initial commit

2025-12-20 10:34:20 +01:00 · 2022-09-11 04:31:37 +03:00
parent 213968eca7
commit 13a1e47a3d
18 changed files with 1128 additions and 0 deletions
--- a/mint/ledger.py
+++ b/mint/ledger.py
@@ -0,0 +1,134 @@
+"""
+Implementation of https://gist.github.com/phyro/935badc682057f418842c72961cf096c
+"""
+
+import hashlib
+
+from ecc.curve import secp256k1, Point
+from ecc.key import gen_keypair
+
+import core.b_dhke as b_dhke
+from core.db import Database
+from core.split import amount_split
+from core.settings import MAX_ORDER
+from mint.crud import store_promise, invalidate_proof
+
+
+class Ledger:
+    def __init__(self, secret_key: str, db: str):
+        self.master_key = secret_key
+        self.proofs_used = set()  # no promise proofs have been used
+        self.keys = self._derive_keys(self.master_key)
+        self.db = Database("mint", db)
+
+    @staticmethod
+    def _derive_keys(master_key):
+        """Deterministic derivation of keys for 2^n values."""
+        return {
+            2
+            ** i: int(
+                hashlib.sha256((str(master_key) + str(i)).encode("utf-8"))
+                .hexdigest()
+                .encode("utf-8"),
+                16,
+            )
+            for i in range(MAX_ORDER)
+        }
+
+    async def _generate_promises(self, amounts, B_s):
+        """Generates promises that sum to the given amount."""
+        return [
+            await self._generate_promise(amount, Point(B_["x"], B_["y"], secp256k1))
+            for (amount, B_) in zip(amounts, B_s)
+        ]
+
+    async def _generate_promise(self, amount, B_):
+        """Generates a promise for given amount and returns a pair (amount, C')."""
+        secret_key = self.keys[amount]  # Get the correct key
+        C_ = b_dhke.step2_alice(B_, secret_key)
+        await store_promise(amount, B_x=B_.x, B_y=B_.y, C_x=C_.x, C_y=C_.y, db=self.db)
+        return {"amount": amount, "C'": C_}
+
+    def _verify_proof(self, proof):
+        """Verifies that the proof of promise was issued by this ledger."""
+        if proof["secret"] in self.proofs_used:
+            raise Exception(f"Already spent. Secret: {proof['secret']}")
+        secret_key = self.keys[proof["amount"]]  # Get the correct key to check against
+        C = Point(proof["C"]["x"], proof["C"]["y"], secp256k1)
+        return b_dhke.verify(secret_key, C, proof["secret"])
+
+    def _verify_outputs(self, total, amount, output_data):
+        """Verifies the expected split was correctly computed"""
+        fst_amt, snd_amt = total - amount, amount  # we have two amounts to split to
+        fst_outputs = amount_split(fst_amt)
+        snd_outputs = amount_split(snd_amt)
+        expected = fst_outputs + snd_outputs
+        given = [o["amount"] for o in output_data]
+        return given == expected
+
+    def _verify_no_duplicates(self, proofs, output_data):
+        secrets = [p["secret"] for p in proofs]
+        if len(secrets) != len(list(set(secrets))):
+            return False
+        B_xs = [od["B'"]["x"] for od in output_data]
+        if len(B_xs) != len(list(set(B_xs))):
+            return False
+        return True
+
+    @staticmethod
+    def _get_output_split(amount):
+        """Given an amount returns a list of amounts returned e.g. 13 is [1, 4, 8]."""
+        bits_amt = bin(amount)[::-1][:-2]
+        rv = []
+        for (pos, bit) in enumerate(bits_amt):
+            if bit == "1":
+                rv.append(2**pos)
+        return rv
+
+    # Public methods
+
+    def get_pubkeys(self):
+        """Returns public keys for possible amounts."""
+        return {
+            amt: self.keys[amt] * secp256k1.G
+            for amt in [2**i for i in range(MAX_ORDER)]
+        }
+
+    async def mint(self, B_, amount):
+        """Mints a promise for coins for B_."""
+        if amount not in [2**i for i in range(MAX_ORDER)]:
+            raise Exception(f"Can only mint amounts up to {2**MAX_ORDER}.")
+        split = amount_split(amount)
+        return [await self._generate_promise(a, B_) for a in split]
+
+    async def split(self, proofs, amount, output_data):
+        """Consumes proofs and prepares new promises based on the amount split."""
+        # Verify proofs are valid
+        if not all([self._verify_proof(p) for p in proofs]):
+            return False
+
+        total = sum([p["amount"] for p in proofs])
+
+        if not self._verify_no_duplicates(proofs, output_data):
+            raise Exception("duplicate proofs or promises")
+        if amount > total:
+            raise Exception("split amount is higher than the total sum")
+        if not self._verify_outputs(total, amount, output_data):
+            raise Exception("split of promises is not as expected")
+
+        # Perform split
+        proof_msgs = set([p["secret"] for p in proofs])
+        # Mark proofs as used and prepare new promises
+        self.proofs_used |= proof_msgs
+
+        # store in db
+        for p in proofs:
+            await invalidate_proof(p, db=self.db)
+
+        outs_fst = amount_split(total - amount)
+        outs_snd = amount_split(amount)
+        B_fst = [od["B'"] for od in output_data[: len(outs_fst)]]
+        B_snd = [od["B'"] for od in output_data[len(outs_fst) :]]
+        return await self._generate_promises(
+            outs_fst, B_fst
+        ), await self._generate_promises(outs_snd, B_snd)