Skip to content

Commit 81d22c9

Browse files
apoelstraapoelstra
committed
bulletproofs: add n_commits to the hash of all rangeproof input data
1 parent 6922c91 commit 81d22c9

File tree

1 file changed

+14
-0
lines changed

1 file changed

+14
-0
lines changed

src/modules/bulletproofs/rangeproof_impl.h

+14
Original file line numberDiff line numberDiff line change
@@ -208,8 +208,14 @@ static int secp256k1_bulletproof_rangeproof_verify_impl(const secp256k1_ecmult_c
208208

209209
/* Commit to all input data: min value, pedersen commit, asset generator, extra_commit */
210210
if (min_value != NULL && min_value[i] != NULL) {
211+
unsigned char len[4];
211212
secp256k1_sha256_initialize(&sha256);
212213
secp256k1_sha256_write(&sha256, commit, 32);
214+
len[0] = n_commits;
215+
len[1] = n_commits >> 8;
216+
len[2] = n_commits >> 16;
217+
len[3] = n_commits >> 24;
218+
secp256k1_sha256_write(&sha256, len, 4);
213219
for (j = 0; j < n_commits; j++) {
214220
unsigned char vbuf[8];
215221
vbuf[0] = min_value[i][j];
@@ -462,8 +468,14 @@ static int secp256k1_bulletproof_rangeproof_prove_impl(const secp256k1_ecmult_co
462468

463469
/* Commit to all input data: min value, pedersen commit, asset generator, extra_commit */
464470
if (min_value != NULL) {
471+
unsigned char len[4];
465472
secp256k1_sha256_initialize(&sha256);
466473
secp256k1_sha256_write(&sha256, commit, 32);
474+
len[0] = n_commits;
475+
len[1] = n_commits >> 8;
476+
len[2] = n_commits >> 16;
477+
len[3] = n_commits >> 24;
478+
secp256k1_sha256_write(&sha256, len, 4);
467479
for (i = 0; i < n_commits; i++) {
468480
unsigned char vbuf[8];
469481
vbuf[0] = min_value[i];
@@ -684,6 +696,7 @@ static int secp256k1_bulletproof_rangeproof_rewind_impl(uint64_t *value, secp256
684696

685697
if (min_value > 0) {
686698
unsigned char vbuf[8];
699+
const unsigned char len[4] = { 1, 0, 0, 0 };
687700
vbuf[0] = min_value;
688701
vbuf[1] = min_value >> 8;
689702
vbuf[2] = min_value >> 16;
@@ -694,6 +707,7 @@ static int secp256k1_bulletproof_rangeproof_rewind_impl(uint64_t *value, secp256
694707
vbuf[7] = min_value >> 56;
695708
secp256k1_sha256_initialize(&sha256);
696709
secp256k1_sha256_write(&sha256, commit, 32);
710+
secp256k1_sha256_write(&sha256, len, 4);
697711
secp256k1_sha256_write(&sha256, vbuf, 8);
698712
secp256k1_sha256_finalize(&sha256, commit);
699713
}

0 commit comments

Comments
 (0)