Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Monero: expose merkle root function #629

Draft
wants to merge 3 commits into
base: develop
Choose a base branch
from
Draft

Monero: expose merkle root function #629

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
980c5f0
Monero: expose merkel root function
Boog900 Nov 15, 2024
05cda97
review fixes
Boog900 Nov 15, 2024
e6fdef6
change `merkle_root` return to `Option`
Boog900 Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 11 additions & 3 deletions networks/monero/src/block.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,8 +121,16 @@ impl Block {
/// use the [`Block::hash`] function.
pub fn serialize_pow_hash(&self) -> Vec<u8> {
let mut blob = self.header.serialize();
blob.extend_from_slice(&merkle_root(self.miner_transaction.hash(), &self.transactions));
write_varint(&(1 + u64::try_from(self.transactions.len()).unwrap()), &mut blob).unwrap();

let mut transactions = Vec::with_capacity(self.transactions.len() + 1);
transactions.push(self.miner_transaction.hash());
transactions.extend_from_slice(&self.transactions);

blob.extend_from_slice(
&merkle_root(transactions)
.expect("the tree will not be empty, the miner tx is always present"),
);
write_varint(&(1 + self.transactions.len()), &mut blob).unwrap();
blob
}

Expand All @@ -132,7 +140,7 @@ impl Block {
// Monero pre-appends a VarInt of the block-to-hash'ss length before getting the block hash,
// but doesn't do this when getting the proof of work hash :)
let mut hashing_blob = Vec::with_capacity(9 + hashable.len());
write_varint(&u64::try_from(hashable.len()).unwrap(), &mut hashing_blob).unwrap();
write_varint(&hashable.len(), &mut hashing_blob).unwrap();
hashing_blob.append(&mut hashable);

let hash = keccak256(hashing_blob);
Expand Down
3 changes: 2 additions & 1 deletion networks/monero/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@ pub use monero_io as io;
pub use monero_generators as generators;
pub use monero_primitives as primitives;

mod merkle;
/// Merkle tree functionality.
pub mod merkle;

/// Ring Signature structs and functionality.
pub mod ring_signatures;
Expand Down
40 changes: 21 additions & 19 deletions networks/monero/src/merkle.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,26 +2,28 @@ use std_shims::vec::Vec;

use crate::primitives::keccak256;

pub(crate) fn merkle_root(root: [u8; 32], leafs: &[[u8; 32]]) -> [u8; 32] {
/// Calculates the Merkle root of the given tree. Equivalent to `tree_hash` in monero-core:
/// https://github.com/monero-project/monero/blob/893916ad091a92e765ce3241b94e706ad012b62a
/// /src/crypto/tree-hash.c#L62
///
/// This function returns [`None`] if the tree is empty.
pub fn merkle_root(mut leafs: Vec<[u8; 32]>) -> Option<[u8; 32]> {
match leafs.len() {
0 => root,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We used to handle no leaves being passed. Now no hashes falls through to the n-leaves case. Is that correct?

I doubt it as our n-leaf code pads to the nearest power of 2 which is assumed to be 4 as we assumed exceptional handling for 0/1/2.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yeah it will panic, I guess the best thing to do would be to explicitly panic, tree_hash doesn't allow a 0 length input: https://github.com/monero-project/monero/blob/893916ad091a92e765ce3241b94e706ad012b62a/src/crypto/tree-hash.c#L62

Copy link
Member

@kayabaNerve kayabaNerve Nov 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would've been so easy for me to check if there was a link to tree_hash present :p

*There wasn't such a link prior, I don't legitimately want to hold this against you.

I'd vote we keep the existing explicit argument (potentially renamed from root to first_leaf?) making this unreachable, or return an Option. We can document the panic but I'd consider that a downgrade. Even the Option would be but it isn't such a downgrade I wouldn't agree to it if you believe avoiding these allocations so worthwhile.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll change it to return an option, I don't really like having the first leaf as a separate arg.

1 => keccak256([root, leafs[0]].concat()),
0 => None,
1 => Some(leafs[0]),
2 => Some(keccak256([leafs[0], leafs[1]].concat())),
_ => {
let mut hashes = Vec::with_capacity(1 + leafs.len());
hashes.push(root);
hashes.extend(leafs);

// Monero preprocess this so the length is a power of 2
let mut high_pow_2 = 4; // 4 is the lowest value this can be
while high_pow_2 < hashes.len() {
while high_pow_2 < leafs.len() {
high_pow_2 *= 2;
}
let low_pow_2 = high_pow_2 / 2;

// Merge right-most hashes until we're at the low_pow_2
{
let overage = hashes.len() - low_pow_2;
let mut rightmost = hashes.drain((low_pow_2 - overage) ..);
let overage = leafs.len() - low_pow_2;
let mut rightmost = leafs.drain((low_pow_2 - overage) ..);
// This is true since we took overage from beneath and above low_pow_2, taking twice as
// many elements as overage
debug_assert_eq!(rightmost.len() % 2, 0);
Expand All @@ -33,23 +35,23 @@ pub(crate) fn merkle_root(root: [u8; 32], leafs: &[[u8; 32]]) -> [u8; 32] {
}
drop(rightmost);

hashes.extend(paired_hashes);
assert_eq!(hashes.len(), low_pow_2);
leafs.extend(paired_hashes);
assert_eq!(leafs.len(), low_pow_2);
}

// Do a traditional pairing off
let mut new_hashes = Vec::with_capacity(hashes.len() / 2);
while hashes.len() > 1 {
let mut new_hashes = Vec::with_capacity(leafs.len() / 2);
while leafs.len() > 1 {
let mut i = 0;
while i < hashes.len() {
new_hashes.push(keccak256([hashes[i], hashes[i + 1]].concat()));
while i < leafs.len() {
new_hashes.push(keccak256([leafs[i], leafs[i + 1]].concat()));
i += 2;
}

hashes = new_hashes;
new_hashes = Vec::with_capacity(hashes.len() / 2);
leafs = new_hashes;
new_hashes = Vec::with_capacity(leafs.len() / 2);
}
hashes[0]
Some(leafs[0])
}
}
}
Loading