rippled/include_2xrpl_2protocol_2ConfidentialTransfer_8h_source.html

#pragma once


#include <xrpl/basics/Slice.h>

#include <xrpl/basics/base_uint.h>

#include <xrpl/protocol/Indexes.h>

#include <xrpl/protocol/MPTIssue.h>

#include <xrpl/protocol/Protocol.h>

#include <xrpl/protocol/Rate.h>

#include <xrpl/protocol/STLedgerEntry.h>

#include <xrpl/protocol/STObject.h>

#include <xrpl/protocol/Serializer.h>

#include <xrpl/protocol/TER.h>

#include <xrpl/protocol/TxFormats.h>

#include <xrpl/protocol/detail/secp256k1.h>


#include <secp256k1_mpt.h>


#include <cstdint>

#include <limits>


namespace xrpl {


struct ConfidentialRecipient

{

    Slice publicKey;


    Slice encryptedAmount;

};


struct EcPair

{

    secp256k1_pubkey c1;


    secp256k1_pubkey c2;

};


inline void


incrementConfidentialVersion(STObject& mptoken)

{

    // Retrieve current version and increment, wrapping back to 0 at UINT32_MAX.

    // The wrap is computed explicitly rather than relying on unsigned overflow

    // of `+ 1u`, as it trips the unsigned-integer-overflow sanitizer in the UBSan CI build.

    auto const current = mptoken[~sfConfidentialBalanceVersion].valueOr(0u);

    mptoken[sfConfidentialBalanceVersion] =

        current == std::numeric_limits<std::uint32_t>::max() ? 0u : current + 1u;

}


uint256

getSendContextHash(

    AccountID const& account,

    uint192 const& issuanceID,

    std::uint32_t sequence,

    AccountID const& destination,

    std::uint32_t version);


uint256

getClawbackContextHash(

    AccountID const& account,

    uint192 const& issuanceID,

    std::uint32_t sequence,

    AccountID const& holder);


uint256

getConvertContextHash(AccountID const& account, uint192 const& issuanceID, std::uint32_t sequence);


uint256

getConvertBackContextHash(

    AccountID const& account,

    uint192 const& issuanceID,

    std::uint32_t sequence,

    std::uint32_t version);


std::optional<EcPair>

makeEcPair(Slice const& buffer);


std::optional<Buffer>

serializeEcPair(EcPair const& pair);


bool

isValidCiphertext(Slice const& buffer);


bool

isValidCompressedECPoint(Slice const& buffer);


std::optional<Buffer>

homomorphicAdd(Slice const& a, Slice const& b);


std::optional<Buffer>

homomorphicSubtract(Slice const& a, Slice const& b);


std::optional<Buffer>

rerandomizeCiphertext(Slice const& ciphertext, Slice const& pubKeySlice, Slice const& randomness);


std::optional<Buffer>

encryptAmount(uint64_t const amt, Slice const& pubKeySlice, Slice const& blindingFactor);


std::optional<Buffer>

encryptCanonicalZeroAmount(Slice const& pubKeySlice, AccountID const& account, MPTID const& mptId);


TER

verifySchnorrProof(Slice const& pubKeySlice, Slice const& proofSlice, uint256 const& contextHash);


NotTEC

checkEncryptedAmountFormat(STObject const& object);


TER

verifyRevealedAmount(

    uint64_t const amount,

    Slice const& blindingFactor,

    ConfidentialRecipient const& holder,

    ConfidentialRecipient const& issuer,

    std::optional<ConfidentialRecipient> const& auditor);


constexpr uint8_t


getConfidentialRecipientCount(bool hasAuditor)

{

    return hasAuditor ? 4 : 3;

}


TER

verifyClawbackProof(

    uint64_t const amount,

    Slice const& proof,

    Slice const& pubKeySlice,

    Slice const& ciphertext,

    uint256 const& contextHash);


Buffer

generateBlindingFactor();


TER

verifySendProof(

    Slice const& proof,

    ConfidentialRecipient const& sender,

    ConfidentialRecipient const& destination,

    ConfidentialRecipient const& issuer,

    std::optional<ConfidentialRecipient> const& auditor,

    Slice const& spendingBalance,

    Slice const& amountCommitment,

    Slice const& balanceCommitment,

    uint256 const& contextHash);


TER

verifyConvertBackProof(

    Slice const& proof,

    Slice const& pubKeySlice,

    Slice const& spendingBalance,

    Slice const& balanceCommitment,

    uint64_t amount,

    uint256 const& contextHash);


}  // namespace xrpl

xrpl::STObject
Definition STObject.h:37

xrpl::Slice
An immutable linear range of bytes.
Definition Slice.h:26

cstdint

std::uint32_t

limits

std::numeric_limits::max
T max(T... args)

xrpl
Use hash_* containers for keys that do not need a cryptographically secure hashing algorithm.
Definition algorithm.h:5

xrpl::uint192
BaseUInt< 192 > uint192
Definition base_uint.h:563

xrpl::checkEncryptedAmountFormat
NotTEC checkEncryptedAmountFormat(STObject const &object)
Validates the format of encrypted amount fields in a transaction.
Definition ConfidentialTransfer.cpp:331

xrpl::rerandomizeCiphertext
std::optional< Buffer > rerandomizeCiphertext(Slice const &ciphertext, Slice const &pubKeySlice, Slice const &randomness)
Re-randomizes an ElGamal ciphertext without changing its plaintext.
Definition ConfidentialTransfer.cpp:230

xrpl::verifySchnorrProof
TER verifySchnorrProof(Slice const &pubKeySlice, Slice const &proofSlice, uint256 const &contextHash)
Verifies a Schnorr proof of knowledge of an ElGamal private key.
Definition ConfidentialTransfer.cpp:365

xrpl::encryptCanonicalZeroAmount
std::optional< Buffer > encryptCanonicalZeroAmount(Slice const &pubKeySlice, AccountID const &account, MPTID const &mptId)
Generates the canonical zero encryption for a specific MPToken.
Definition ConfidentialTransfer.cpp:265

xrpl::encryptAmount
std::optional< Buffer > encryptAmount(uint64_t const amt, Slice const &pubKeySlice, Slice const &blindingFactor)
Encrypts an amount using ElGamal encryption.
Definition ConfidentialTransfer.cpp:252

xrpl::isValidCompressedECPoint
bool isValidCompressedECPoint(Slice const &buffer)
Verifies that a buffer contains a valid, parsable compressed EC point.
Definition ConfidentialTransfer.cpp:170

xrpl::getConfidentialRecipientCount
constexpr uint8_t getConfidentialRecipientCount(bool hasAuditor)
Returns the number of recipients in a confidential transfer.
Definition include/xrpl/protocol/ConfidentialTransfer.h:331

xrpl::makeEcPair
std::optional< EcPair > makeEcPair(Slice const &buffer)
Parses an ElGamal ciphertext into two secp256k1 public key components.
Definition ConfidentialTransfer.cpp:123

xrpl::serializeEcPair
std::optional< Buffer > serializeEcPair(EcPair const &pair)
Serializes an EcPair into compressed form.
Definition ConfidentialTransfer.cpp:143

xrpl::verifyRevealedAmount
TER verifyRevealedAmount(uint64_t const amount, Slice const &blindingFactor, ConfidentialRecipient const &holder, ConfidentialRecipient const &issuer, std::optional< ConfidentialRecipient > const &auditor)
Verifies revealed amount encryptions for all recipients.
Definition ConfidentialTransfer.cpp:290

xrpl::getConvertBackContextHash
uint256 getConvertBackContextHash(AccountID const &account, uint192 const &issuanceID, std::uint32_t sequence, std::uint32_t version)
Generates the context hash for ConfidentialMPTConvertBack transactions.
Definition ConfidentialTransfer.cpp:110

xrpl::isValidCiphertext
bool isValidCiphertext(Slice const &buffer)
Verifies that a buffer contains two valid, parsable EC public keys.
Definition ConfidentialTransfer.cpp:164

xrpl::NotTEC
TERSubset< CanCvtToNotTEC > NotTEC
Definition TER.h:594

xrpl::homomorphicSubtract
std::optional< Buffer > homomorphicSubtract(Slice const &a, Slice const &b)
Homomorphically subtracts two ElGamal ciphertexts.
Definition ConfidentialTransfer.cpp:207

xrpl::MPTID
BaseUInt< 192 > MPTID
MPTID is a 192-bit value representing MPT Issuance ID, which is a concatenation of a 32-bit sequence ...
Definition UintTypes.h:44

xrpl::getConvertContextHash
uint256 getConvertContextHash(AccountID const &account, uint192 const &issuanceID, std::uint32_t sequence)
Generates the context hash for ConfidentialMPTConvert transactions.
Definition ConfidentialTransfer.cpp:101

xrpl::getClawbackContextHash
uint256 getClawbackContextHash(AccountID const &account, uint192 const &issuanceID, std::uint32_t sequence, AccountID const &holder)
Generates the context hash for ConfidentialMPTClawback transactions.
Definition ConfidentialTransfer.cpp:84

xrpl::generateBlindingFactor
Buffer generateBlindingFactor()
Generates a cryptographically secure blinding factor (size=xrpl::kEcBlindingFactorLength).
Definition ConfidentialTransfer.cpp:240

xrpl::AccountID
BaseUInt< 160, detail::AccountIDTag > AccountID
A 160-bit unsigned that uniquely identifies an account.
Definition AccountID.h:28

xrpl::verifyConvertBackProof
TER verifyConvertBackProof(Slice const &proof, Slice const &pubKeySlice, Slice const &spendingBalance, Slice const &balanceCommitment, uint64_t amount, uint256 const &contextHash)
Verifies all zero-knowledge proofs for a ConfidentialMPTConvertBack transaction.
Definition ConfidentialTransfer.cpp:458

xrpl::getSendContextHash
uint256 getSendContextHash(AccountID const &account, uint192 const &issuanceID, std::uint32_t sequence, AccountID const &destination, std::uint32_t version)
Generates the context hash for ConfidentialMPTSend transactions.
Definition ConfidentialTransfer.cpp:65

xrpl::TER
TERSubset< CanCvtToTER > TER
Definition TER.h:634

xrpl::incrementConfidentialVersion
void incrementConfidentialVersion(STObject &mptoken)
Increments the confidential balance version counter on an MPToken.
Definition include/xrpl/protocol/ConfidentialTransfer.h:65

xrpl::uint256
BaseUInt< 256 > uint256
Definition base_uint.h:562

xrpl::homomorphicAdd
std::optional< Buffer > homomorphicAdd(Slice const &a, Slice const &b)
Homomorphically adds two ElGamal ciphertexts.
Definition ConfidentialTransfer.cpp:184

xrpl::verifySendProof
TER verifySendProof(Slice const &proof, ConfidentialRecipient const &sender, ConfidentialRecipient const &destination, ConfidentialRecipient const &issuer, std::optional< ConfidentialRecipient > const &auditor, Slice const &spendingBalance, Slice const &amountCommitment, Slice const &balanceCommitment, uint256 const &contextHash)
Verifies all zero-knowledge proofs for a ConfidentialMPTSend transaction.
Definition ConfidentialTransfer.cpp:400

xrpl::verifyClawbackProof
TER verifyClawbackProof(uint64_t const amount, Slice const &proof, Slice const &pubKeySlice, Slice const &ciphertext, uint256 const &contextHash)
Verifies a compact sigma clawback proof.
Definition ConfidentialTransfer.cpp:377

std::optional

xrpl::ConfidentialRecipient
Bundles an ElGamal public key with its associated encrypted amount.
Definition include/xrpl/protocol/ConfidentialTransfer.h:31

xrpl::ConfidentialRecipient::encryptedAmount
Slice encryptedAmount
The encrypted amount ciphertext (size=xrpl::kEcGamalEncryptedTotalLength).
Definition include/xrpl/protocol/ConfidentialTransfer.h:39

xrpl::ConfidentialRecipient::publicKey
Slice publicKey
The recipient's ElGamal public key (size=xrpl::kEcPubKeyLength).
Definition include/xrpl/protocol/ConfidentialTransfer.h:33

xrpl::EcPair
Holds two secp256k1 public key components representing an ElGamal ciphertext (C1, C2).
Definition include/xrpl/protocol/ConfidentialTransfer.h:47

xrpl::EcPair::c2
secp256k1_pubkey c2
Second ElGamal ciphertext component.
Definition include/xrpl/protocol/ConfidentialTransfer.h:52

xrpl::EcPair::c1
secp256k1_pubkey c1
First ElGamal ciphertext component.
Definition include/xrpl/protocol/ConfidentialTransfer.h:49