dlctix 0.0.4

Ticketed Discreet Log Contracts
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

use secp::{MaybePoint, MaybeScalar, Point, Scalar};
use serde::{Deserialize, Serialize};

use crate::{serialization, OutcomeIndex};

/// An oracle's announcement of a future event.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct EventAnnouncement {
    /// The signing oracle's pubkey
    pub oracle_pubkey: Point,

    /// The `R` point with which the oracle promises to attest to this event.
    pub nonce_point: Point,

    /// Naive but easy.
    #[serde(with = "serialization::vec_of_byte_vecs")]
    pub outcome_messages: Vec<Vec<u8>>,

    /// The unix timestamp beyond which the oracle is considered to have gone AWOL.
    pub expiry: u32,
}

impl EventAnnouncement {
    /// Computes the oracle's locking point for the given outcome index.
    pub fn attestation_lock_point(&self, index: OutcomeIndex) -> Option<MaybePoint> {
        let msg = &self.outcome_messages.get(index)?;

        let e: MaybeScalar = musig2::compute_challenge_hash_tweak(
            &self.nonce_point.serialize_xonly(),
            &self.oracle_pubkey,
            msg,
        );

        // S = R + eD
        Some(self.nonce_point.to_even_y() + e * self.oracle_pubkey.to_even_y())
    }

    /// Computes the oracle's attestation secret scalar - the discrete log of the
    /// locking point - for the given outcome index.
    pub fn attestation_secret(
        &self,
        index: usize,
        oracle_seckey: impl Into<Scalar>,
        nonce: impl Into<Scalar>,
    ) -> Option<MaybeScalar> {
        let oracle_seckey = oracle_seckey.into();
        let nonce = nonce.into();

        if oracle_seckey.base_point_mul() != self.oracle_pubkey
            || nonce.base_point_mul() != self.nonce_point
        {
            return None;
        }

        let d = oracle_seckey.negate_if(self.oracle_pubkey.parity());
        let k = nonce.negate_if(self.nonce_point.parity());

        let msg = &self.outcome_messages.get(index)?;
        let e: MaybeScalar = musig2::compute_challenge_hash_tweak(
            &self.nonce_point.serialize_xonly(),
            &self.oracle_pubkey,
            msg,
        );
        Some(k + e * d)
    }
}