Skip to content

[WIP] carrot_core #9559

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jeffro256 wants to merge 21 commits into
base: master
Choose a base branch
from
Open

[WIP] carrot_core #9559

jeffro256 wants to merge 21 commits into from
+10,024 −55

Conversation

@jeffro256
Copy link
Contributor

@jeffro256 jeffro256 commented Nov 8, 2024
edited
Loading

This PR is to implement all Carrot cryptography, as well as enote creation logic and enote scanning logic. This PR should exclude very Monero-specific integration details. The carrot_core library is largely meant to be a stand-alone library, and thus only includes headers from src/crypto and src/ringct.

https://github.com/jeffro256/carrot/blob/master/carrot.md

  • Non-legacy carrot enote creation
  • Non-legacy carrot enote scanning
  • Tests for new enotes addressed to legacy cryptonote accounts/addresses
  • Transaction output set finalization logic
  • Efficient implementation for X25519 unclamped scalar multiplication
  • Hardware device interface
  • Switch commitments (walmart version)
  • Internal self-send messages
  • Fix Debian 10 build
  • Unbind the special janus anchor derivation from the account spend pubkey to make hybrid accounts easier
  • Rewrite ARM mx25519 implementation to support unclamped scalar multiplications
  • Deterministic FCMP++ output rerandomizations to support some refund address schemes
  • Low-dependency payment proposal to enote finalization C interface for hardware wallets
  • Payment proofs to internal enotes which A) allow for burning bug validation and B) don't reveal $s_{vb}$

Depends on #9826, #9827, #9828 , #10108, #10111, #10133

@jeffro256
Copy link
Contributor Author

jeffro256 commented Jan 9, 2025

I'm pretty sure the Debian build error is caused by this GCC bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83258

@jeffro256 jeffro256 mentioned this pull request Jan 13, 2025
Draft
15 tasks
@jeffro256 jeffro256 force-pushed the carrot_core branch 2 times, most recently from 581ba2c to ba00cd2 Compare January 29, 2025 04:59
@tobtoht tobtoht added this to the FCMP++ HF milestone Feb 27, 2025
@jeffro256 jeffro256 mentioned this pull request Apr 29, 2025
Closed
@jeffro256 jeffro256 mentioned this pull request Sep 15, 2025
Open
j-berman and others added 19 commits September 25, 2025 19:30
@j-berman
crypto: break out fe_frombytes_vartime function
864430c
@j-berman @jeffro256
crypto: fast fe_batch_invert using Montgomery's trick
4e9adb7 
https://iacr.org/archive/pkc2004/29470042/29470042.pdf 2.2

Co-authored-by: Jeffro <[email protected]>
@j-berman
@vtnerd comments, use vector instead of pointer
d844269
@j-berman
@jeffro256 warning in test about fe repr's
7bdbcc4
@j-berman
Revert "@vtnerd comments, use vector instead of pointer"
f9d7b1e 
This reverts commit d844269.
@j-berman
@vtnerd suggestion to throw bad_alloc
b31e8cb
@j-berman
@jeffro256 suggestion constexpr
be8e06c
@j-berman
@vtnerd suggestion replace raw pointer with unique ptr fe[]
6740b16
@j-berman
@vtnerd suggestion in perf test
98d72f1
@jeffro256
crypto: add FCMP++ generators T, U, & V
42734cc 
Source in FCMP++ repo: https://github.com/monero-oxide/monero-oxide/blob/c1ed999f2c5f0064356cefb3b9116baa970f4165/monero-oxide/generators/src/lib.rs#L55-L65
@j-berman @jeffro256
crypto: derive key image generator
b434a35 
Helper function to derive I (the key image generator) used in the
FCMP++ composition. The key image generator enters the FCMP++ tree
as part of an output tuple {output pubkey, key image generator,
commitment}.

Note: key images are x*I, where x is the one-time priv key used
to spend an output.
@jeffro256
crypto: add Ed25519->X25519 conversion functions
1758762
@jeffro256
external: add mx25519 (unclamped)
1e6352d
@j-berman @jeffro256
RingCT crypto: 6x faster zero commit
be7e031
@j-berman @jeffro256
@vtnerd comments + some small cleanups
587ca3c
@j-berman @jeffro256
Fix spacing
64e0f5e
@j-berman @jeffro256
Fix usage of unsigned long when expect uint64_t (xmr_amount) always
5306eb8 
32-bit machines / windows use a different width for unsigned long
@j-berman @jeffro256
@jeffro256 suggestion to rm ge_p3 vec from static h table gen
8b8d786
@jeffro256
crypto: add function sc_1()
604bf92
@jeffro256 jeffro256 marked this pull request as ready for review December 5, 2025 06:39
@jeffro256
Copy link
Contributor Author

jeffro256 commented Dec 16, 2025

Today, I force-pushed two changes:

  • Remove src/carrot_core/lazy_amount_commitment.*
  • Add output size static assert line in src/carrot_core/hash_functions.cpp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

in progress

Projects

None yet

Milestone

fcmp++ hf

Development

Successfully merging this pull request may close these issues.

4 participants

@jeffro256 @tobtoht @0xFFFC0000 @j-berman