bool Test_InvalidCoin() { Bignum coinValue; try { // Pick a random non-prime Bignum for (uint32_t i = 0; i < NON_PRIME_TESTS; i++) { coinValue = Bignum::randBignum(g_Params->coinCommitmentGroup.modulus); coinValue = coinValue * 2; if (!coinValue.isPrime()) break; } PublicCoin pubCoin(g_Params); if (pubCoin.validate()) { // A blank coin should not be valid! return false; } PublicCoin pubCoin2(g_Params, coinValue, ZQ_LOVELACE); if (pubCoin2.validate()) { // A non-prime coin should not be valid! return false; } PublicCoin pubCoin3 = pubCoin2; if (pubCoin2.validate()) { // A copy of a non-prime coin should not be valid! return false; } // Serialize and deserialize the coin CDataStream ss(SER_NETWORK, PROTOCOL_VERSION); ss << pubCoin; PublicCoin pubCoin4(g_Params, ss); if (pubCoin4.validate()) { // A deserialized copy of a non-prime coin should not be valid! return false; } } catch (runtime_error &e) { cout << "Caught exception: " << e.what() << endl; return false; } return true; }
void PrivateCoin::mintCoinFast(const CoinDenomination denomination) { // Generate a random serial number in the range 0...{q-1} where // "q" is the order of the commitment group. Bignum s = Bignum::randBignum(this->params->coinCommitmentGroup.groupOrder); // Generate a random number "r" in the range 0...{q-1} Bignum r = Bignum::randBignum(this->params->coinCommitmentGroup.groupOrder); // Manually compute a Pedersen commitment to the serial number "s" under randomness "r" // C = g^s * h^r mod p Bignum commitmentValue = this->params->coinCommitmentGroup.g.pow_mod(s, this->params->coinCommitmentGroup.modulus).mul_mod(this->params->coinCommitmentGroup.h.pow_mod(r, this->params->coinCommitmentGroup.modulus), this->params->coinCommitmentGroup.modulus); // Repeat this process up to MAX_COINMINT_ATTEMPTS times until // we obtain a prime number for (uint32_t attempt = 0; attempt < MAX_COINMINT_ATTEMPTS; attempt++) { // First verify that the commitment is a prime number // in the appropriate range. If not, we'll throw this coin // away and generate a new one. if (commitmentValue.isPrime(ZEROCOIN_MINT_PRIME_PARAM) && commitmentValue >= params->accumulatorParams.minCoinValue && commitmentValue <= params->accumulatorParams.maxCoinValue) { // Found a valid coin. Store it. this->serialNumber = s; this->randomness = r; this->publicCoin = PublicCoin(params, commitmentValue, denomination); // Success! We're done. return; } // Generate a new random "r_delta" in 0...{q-1} Bignum r_delta = Bignum::randBignum(this->params->coinCommitmentGroup.groupOrder); // The commitment was not prime. Increment "r" and recalculate "C": // r = r + r_delta mod q // C = C * h mod p r = (r + r_delta) % this->params->coinCommitmentGroup.groupOrder; commitmentValue = commitmentValue.mul_mod(this->params->coinCommitmentGroup.h.pow_mod(r_delta, this->params->coinCommitmentGroup.modulus), this->params->coinCommitmentGroup.modulus); } // We only get here if we did not find a coin within // MAX_COINMINT_ATTEMPTS. Throw an exception. throw ZerocoinException("Unable to mint a new Zerocoin (too many attempts)"); }