Add MimbleWimble support #2

webwarrior-ws · 2023-10-12T10:26:08Z

Implemented parsing and creation of MimbleWimble transactions, as well as Wallet type for keeping track of unspent coins. Added tests for implemented functionality.

knocte · 2023-10-12T11:06:18Z

I know you have squashed all commits into 1 in order to not have to curate your commit history to have all commits be green. But I prefer a not-all-green commit history for a PR (that I squash into one myself when merging) than just losing all those commits that you had @webwarrior-ws

webwarrior-ws · 2023-10-12T11:09:30Z

I know you have squashed all commits into 1 in order to not have to curate your commit history to have all commits be green. But I prefer a not-all-green commit history for a PR (that I squash into one myself when merging) than just losing all those commits that you had @webwarrior-ws

What do you propose? To have all the original commits in the PR?

knocte · 2023-10-12T11:12:08Z

That's exactly what I said.

knocte · 2023-10-12T11:12:43Z

i.e. ...But I prefer a not-all-green commit history for a PR...

src/NLitecoin/MimbleWimble/EC.fs

knocte · 2023-10-12T15:21:55Z

src/NLitecoin/MimbleWimble/EC.fs

+        BigInteger.FromByteArrayUnsigned(arr).Mod(scalarOrder)
+
+    if k0 = BigInteger.Zero then
+        failwith "Failure. This happens only with negligible probability."


@webwarrior-ws WHAT???

It's extremely unlikely that sha256 hash of some value will be all zeros or exactly scalarOrder.

src/NLitecoin/MimbleWimble/EC.fs

src/NLitecoin/MimbleWimble/TransactionBuilder.fs

src/NLitecoin/MimbleWimble/Types.fs

knocte · 2023-10-12T15:49:29Z

src/NLitecoin/MimbleWimble/Types.fs

+    member self.IsMine = self.AddressIndex <> Coin.UnknownIndex
+    member self.HasSpendKey = self.SpendKey.IsSome
+
+    static member Empty =


@webwarrior-ws can this be marked as private or internal?

No, it's used in tests. Unless I duplicate this method in tests.

don't duplicate it

src/NLitecoin/MimbleWimble/Wallet.fs

src/NLitecoin/MimbleWimble/Types.fs

knocte · 2024-03-21T14:08:44Z

@webwarrior-ws I guess this PR needs cleanup (e.g. squashing). But if you add LIP0006 work here, please add it as a separate commit.

Add types needed for MimbleWimble transactions and implement serialization. Made all MimbleWimble types implement ISerializable and interface and Read static method. Reuse NBitcoin's BitcoinStream for serialization and deserialization, but don't use its IBitcoinSerializable interface because it mixes reading and writing in one method. Added new test project for MimbleWimble tests. Added test for peg-in transaction. Added property-based tests for serialization and deserilaization. Added test that deserilizes transaction generated and serialized by modified litecoin test (see [1]). Added tests for parsing peg-out transaction and MW to MW (HogEx) transaction. [1] https://github.com/litecoin-project/litecoin/blob/5ac781487cc9589131437b23c69829f04002b97e/src/libmw/test/tests/models/tx/Test_Transaction.cpp

Add NBitcoin.Secp256k1 library because it has Schnorr signature. As the library requires .netstandard 2.1, make NLitecoin target it instead of 2.0.

Implement construction of range proofs. Added a new test project that does differential tests for zero-knowledge proof components that uses Secp256k1-ZKP.Net library (libsecp256k1 wrapper) as reference. Use Assert.Inconclusive if function is missing in libsecp256k1 on current platform.

Implement transaction builder and add tests for it.

Added Wallet type, which is responsible for key derivation, rewinding of transaction outputs, and storage of rewound outputs (coins), as well as creating transactions using our keychain and spendable coins.

Ported test for key derivation and stealth address generation using KeyChain. Minor code style improvements.

Fixes in Wallet and TransactionBuilder mostly related to public/private spend keys.

Added integration test for Wallet.

Update NBitcoin to version 7.0.13 because older NBitcoin versions can't decode bech32 strings of length > 90, which is needed for MimbleWimble address decoding.

Implemented decoding of MimbleWimble stealth addresses. Added test.

Increase package's version to 0.2.0.

Implement "read-only" keychain, that allows for balance to be checked without knowledge of wallet's seed (which would allow for spending funds), only with private scan key and public spend keys.

Addressed code review comments. Added latest Fsdk package in order to use BetterAssert function.

Fixed transaction deserialization so that it now handles HogEx transactions, which have mweb extension flag but don't contain MW transaction. Added test for this case.

webwarrior-ws · 2024-03-26T11:12:12Z

Squashed. CI for all commits is green now.

webwarrior-ws force-pushed the mimblewimble-squashed branch from c702894 to 43a756e Compare October 12, 2023 11:13