|
|
|
@ -905,7 +905,7 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
|
|
|
|
|
rct::key m_y0 = rct::zero(), y1 = rct::zero();
|
|
|
|
|
int proof_data_index = 0;
|
|
|
|
|
rct::keyV w_cache;
|
|
|
|
|
rct::keyV proof8_V, proof8_L, proof8_R;
|
|
|
|
|
std::vector<ge_p3> proof8_V, proof8_L, proof8_R;
|
|
|
|
|
for (const Bulletproof *p: proofs)
|
|
|
|
|
{
|
|
|
|
|
const Bulletproof &proof = *p;
|
|
|
|
@ -918,13 +918,17 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
|
|
|
|
|
const rct::key weight_z = rct::skGen();
|
|
|
|
|
|
|
|
|
|
// pre-multiply some points by 8
|
|
|
|
|
proof8_V.resize(proof.V.size()); for (size_t i = 0; i < proof.V.size(); ++i) proof8_V[i] = rct::scalarmult8(proof.V[i]);
|
|
|
|
|
proof8_L.resize(proof.L.size()); for (size_t i = 0; i < proof.L.size(); ++i) proof8_L[i] = rct::scalarmult8(proof.L[i]);
|
|
|
|
|
proof8_R.resize(proof.R.size()); for (size_t i = 0; i < proof.R.size(); ++i) proof8_R[i] = rct::scalarmult8(proof.R[i]);
|
|
|
|
|
rct::key proof8_T1 = rct::scalarmult8(proof.T1);
|
|
|
|
|
rct::key proof8_T2 = rct::scalarmult8(proof.T2);
|
|
|
|
|
rct::key proof8_S = rct::scalarmult8(proof.S);
|
|
|
|
|
rct::key proof8_A = rct::scalarmult8(proof.A);
|
|
|
|
|
proof8_V.resize(proof.V.size()); for (size_t i = 0; i < proof.V.size(); ++i) rct::scalarmult8(proof8_V[i], proof.V[i]);
|
|
|
|
|
proof8_L.resize(proof.L.size()); for (size_t i = 0; i < proof.L.size(); ++i) rct::scalarmult8(proof8_L[i], proof.L[i]);
|
|
|
|
|
proof8_R.resize(proof.R.size()); for (size_t i = 0; i < proof.R.size(); ++i) rct::scalarmult8(proof8_R[i], proof.R[i]);
|
|
|
|
|
ge_p3 proof8_T1;
|
|
|
|
|
ge_p3 proof8_T2;
|
|
|
|
|
ge_p3 proof8_S;
|
|
|
|
|
ge_p3 proof8_A;
|
|
|
|
|
rct::scalarmult8(proof8_T1, proof.T1);
|
|
|
|
|
rct::scalarmult8(proof8_T2, proof.T2);
|
|
|
|
|
rct::scalarmult8(proof8_S, proof.S);
|
|
|
|
|
rct::scalarmult8(proof8_A, proof.A);
|
|
|
|
|
|
|
|
|
|
PERF_TIMER_START_BP(VERIFY_line_61);
|
|
|
|
|
sc_mulsub(m_y0.bytes, proof.taux.bytes, weight_y.bytes, m_y0.bytes);
|
|
|
|
|