Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: allow bullet proof value only rewinding off one-sided transaction (
#3587) Description --- This PR allows us to do bulletproof value-only rewinding on one-sided transactions. Motivation and Context --- Currently, it is not possible to do bulletproof rewinding on the value only on a one-sided transaction utxo due to the way the commitment blinding factor and bulletproof rewinding keys are created. Currently, the two bulletproof rewinding keys are created as: ``` let rewind_key = PrivateKey::from_bytes(&hash_secret_key(&commitment_blinding_factor))?; let blinding_key = PrivateKey::from_bytes(&hash_secret_key(&rewind_key))?; ``` This means that if you share the rewind key, which is used to do value only rewinding, that a person can calculate the blinding key which is used to do full rewinding and expose the commitment blinding factor. by changing the calculation order we prevent this and only allow full rewinding by something who needs to be able to do this. ``` let rewind_key = PrivateKey::from_bytes(&hash_secret_key(&blinding_key ))?; let blinding_key = PrivateKey::from_bytes(&hash_secret_key(&commitment_blinding_factor))?; ``` How Has This Been Tested? --- All current test pass
- Loading branch information