4 * @brief CoinSpend class for the Zerocoin library.
6 * @author Ian Miers, Christina Garman and Matthew Green
9 * @copyright Copyright 2013 Ian Miers, Christina Garman and Matthew Green
10 * @license This project is released under the MIT license.
18 #include "Commitment.h"
19 #include "../bignum.h"
20 #include "Accumulator.h"
21 #include "AccumulatorProofOfKnowledge.h"
22 #include "SerialNumberSignatureOfKnowledge.h"
23 #include "SpendMetaData.h"
24 #include "../serialize.h"
26 namespace libzerocoin {
28 /** The complete proof needed to spend a zerocoin.
29 * Composes together a proof that a coin is accumulated
30 * and that it has a given serial number.
34 template<typename Stream>
35 CoinSpend(const Params* p, Stream& strm):denomination(ZQ_PEDERSEN),
36 accumulatorPoK(&p->accumulatorParams),
38 commitmentPoK(&p->serialNumberSoKCommitmentGroup, &p->accumulatorParams.accumulatorPoKCommitmentGroup) {
41 /**Generates a proof spending a zerocoin.
43 * To use this, provide an unspent PrivateCoin, the latest Accumulator
44 * (e.g from the most recent Bitcoin block) containing the public part
45 * of the coin, a witness to that, and whatever medeta data is needed.
47 * Once constructed, this proof can be serialized and sent.
48 * It is validated simply be calling validate.
49 * @warning Validation only checks that the proof is correct
50 * @warning for the specified values in this class. These values must be validated
51 * Clients ought to check that
52 * 1) params is the right params
53 * 2) the accumulator actually is in some block
54 * 3) that the serial number is unspent
55 * 4) that the transaction
57 * @param p cryptographic parameters
58 * @param coin The coin to be spend
59 * @param a The current accumulator containing the coin
60 * @param witness The witness showing that the accumulator contains the coin
61 * @param m arbitrary meta data related to the spend that might be needed by Bitcoin
62 * (i.e. the transaction hash)
63 * @throw ZerocoinException if the process fails
65 CoinSpend(const Params* p, const PrivateCoin& coin, Accumulator& a, const AccumulatorWitness& witness, const SpendMetaData& m);
67 /** Returns the serial number of the coin spend by this proof.
69 * @return the coin's serial number
71 const Bignum& getCoinSerialNumber();
73 /**Gets the denomination of the coin spent in this proof.
75 * @return the denomination
77 const CoinDenomination getDenomination();
79 bool Verify(const Accumulator& a, const SpendMetaData &metaData) const;
83 READWRITE(denomination);
84 READWRITE(accCommitmentToCoinValue);
85 READWRITE(serialCommitmentToCoinValue);
86 READWRITE(coinSerialNumber);
87 READWRITE(accumulatorPoK);
88 READWRITE(serialNumberSoK);
89 READWRITE(commitmentPoK);
94 const uint256 signatureHash(const SpendMetaData &m) const;
95 // Denomination is stored as an INT because storing
96 // and enum raises amigiuities in the serialize code //FIXME if possible
98 Bignum accCommitmentToCoinValue;
99 Bignum serialCommitmentToCoinValue;
100 Bignum coinSerialNumber;
101 AccumulatorProofOfKnowledge accumulatorPoK;
102 SerialNumberSignatureOfKnowledge serialNumberSoK;
103 CommitmentProofOfKnowledge commitmentPoK;
106 } /* namespace libzerocoin */
107 #endif /* COINSPEND_H_ */