A fix on the non_interactive_output build function, forgot set the true last key path parameter.
fix the rewind_outputlocker and create_output_locker, the original "rewinding" mechanism doesn't work for the new design of OutputLocker which use SecuredPath.
To get the ephemeral key q = Hash(value || p*R), we need the private key p which need use the key_id_last_path in the PathMessage to derive from the wallet active account; but to get the PathMessage, we have to rewind the SecuredPath which need Hash(q) for the rewinding. This becomes a problem loop!
At this moment, I don't have a perfect design for this rewinding. Let's just use two nonces for that:
First nonce is Hash(R) for rewinding the key_id_last_path.
Second nonce is Hash(q) for rewinding the w.
(to be refactored in the future)
Recall the structure of PathMessage:
pub struct PathMessage {
/// The random 'w' of Pedersen commitment `r*G + w*H`
pub w: i64,
/// The last path index of the key identifier
pub key_id_last_path: u32,
}
A fix on the
non_interactive_output
build function, forgot set the true last key path parameter.fix the
rewind_outputlocker
andcreate_output_locker
, the original "rewinding" mechanism doesn't work for the new design ofOutputLocker
which useSecuredPath
.To get the ephemeral key
q = Hash(value || p*R)
, we need the private keyp
which need use thekey_id_last_path
in thePathMessage
to derive from the wallet active account; but to get thePathMessage
, we have to rewind theSecuredPath
which needHash(q)
for the rewinding. This becomes a problem loop!At this moment, I don't have a perfect design for this rewinding. Let's just use two nonces for that:
Hash(R)
for rewinding thekey_id_last_path
.Hash(q)
for rewinding thew
.(to be refactored in the future)
Recall the structure of
PathMessage
: