wip

base_layer/core/src/transactions/transaction_components/encrypted_openings.rs

@@ -258,11 +258,12 @@ mod test {
                 EncryptedOpenings::decrypt_openings(&encryption_key, &commitment, &encrypted_openings).unwrap();
             assert_eq!(amount, decrypted_value);
             assert_eq!(mask, decrypted_mask);
-            if let Ok((decrypted_value, decrypted_mask)) = EncryptedOpenings::decrypt_openings(&PrivateKey::random(&mut OsRng), &commitment, &encrypted_openings) {
+            if let Ok((decrypted_value, decrypted_mask)) =
+                EncryptedOpenings::decrypt_openings(&PrivateKey::random(&mut OsRng), &commitment, &encrypted_openings)
+            {
                 assert_ne!(amount, decrypted_value);
                 assert_ne!(mask, decrypted_mask);
             }
-
         }
     }
 

base_layer/core/src/transactions/transaction_components/error.rs

@@ -75,6 +75,8 @@ pub enum TransactionError {
     NonCoinbaseHasOutputFeaturesCoinbaseExtra,
     #[error("Coinbase extra size is {len} but the maximum is {max}")]
     InvalidOutputFeaturesCoinbaseExtraSize { len: usize, max: u32 },
+    #[error("Invalid revealed value : {0}")]
+    InvalidRevealedValue(String),
 }
 
 impl From<CovenantError> for TransactionError {

base_layer/core/src/transactions/transaction_components/test.rs

@@ -444,15 +444,24 @@ fn test_output_recover_openings() {
         value: v,
         ..Default::default()
     });
-    let output = unblinded_output
-        .as_transaction_output(&factories)
-        .unwrap();
+    let output = unblinded_output.as_transaction_output(&factories).unwrap();
 
-    if let Ok((value, recovered_mask)) = EncryptedOpenings::decrypt_openings(&random_key, &output.commitment, &output.encrypted_openings) {
-        assert!(output.verify_mask(&factories.range_proof, &recovered_mask, value.as_u64()).is_err());
+    if let Ok((value, recovered_mask)) =
+        EncryptedOpenings::decrypt_openings(&random_key, &output.commitment, &output.encrypted_openings)
+    {
+        assert!(output
+            .verify_mask(&factories.range_proof, &recovered_mask, value.as_u64())
+            .is_err());
     }
-    let (value, recovered_mask) = EncryptedOpenings::decrypt_openings(&test_params.rewind_data.encryption_key, &output.commitment, &output.encrypted_openings).unwrap();
-    assert!(output.verify_mask(&factories.range_proof, &recovered_mask, value.as_u64()).is_ok());
+    let (value, recovered_mask) = EncryptedOpenings::decrypt_openings(
+        &test_params.rewind_data.encryption_key,
+        &output.commitment,
+        &output.encrypted_openings,
+    )
+    .unwrap();
+    assert!(output
+        .verify_mask(&factories.range_proof, &recovered_mask, value.as_u64())
+        .is_ok());
     assert_eq!(recovered_mask, test_params.spend_key);
 }
 

base_layer/core/src/transactions/transaction_components/transaction_output.rs

@@ -301,27 +301,6 @@ impl TransactionOutput {
         Ok(())
     }
 
-    /// Attempt to rewind the range proof to reveal the mask (blinding factor)
-    pub fn recover_mask(
-        &self,
-        prover: &RangeProofService,
-        rewind_blinding_key: &PrivateKey,
-    ) -> Result<BlindingFactor, TransactionError> {
-        let statement_private = RistrettoAggregatedPrivateStatement::init(
-            vec![RistrettoStatement {
-                commitment: self.commitment.clone(),
-                minimum_value_promise: self.minimum_value_promise.as_u64(),
-            }],
-            Some(rewind_blinding_key.clone()),
-        )?;
-        match prover.recover_extended_mask(&self.proof.0, &statement_private)? {
-            Some(extended_mask) => Ok(extended_mask.secrets()[0].clone()),
-            None => Err(TransactionError::RangeProofError(RangeProofError::InvalidRewind(
-                "Empty mask".to_string(),
-            ))),
-        }
-    }
-
     /// Attempt to verify a recovered mask (blinding factor) for a proof against the commitment.
     pub fn verify_mask(
         &self,
@@ -417,8 +396,9 @@ impl TransactionOutput {
         covenant: &Covenant,
         encrypted_openings: &EncryptedOpenings,
         minimum_value_promise: MicroTari,
+        range_proof_type: RangeProofType,
     ) -> Result<ComAndPubSignature, TransactionError> {
-        let nonce_a = PrivateKey::random(&mut OsRng);
+        let nonce_a = TransactionOutput::nonce_a(range_proof_type, value, minimum_value_promise)?;
         let nonce_b = PrivateKey::random(&mut OsRng);
         let nonce_commitment = CommitmentFactory::default().commit(&nonce_b, &nonce_a);
         let pk_value = PrivateKey::from(value.as_u64());
@@ -491,6 +471,26 @@ impl TransactionOutput {
         )?)
     }
 
+    // With RevealedValue type range proofs, the nonce is always 0 and the minimum value promise equal to the value
+    fn nonce_a(
+        range_proof_type: RangeProofType,
+        value: MicroTari,
+        minimum_value_promise: MicroTari,
+    ) -> Result<PrivateKey, TransactionError> {
+        match range_proof_type {
+            RangeProofType::BulletProofPlus => Ok(PrivateKey::random(&mut OsRng)),
+            RangeProofType::RevealedValue => {
+                if minimum_value_promise != value {
+                    return Err(TransactionError::InvalidRevealedValue(format!(
+                        "Expected {}, received {}",
+                        value, minimum_value_promise
+                    )));
+                }
+                Ok(PrivateKey::default())
+            },
+        }
+    }
+
     // Create complete commitment signature if you are both the sender and receiver
     pub fn create_metadata_signature(
         version: TransactionOutputVersion,
@@ -502,8 +502,9 @@ impl TransactionOutput {
         covenant: &Covenant,
         encrypted_openings: &EncryptedOpenings,
         minimum_value_promise: MicroTari,
+        range_proof_type: RangeProofType,
     ) -> Result<ComAndPubSignature, TransactionError> {
-        let nonce_a = PrivateKey::random(&mut OsRng);
+        let nonce_a = TransactionOutput::nonce_a(range_proof_type, value, minimum_value_promise)?;
         let nonce_b = PrivateKey::random(&mut OsRng);
         let nonce_commitment = CommitmentFactory::default().commit(&nonce_b, &nonce_a);
         let nonce_x = PrivateKey::random(&mut OsRng);

base_layer/wallet/src/output_manager_service/recovery/standard_outputs_recoverer.rs

@@ -41,16 +41,14 @@ use tari_crypto::{
 use tari_key_manager::key_manager_service::KeyManagerInterface;
 use tari_script::{inputs, script, Opcode};
 
-use crate::{
-    output_manager_service::{
-        error::{OutputManagerError, OutputManagerStorageError},
-        handle::RecoveredOutput,
-        resources::OutputManagerKeyManagerBranch,
-        storage::{
-            database::{OutputManagerBackend, OutputManagerDatabase},
-            models::DbUnblindedOutput,
-            OutputSource,
-        },
+use crate::output_manager_service::{
+    error::{OutputManagerError, OutputManagerStorageError},
+    handle::RecoveredOutput,
+    resources::OutputManagerKeyManagerBranch,
+    storage::{
+        database::{OutputManagerBackend, OutputManagerDatabase},
+        models::DbUnblindedOutput,
+        OutputSource,
     },
 };
 

base_layer/wallet/src/output_manager_service/service.rs

@@ -2642,7 +2642,9 @@ where
 
         for (output, output_source, script_private_key, shared_secret) in scanned_outputs {
             let encryption_key = shared_secret_to_output_encryption_key(&shared_secret)?;
-            if let Ok((committed_value, blinding_factor)) = EncryptedOpenings::decrypt_openings(&encryption_key, &output.commitment, &output.encrypted_openings) {
+            if let Ok((committed_value, blinding_factor)) =
+                EncryptedOpenings::decrypt_openings(&encryption_key, &output.commitment, &output.encrypted_openings)
+            {
                 if output.verify_mask(
                     &self.resources.factories.range_proof,
                     &blinding_factor,