Merge #834: Switch default bits of hiding to 52

c780a51 nit: Comment in blind_tests.cpp was wrong (Steven Roose) e87b390 Some readability improvements in blind.cpp (Steven Roose) 26e5490 Switch default bits of hiding to 52 (Gregory Sanders) Pull request description: Replaces #793 and is basically that MR but rebased. (I can't rebase on Greg's branch.) Tree-SHA512: 2c321d7f50d1c16f73e9eafc905b3a21a1aa7a4c44a2da39b1adda7f7c12d74c0f49379c7995afe605b5c07410e8e2f0e3468826e4d246c91c8a1c2c8a03e5dc
ElementsProject · Mar 17, 2020 · 95602ec · 95602ec
2 parents 71d00ba + c780a51
commit 95602ec
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 10 deletions.
diff --git a/src/blind.cpp b/src/blind.cpp
@@ -178,8 +178,11 @@ bool GenerateRangeproof(std::vector<unsigned char>& rangeproof, const std::vecto
     memcpy(asset_message+32, asset_blindptrs[asset_blindptrs.size()-1], 32);
 
     // Sign rangeproof
+    int ct_exponent = std::min(std::max((int)gArgs.GetArg("-ct_exponent", 0), -1), 18);
+    int ct_bits = (int)gArgs.GetArg("-ct_bits", 52);
     // If min_value is 0, scriptPubKey must be unspendable
-    int res = secp256k1_rangeproof_sign(secp256k1_blind_context, rangeproof.data(), &nRangeProofLen, scriptPubKey.IsUnspendable() ? 0 : 1, &value_commit, value_blindptrs.back(), nonce.begin(), std::min(std::max((int)gArgs.GetArg("-ct_exponent", 0), -1),18), std::min(std::max((int)gArgs.GetArg("-ct_bits", 36), 1), 51), amount, asset_message, sizeof(asset_message), scriptPubKey.size() ? &scriptPubKey.front() : NULL, scriptPubKey.size(), &gen);
+    uint64_t min_value = scriptPubKey.IsUnspendable() ? 0 : 1;
+    int res = secp256k1_rangeproof_sign(secp256k1_blind_context, rangeproof.data(), &nRangeProofLen, min_value, &value_commit, value_blindptrs.back(), nonce.begin(), ct_exponent, ct_bits, amount, asset_message, sizeof(asset_message), scriptPubKey.size() ? &scriptPubKey.front() : NULL, scriptPubKey.size(), &gen);
     rangeproof.resize(nRangeProofLen);
     return (res == 1);
 }

diff --git a/src/blind.h b/src/blind.h
@@ -15,8 +15,8 @@
 #include <secp256k1_surjectionproof.h>
 
 //! ELEMENTS:
-// 36-bit rangeproof size
-static const size_t DEFAULT_RANGEPROOF_SIZE = 2893;
+// 52-bit rangeproof size
+static const size_t DEFAULT_RANGEPROOF_SIZE = 4174;
 // 32 bytes of asset type, 32 bytes of asset blinding factor in sidechannel
 static const size_t SIDECHANNEL_MSG_SIZE = 64;
 

diff --git a/src/init.cpp b/src/init.cpp
@@ -596,7 +596,7 @@ void SetupServerArgs()
     gArgs.AddArg("-feeasset=<hex>", strprintf("Asset ID (hex) for mempool/relay fees (default: %s)", defaultChainParams->GetConsensus().pegged_asset.GetHex()), false, OptionsCategory::CHAINPARAMS);
     gArgs.AddArg("-subsidyasset=<hex>", strprintf("Asset ID (hex) for the block subsidy (default: %s)", defaultChainParams->GetConsensus().pegged_asset.GetHex()), false, OptionsCategory::CHAINPARAMS);
     gArgs.AddArg("-initialreissuancetokens=<n>", "The amount of reissuance tokens created in the genesis block. (default: 0)", false, OptionsCategory::CHAINPARAMS);
-    gArgs.AddArg("-ct_bits", strprintf("The default number of hiding bits in a rangeproof. Will be exceeded to cover amounts exceeding the maximum hiding value. (default: %d)", 36), false, OptionsCategory::CHAINPARAMS);
+    gArgs.AddArg("-ct_bits", strprintf("The default number of hiding bits in a rangeproof. Will be exceeded to cover amounts exceeding the maximum hiding value. (default: %d)", 52), false, OptionsCategory::CHAINPARAMS);
     gArgs.AddArg("-ct_exponent", strprintf("The hiding exponent. (default: %s)", 0), false, OptionsCategory::CHAINPARAMS);
 
     // Add the hidden options

diff --git a/src/test/blind_tests.cpp b/src/test/blind_tests.cpp
@@ -265,17 +265,17 @@ BOOST_AUTO_TEST_CASE(naive_blinding_test)
 
         // Check wallet borromean-based rangeproof results against expected args
         size_t proof_size = DEFAULT_RANGEPROOF_SIZE;
-        BOOST_CHECK(tx4.witness.vtxoutwit[2].vchRangeproof.size() == proof_size);
+        BOOST_CHECK_EQUAL(tx4.witness.vtxoutwit[2].vchRangeproof.size(), proof_size);
         secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY);
         int exp = 0;
         int mantissa = 0;
         uint64_t min_value = 0;
         uint64_t max_value = 0;
         BOOST_CHECK(secp256k1_rangeproof_info(ctx, &exp, &mantissa, &min_value, &max_value, tx4.witness.vtxoutwit[2].vchRangeproof.data(), proof_size) == 1);
-        BOOST_CHECK(exp == 0);
-        BOOST_CHECK(mantissa == 36); // 36 bit default
-        BOOST_CHECK(min_value == 1);
-        BOOST_CHECK(max_value == 68719476736);
+        BOOST_CHECK_EQUAL(exp, 0);
+        BOOST_CHECK_EQUAL(mantissa, 52); // 52 bit default
+        BOOST_CHECK_EQUAL(min_value, 1);
+        BOOST_CHECK_EQUAL(max_value, 4503599627370496);
     }
     {
         inputs.clear();

diff --git a/test/functional/feature_confidential_transactions.py b/test/functional/feature_confidential_transactions.py
@@ -381,7 +381,9 @@ def run_test(self):
 
         # Send some bitcoin and other assets over as well to fund wallet
         addr = self.nodes[2].getnewaddress()
-        self.nodes[0].sendtoaddress(addr, 5)
+        txid = self.nodes[0].sendtoaddress(addr, 5)
+        # Make sure we're doing 52 bits of hiding which covers 21M BTC worth
+        assert_equal(self.nodes[0].getrawtransaction(txid, 1)["vout"][0]["ct-bits"], 52)
         self.nodes[0].sendmany("", {addr: 1, self.nodes[2].getnewaddress(): 13}, 0, "", [], False, 1, "UNSET", {addr: test_asset})
 
         self.sync_all()