Proof
| <tt>PSBT_ELEMENTS_IN_VALUE_PROOF = 0x12</tt>
| None
| No key data
| <tt><rangeproof></tt>
| An explicit value rangeproof that proves that the value commitment in this input's UTXO matches the explicit value in <tt>PSBT_ELEMENTS_IN_EXPLICIT_VALUE</tt>. If provided, <tt>PSBT_ELEMENTS_IN_EXPLICIT_VALUE</tt> must be provided too.
|
| 0
| 2
|-
| Explicit Asset
| <tt>PSBT_ELEMENTS_IN_EXPLICIT_ASSET = 0x13</tt>
| None
| No key data
| <tt><32 byte asset tag></tt>
| The explicit asset for the input being spent. If provided, <tt>PSBT_ELEMENTS_IN_ASSET_PROOF</tt> must be provided too. Must not be provided if the input's asset in the UTXO is already explicit.
|
| 0
| 2
|-
| Explicit Asset Proof
| <tt>PSBT_ELEMENTS_IN_ASSET_PROOF = 0x14</tt>
| None
| No key data
| <tt><proof></tt>
| An asset surjection proof with this input's asset as the only asset in the input set in order to prove that the asset commitment in the UTXO matches the explicit asset in <tt>PSBT_ELEMENTS_IN_EXPLICIT_ASSET</tt>. If provided, <tt>PSBT_ELEMENTS_IN_EXPLICIT_ASSET</tt> must be provided too.
|
| 0
| 2
|-
| Blinded Issuance Flag
| <tt>PSBT_ELEMENTS_IN_BLINDED_ISSUANCE = 0x15</tt>
| None
| No key data
| <tt><1 byte boolean></tt>
| A boolean flag. <tt>0x00</tt> indicates the issuance should not be blinded, <tt>0x01</tt> indicates it should be. If not specified, assumed to be <tt>0x01</tt>. Note that this does not indicate actual blinding status, but rather the expected blinding status prior to signing.
|
| 0
| 2
|}

The currently defined elements per-output proprietary types are as follows:
Expand Down
6 changes: 3 additions & 3 deletions share/setup.nsi.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ Var StartMenuGroup
!insertmacro MUI_LANGUAGE English

# Installer attributes
InstallDir $PROGRAMFILES64\Bitcoin
InstallDir $PROGRAMFILES64\Elements
CRCCheck on
XPStyle on
BrandingText " "
Expand Down Expand Up @@ -105,7 +105,7 @@ Section -post SEC0001
WriteRegDWORD HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" NoModify 1
WriteRegDWORD HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" NoRepair 1
WriteRegStr HKCR "@PACKAGE_TARNAME@" "URL Protocol" ""
WriteRegStr HKCR "@PACKAGE_TARNAME@" "" "URL:Bitcoin"
WriteRegStr HKCR "@PACKAGE_TARNAME@" "" "URL:Elements"
WriteRegStr HKCR "@PACKAGE_TARNAME@\DefaultIcon" "" $INSTDIR\@BITCOIN_GUI_NAME@@EXEEXT@
WriteRegStr HKCR "@PACKAGE_TARNAME@\shell\open\command" "" '"$INSTDIR\@BITCOIN_GUI_NAME@@EXEEXT@" "%1"'
SectionEnd
Expand Down Expand Up @@ -138,7 +138,7 @@ Section -un.post UNSEC0001
Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\Uninstall $(^Name).lnk"
Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\$(^Name).lnk"
Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\@PACKAGE_NAME@ (testnet, 64-bit).lnk"
Delete /REBOOTOK "$SMSTARTUP\Bitcoin.lnk"
Delete /REBOOTOK "$SMSTARTUP\Elements.lnk"
Delete /REBOOTOK $INSTDIR\uninstall.exe
Delete /REBOOTOK $INSTDIR\debug.log
Delete /REBOOTOK $INSTDIR\db.log
Expand Down
32 changes: 31 additions & 1 deletion src/blindpsbt.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,35 @@ BlindProofResult VerifyBlindProofs(const PSBTOutput& o) {
return BlindProofResult::OK;
}

BlindProofResult VerifyBlindProofs(const PSBTInput& i) {
CTxOut utxo;
if (!i.GetUTXO(utxo)) {
return BlindProofResult::OK;
}

if (i.m_explicit_value != std::nullopt) {
if (i.m_value_proof.empty()) {
return BlindProofResult::MISSING_VALUE_PROOF;
} else if (!utxo.nValue.IsCommitment()) {
return BlindProofResult::NOT_FULLY_BLINDED;
} else if (!VerifyBlindValueProof(*i.m_explicit_value, utxo.nValue, i.m_value_proof, utxo.nAsset)) {
return BlindProofResult::INVALID_VALUE_PROOF;
}
}

if (!i.m_explicit_asset.IsNull()) {
if (i.m_asset_proof.empty()) {
return BlindProofResult::MISSING_ASSET_PROOF;
} else if (!utxo.nAsset.IsCommitment()) {
return BlindProofResult::NOT_FULLY_BLINDED;
} else if (!VerifyBlindAssetProof(i.m_explicit_asset, i.m_asset_proof, utxo.nAsset)) {
return BlindProofResult::INVALID_ASSET_PROOF;
}
}

return BlindProofResult::OK;
}

void CreateAssetCommitment(CConfidentialAsset& conf_asset, secp256k1_generator& asset_gen, const CAsset& asset, const uint256& asset_blinder)
{
conf_asset.vchCommitment.resize(CConfidentialAsset::nCommittedSize);
Expand Down Expand Up @@ -386,7 +415,8 @@ BlindingStatus BlindPSBT(PartiallySignedTransaction& psbt, std::map<uint32_t, st
}

// Handle issuances
if (input.m_issuance_value != std::nullopt || input.m_issuance_value_commitment.IsCommitment() || input.m_issuance_inflation_keys_amount != std::nullopt || input.m_issuance_inflation_keys_commitment.IsCommitment()) {
if ((!input.m_blinded_issuance.has_value() || input.m_blinded_issuance.value()) &&
(input.m_issuance_value != std::nullopt || input.m_issuance_value_commitment.IsCommitment() || input.m_issuance_inflation_keys_amount != std::nullopt || input.m_issuance_inflation_keys_commitment.IsCommitment())) {
CAsset issuance_asset;
CAsset reissuance_asset;

Expand Down
2 changes: 2 additions & 0 deletions src/blindpsbt.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@

struct PartiallySignedTransaction;
struct PSBTOutput;
struct PSBTInput;

enum class BlindingStatus
{
Expand Down Expand Up @@ -52,5 +53,6 @@ BlindingStatus BlindPSBT(PartiallySignedTransaction& psbt, std::map<uint32_t, st
bool VerifyBlindValueProof(CAmount value, const CConfidentialValue& conf_value, const std::vector<unsigned char>& proof, const CConfidentialAsset& conf_asset);
bool VerifyBlindAssetProof(const uint256& asset, const std::vector<unsigned char>& proof, const CConfidentialAsset& conf_asset);
BlindProofResult VerifyBlindProofs(const PSBTOutput& o);
BlindProofResult VerifyBlindProofs(const PSBTInput& i);

#endif //BITCOIN_BLINDPSBT_H
95 changes: 95 additions & 0 deletions src/psbt.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,11 @@ static constexpr uint8_t PSBT_ELEMENTS_IN_ISSUANCE_ASSET_ENTROPY = 0x0d;
static constexpr uint8_t PSBT_ELEMENTS_IN_UTXO_RANGEPROOF = 0x0e;
static constexpr uint8_t PSBT_ELEMENTS_IN_ISSUANCE_BLIND_VALUE_PROOF = 0x0f;
static constexpr uint8_t PSBT_ELEMENTS_IN_ISSUANCE_BLIND_INFLATION_KEYS_PROOF = 0x10;
static constexpr uint8_t PSBT_ELEMENTS_IN_EXPLICIT_VALUE = 0x11;
static constexpr uint8_t PSBT_ELEMENTS_IN_VALUE_PROOF = 0x12;
static constexpr uint8_t PSBT_ELEMENTS_IN_EXPLICIT_ASSET = 0x13;
static constexpr uint8_t PSBT_ELEMENTS_IN_ASSET_PROOF = 0x14;
static constexpr uint8_t PSBT_ELEMENTS_IN_BLINDED_ISSUANCE = 0x15;

// Output types
static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT = 0x00;
Expand Down Expand Up @@ -248,6 +253,7 @@ struct PSBTInput
uint256 m_issuance_asset_entropy;
std::vector<unsigned char> m_blind_issuance_value_proof;
std::vector<unsigned char> m_blind_issuance_inflation_keys_proof;
std::optional<bool> m_blinded_issuance;

// Peg-in
std::variant<std::monostate, Sidechain::Bitcoin::CTransactionRef, CTransactionRef> m_peg_in_tx;
Expand All @@ -259,6 +265,10 @@ struct PSBTInput

// Auxiliary elements stuff
std::vector<unsigned char> m_utxo_rangeproof;
std::optional<CAmount> m_explicit_value;
std::vector<unsigned char> m_value_proof;
uint256 m_explicit_asset;
std::vector<unsigned char> m_asset_proof;

bool IsNull() const;
void FillSignatureData(SignatureData& sigdata) const;
Expand Down Expand Up @@ -473,6 +483,31 @@ struct PSBTInput
SerializeToVector(s, CompactSizeWriter(PSBT_OUT_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_ISSUANCE_BLIND_INFLATION_KEYS_PROOF));
s << m_blind_issuance_inflation_keys_proof;
}

// Explicit value and its proof
if (m_explicit_value.has_value()) {
SerializeToVector(s, CompactSizeWriter(PSBT_IN_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_EXPLICIT_VALUE));
SerializeToVector(s, m_explicit_value.value());
}
if (!m_value_proof.empty()) {
SerializeToVector(s, CompactSizeWriter(PSBT_IN_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_VALUE_PROOF));
s << m_value_proof;
}

// Explicit asset and its proof
if (!m_explicit_asset.IsNull()) {
SerializeToVector(s, CompactSizeWriter(PSBT_IN_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_EXPLICIT_ASSET));
SerializeToVector(s, m_explicit_asset);
}
if (!m_asset_proof.empty()) {
SerializeToVector(s, CompactSizeWriter(PSBT_IN_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_ASSET_PROOF));
s << m_asset_proof;
}

if (m_blinded_issuance.has_value()) {
SerializeToVector(s, CompactSizeWriter(PSBT_IN_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_BLINDED_ISSUANCE));
SerializeToVector(s, *m_blinded_issuance);
}
}

// Write proprietary things
Expand Down Expand Up @@ -886,6 +921,60 @@ struct PSBTInput
s >> m_blind_issuance_inflation_keys_proof;
break;
}
case PSBT_ELEMENTS_IN_EXPLICIT_VALUE:
{
if (!key_lookup.emplace(key).second) {
throw std::ios_base::failure("Duplicate Key, explicit value is already provided");
} else if (subkey_len != 1) {
throw std::ios_base::failure("Input explicit value is more than one byte type");
}
CAmount v;
UnserializeFromVector(s, v);
m_explicit_value = v;
break;
}
case PSBT_ELEMENTS_IN_VALUE_PROOF:
{
if (!key_lookup.emplace(key).second) {
throw std::ios_base::failure("Duplicate Key, explicit value proof is already provided");
} else if (subkey_len != 1) {
throw std::ios_base::failure("Input explicit value proof is more than one byte type");
}
s >> m_value_proof;
break;
}
case PSBT_ELEMENTS_IN_EXPLICIT_ASSET:
{
if (!key_lookup.emplace(key).second) {
throw std::ios_base::failure("Duplicate Key, explicit asset is already provided");
} else if (subkey_len != 1) {
throw std::ios_base::failure("Input explicit asset is more than one byte type");
}
UnserializeFromVector(s, m_explicit_asset);
break;
}
case PSBT_ELEMENTS_IN_ASSET_PROOF:
{
if (!key_lookup.emplace(key).second) {
throw std::ios_base::failure("Duplicate Key, explicit asset proof is already provided");
} else if (subkey_len != 1) {
throw std::ios_base::failure("Input explicit asset proof is more than one byte type");
}
s >> m_asset_proof;
break;
}
case PSBT_ELEMENTS_IN_BLINDED_ISSUANCE:
{
if (!key_lookup.emplace(key).second) {
throw std::ios_base::failure("Duplicate Key, issuance needs blinded flag is already provided");
} else if (subkey_len != 1) {
throw std::ios_base::failure("Input issuance needs blinded flag is more than one byte type");
}
bool b;
UnserializeFromVector(s, b);
m_blinded_issuance = b;
break;
}
default:
{
known = false;
Expand Down Expand Up @@ -936,6 +1025,12 @@ struct PSBTInput
if (!m_issuance_inflation_keys_commitment.IsNull() && m_issuance_inflation_keys_rangeproof.empty()) {
throw std::ios_base::failure("Issuance inflation keys commitment provided without inflation keys rangeproof");
}
if ((m_explicit_value.has_value() || !m_value_proof.empty()) && (!m_explicit_value.has_value() || m_value_proof.empty())) {
throw std::ios_base::failure("Input explicit value and value proof must be provided together");
}
if ((!m_explicit_asset.IsNull() || !m_asset_proof.empty()) && (m_explicit_asset.IsNull() || m_asset_proof.empty())) {
throw std::ios_base::failure("Input explicit asset and asset proof must be provided together");
}
}
}

Expand Down
Loading

0 comments on commit c4d5a2e

Please sign in to comment.