WIP: new commitment signature

base_layer/core/src/consensus/consensus_encoding/crypto.rs

@@ -155,9 +155,11 @@ impl ConsensusDecoding for RangeProof {
 
 impl ConsensusEncoding for ComSignature {
     fn consensus_encode<W: Write>(&self, writer: &mut W) -> Result<(), Error> {
-        self.u().consensus_encode(writer)?;
-        self.v().consensus_encode(writer)?;
-        self.public_nonce().consensus_encode(writer)?;
+        self.ephemeral_commitment().consensus_encode(writer)?;
+        self.ephemeral_pubkey().consensus_encode(writer)?;
+        self.u_a().consensus_encode(writer)?;
+        self.u_x().consensus_encode(writer)?;
+        self.u_y().consensus_encode(writer)?;
         Ok(())
     }
 }
@@ -170,10 +172,12 @@ impl ConsensusEncodingSized for ComSignature {
 
 impl ConsensusDecoding for ComSignature {
     fn consensus_decode<R: Read>(reader: &mut R) -> Result<Self, io::Error> {
-        let u = PrivateKey::consensus_decode(reader)?;
-        let v = PrivateKey::consensus_decode(reader)?;
-        let nonce = Commitment::consensus_decode(reader)?;
-        Ok(ComSignature::new(nonce, u, v))
+        let ephemeral_commitment = Commitment::consensus_decode(reader)?;
+        let ephemeral_pubkey = PublicKey::consensus_decode(reader)?;
+        let u_a = PrivateKey::consensus_decode(reader)?;
+        let u_x = PrivateKey::consensus_decode(reader)?;
+        let u_y = PrivateKey::consensus_decode(reader)?;
+        Ok(ComSignature::new(ephemeral_commitment, ephemeral_pubkey, u_a, u_x, u_y))
     }
 }
 

base_layer/core/src/proto/types.proto

@@ -31,9 +31,11 @@ message SignerSignature {
 // Define the explicit ComSignature implementation for the Tari base layer. A different signature scheme can be
 // employed by redefining this type.
 message ComSignature {
-    bytes public_nonce_commitment = 1;
-    bytes signature_u = 2;
-    bytes signature_v = 3;
+    bytes ephemeral_commitment = 1;
+    bytes ephemeral_pubkey = 2;
+    bytes u_a = 3;
+    bytes u_x = 4;
+    bytes u_y = 5;
 }
 
 // BlindingFactor wrapper

base_layer/core/src/proto/types_impls.rs

@@ -83,20 +83,24 @@ impl TryFrom<proto::ComSignature> for ComSignature {
     type Error = ByteArrayError;
 
     fn try_from(sig: proto::ComSignature) -> Result<Self, Self::Error> {
-        let public_nonce = Commitment::from_bytes(&sig.public_nonce_commitment)?;
-        let signature_u = PrivateKey::from_bytes(&sig.signature_u)?;
-        let signature_v = PrivateKey::from_bytes(&sig.signature_v)?;
+        let ephemeral_commitment = Commitment::from_bytes(&sig.ephemeral_commitment)?;
+        let ephemeral_pubkey = PublicKey::from_bytes(&sig.ephemeral_pubkey)?;
+        let u_a = PrivateKey::from_bytes(&sig.u_a)?;
+        let u_x = PrivateKey::from_bytes(&sig.u_x)?;
+        let u_y = PrivateKey::from_bytes(&sig.u_y)?;
 
-        Ok(Self::new(public_nonce, signature_u, signature_v))
+        Ok(Self::new(ephemeral_commitment, ephemeral_pubkey, u_a, u_x, u_y))
     }
 }
 
 impl From<ComSignature> for proto::ComSignature {
     fn from(sig: ComSignature) -> Self {
         Self {
-            public_nonce_commitment: sig.public_nonce().to_vec(),
-            signature_u: sig.u().to_vec(),
-            signature_v: sig.v().to_vec(),
+            ephemeral_commitment: sig.ephemeral_commitment().to_vec(),
+            ephemeral_pubkey: sig.ephemeral_pubkey().to_vec(),
+            u_a: sig.u_a().to_vec(),
+            u_x: sig.u_x().to_vec(),
+            u_y: sig.u_y().to_vec(),
         }
     }
 }

base_layer/core/src/transactions/transaction_components/transaction_input.rs

@@ -161,7 +161,8 @@ impl TransactionInput {
 
     pub(super) fn build_script_challenge(
         version: TransactionInputVersion,
-        nonce_commitment: &Commitment,
+        ephemeral_commitment: &Commitment,
+        ephemeral_pubkey: &PublicKey,
         script: &TariScript,
         input_data: &ExecutionStack,
         script_public_key: &PublicKey,
@@ -170,7 +171,8 @@ impl TransactionInput {
         match version {
             TransactionInputVersion::V0 | TransactionInputVersion::V1 => {
                 DomainSeparatedConsensusHasher::<TransactionHashDomain>::new("script_challenge")
-                    .chain(nonce_commitment)
+                    .chain(ephemeral_commitment)
+                    .chain(ephemeral_pubkey)
                     .chain(script)
                     .chain(input_data)
                     .chain(script_public_key)
@@ -280,7 +282,7 @@ impl TransactionInput {
 
     pub fn validate_script_signature(
         &self,
-        public_script_key: &PublicKey,
+        script_public_key: &PublicKey,
         factory: &CommitmentFactory,
     ) -> Result<(), TransactionError> {
         match self.spent_output {
@@ -292,15 +294,16 @@ impl TransactionInput {
             } => {
                 let challenge = TransactionInput::build_script_challenge(
                     self.version,
-                    self.script_signature.public_nonce(),
+                    self.script_signature.ephemeral_commitment(),
+                    self.script_signature.ephemeral_pubkey(),
                     script,
                     &self.input_data,
-                    public_script_key,
+                    script_public_key,
                     commitment,
                 );
                 if self
                     .script_signature
-                    .verify_challenge(&(commitment + public_script_key), &challenge, factory)
+                    .verify_challenge(commitment, script_public_key, &challenge, factory)
                 {
                     Ok(())
                 } else {

base_layer/core/src/transactions/transaction_components/unblinded_output.rs

@@ -163,23 +163,28 @@ impl UnblindedOutput {
     /// Commits an UnblindedOutput into a Transaction input
     pub fn as_transaction_input(&self, factory: &CommitmentFactory) -> Result<TransactionInput, TransactionError> {
         let commitment = factory.commit(&self.spending_key, &self.value.into());
-        let script_nonce_a = PrivateKey::random(&mut OsRng);
-        let script_nonce_b = PrivateKey::random(&mut OsRng);
-        let nonce_commitment = factory.commit(&script_nonce_b, &script_nonce_a);
+        let r_a = PrivateKey::random(&mut OsRng);
+        let r_x = PrivateKey::random(&mut OsRng);
+        let r_y = PrivateKey::random(&mut OsRng);
+        let ephemeral_commitment = factory.commit(&r_x, &r_a);
+        let ephemeral_pubkey = PublicKey::from_secret_key(&r_y);
 
         let challenge = TransactionInput::build_script_challenge(
             TransactionInputVersion::get_current_version(),
-            &nonce_commitment,
+            &ephemeral_commitment,
+            &ephemeral_pubkey,
             &self.script,
             &self.input_data,
             &PublicKey::from_secret_key(&self.script_private_key),
             &commitment,
         );
         let script_signature = ComSignature::sign(
             &self.value.into(),
-            &(&self.script_private_key + &self.spending_key),
-            &script_nonce_a,
-            &script_nonce_b,
+            &self.spending_key,
+            &self.script_private_key,
+            &r_a,
+            &r_x,
+            &r_y,
             &challenge,
             factory,
         )

base_layer/core/src/transactions/transaction_protocol/transaction_initializer.rs

@@ -229,14 +229,16 @@ impl SenderTransactionInitializer {
             &output.script,
             &output.features,
             &output.sender_offset_public_key,
-            output.metadata_signature.public_nonce(),
+            output.metadata_signature.ephemeral_commitment(),
+            output.metadata_signature.ephemeral_pubkey(),
             &commitment,
             &output.covenant,
             &output.encrypted_value,
             output.minimum_value_promise,
         );
         if !output.metadata_signature.verify_challenge(
-            &(&commitment + &output.sender_offset_public_key),
+            &commitment,
+            &output.sender_offset_public_key,
             &e,
             &commitment_factory,
         ) {