Commit Graph

112 Commits

Author SHA1 Message Date
moneromooo-monero
31a97e761e
wallet: use raw encrypted data in multisig import/export RPC 2017-12-17 16:12:41 +00:00
moneromooo-monero
2fa707d1a5
wallet: add multisig sign/submit RPC 2017-12-17 16:12:35 +00:00
moneromooo-monero
265290388b
wallet: guard against partly initialized multisig wallet 2017-12-17 16:12:18 +00:00
moneromooo-monero
f4eda44ce3
N-1/N multisig 2017-12-17 16:12:12 +00:00
moneromooo-monero
cd64c7990c
multisig address generation RPC 2017-12-17 16:12:09 +00:00
moneromooo-monero
4c313324b1
Add N/N multisig tx generation and signing
Scheme by luigi1111:

    Multisig for RingCT on Monero

    2 of 2

    User A (coordinator):
    Spendkey b,B
    Viewkey a,A (shared)

    User B:
    Spendkey c,C
    Viewkey a,A (shared)

    Public Address: C+B, A

    Both have their own watch only wallet via C+B, a

    A will coordinate spending process (though B could easily as well, coordinator is more needed for more participants)

    A and B watch for incoming outputs

    B creates "half" key images for discovered output D:
    I2_D = (Hs(aR)+c) * Hp(D)

    B also creates 1.5 random keypairs (one scalar and 2 pubkeys; one on base G and one on base Hp(D)) for each output, storing the scalar(k) (linked to D),
    and sending the pubkeys with I2_D.

    A also creates "half" key images:
    I1_D = (Hs(aR)+b) * Hp(D)

    Then I_D = I1_D + I2_D

    Having I_D allows A to check spent status of course, but more importantly allows A to actually build a transaction prefix (and thus transaction).

    A builds the transaction until most of the way through MLSAG_Gen, adding the 2 pubkeys (per input) provided with I2_D
    to his own generated ones where they are needed (secret row L, R).

    At this point, A has a mostly completed transaction (but with an invalid/incomplete signature). A sends over the tx and includes r,
    which allows B (with the recipient's address) to verify the destination and amount (by reconstructing the stealth address and decoding ecdhInfo).

    B then finishes the signature by computing ss[secret_index][0] = ss[secret_index][0] + k - cc[secret_index]*c (secret indices need to be passed as well).

    B can then broadcast the tx, or send it back to A for broadcasting. Once B has completed the signing (and verified the tx to be valid), he can add the full I_D
    to his cache, allowing him to verify spent status as well.

    NOTE:
    A and B *must* present key A and B to each other with a valid signature proving they know a and b respectively.
    Otherwise, trickery like the following becomes possible:
    A creates viewkey a,A, spendkey b,B, and sends a,A,B to B.
    B creates a fake key C = zG - B. B sends C back to A.
    The combined spendkey C+B then equals zG, allowing B to spend funds at any time!
    The signature fixes this, because B does not know a c corresponding to C (and thus can't produce a signature).

    2 of 3

    User A (coordinator)
    Shared viewkey a,A
    "spendkey" j,J

    User B
    "spendkey" k,K

    User C
    "spendkey" m,M

    A collects K and M from B and C
    B collects J and M from A and C
    C collects J and K from A and B

    A computes N = nG, n = Hs(jK)
    A computes O = oG, o = Hs(jM)

    B anc C compute P = pG, p = Hs(kM) || Hs(mK)
    B and C can also compute N and O respectively if they wish to be able to coordinate

    Address: N+O+P, A

    The rest follows as above. The coordinator possesses 2 of 3 needed keys; he can get the other
    needed part of the signature/key images from either of the other two.

    Alternatively, if secure communication exists between parties:
    A gives j to B
    B gives k to C
    C gives m to A

    Address: J+K+M, A

    3 of 3

    Identical to 2 of 2, except the coordinator must collect the key images from both of the others.
    The transaction must also be passed an additional hop: A -> B -> C (or A -> C -> B), who can then broadcast it
    or send it back to A.

    N-1 of N

    Generally the same as 2 of 3, except participants need to be arranged in a ring to pass their keys around
    (using either the secure or insecure method).
    For example (ignoring viewkey so letters line up):
    [4 of 5]
    User: spendkey
    A: a
    B: b
    C: c
    D: d
    E: e

    a -> B, b -> C, c -> D, d -> E, e -> A

    Order of signing does not matter, it just must reach n-1 users. A "remaining keys" list must be passed around with
    the transaction so the signers know if they should use 1 or both keys.
    Collecting key image parts becomes a little messy, but basically every wallet sends over both of their parts with a tag for each.
    Thia way the coordinating wallet can keep track of which images have been added and which wallet they come from. Reasoning:
    1. The key images must be added only once (coordinator will get key images for key a from both A and B, he must add only one to get the proper key actual key image)
    2. The coordinator must keep track of which helper pubkeys came from which wallet (discussed in 2 of 2 section). The coordinator
    must choose only one set to use, then include his choice in the "remaining keys" list so the other wallets know which of their keys to use.

    You can generalize it further to N-2 of N or even M of N, but I'm not sure there's legitimate demand to justify the complexity. It might
    also be straightforward enough to support with minimal changes from N-1 format.
    You basically just give each user additional keys for each additional "-1" you desire. N-2 would be 3 keys per user, N-3 4 keys, etc.

The process is somewhat cumbersome:

To create a N/N multisig wallet:

 - each participant creates a normal wallet
 - each participant runs "prepare_multisig", and sends the resulting string to every other participant
 - each participant runs "make_multisig N A B C D...", with N being the threshold and A B C D... being the strings received from other participants (the threshold must currently equal N)

As txes are received, participants' wallets will need to synchronize so that those new outputs may be spent:

 - each participant runs "export_multisig FILENAME", and sends the FILENAME file to every other participant
 - each participant runs "import_multisig A B C D...", with A B C D... being the filenames received from other participants

Then, a transaction may be initiated:

 - one of the participants runs "transfer ADDRESS AMOUNT"
 - this partly signed transaction will be written to the "multisig_monero_tx" file
 - the initiator sends this file to another participant
 - that other participant runs "sign_multisig multisig_monero_tx"
 - the resulting transaction is written to the "multisig_monero_tx" file again
 - if the threshold was not reached, the file must be sent to another participant, until enough have signed
 - the last participant to sign runs "submit_multisig multisig_monero_tx" to relay the transaction to the Monero network
2017-12-17 16:11:57 +00:00
Riccardo Spagni
539f511eb1
Merge pull request #2368
b0b7e0f0 Spend proof without txkey (stoffu)
2017-11-25 19:48:56 +02:00
moneromooo-monero
9739da1e84
wallet_rpc_server: new relay_tx command
It takes a full tx+metadata hex string as input
2017-11-24 14:03:55 +00:00
moneromooo-monero
01dc829784
wallet: transfer RPC can now return tx metadata (pending_tx) 2017-11-24 14:03:52 +00:00
stoffu
b0b7e0f09a
Spend proof without txkey 2017-11-21 16:49:16 +09:00
stoffu
998777ecd7
Tx proof (revised):
- refactoring: proof generation/checking code was moved from simplewallet.cpp to wallet2.cpp
- allow an arbitrary message to be signed together with txid
- introduce two types (outbound & inbound) of tx proofs; with the same syntax, inbound is selected when <address> belongs to this wallet, outbound otherwise. see GitHub thread for more discussion
- wallet RPC: added get_tx_key, check_tx_key, get_tx_proof, check_tx_proof
- wallet API: moved WalletManagerImpl::checkPayment to Wallet::checkTxKey, added Wallet::getTxProof/checkTxProof
- get_tx_key/check_tx_key: handle additional tx keys by concatenating them into a single string
2017-11-18 20:44:27 +09:00
stoffu
b738f4b59d
wallet: add sweep_single command 2017-11-15 17:51:54 +09:00
moneromooo-monero
ccf53a566c
track double spending in the txpool
Transactions in the txpool are marked when another transaction
is seen double spending one or more of its inputs.
This is then exposed wherever appropriate.

Note that being marked with this "double spend seen" flag does
NOT mean this transaction IS a double spend and will never be
mined: it just means that the network has seen at least another
transaction spending at least one of the same inputs, so care
should be taken to wait for a few confirmations before acting
upon that transaction (ie, mostly of use for merchants wanting
to accept unconfirmed transactions).
2017-11-06 00:05:44 +00:00
rbrunner7
b370ef54b9 Wallet: Descriptions through new commands 'set_description', 'get_description' 2017-10-16 22:24:09 +02:00
kenshi84
53ad5a0f42
Subaddresses 2017-10-07 13:06:21 +09:00
Riccardo Spagni
68ccc10b29
Merge pull request #2205
c97d1bd3 wallet: return unlock_time in get_transfers (moneromooo-monero)
2017-08-15 20:44:44 +02:00
moneromooo-monero
c97d1bd3d4
wallet: return unlock_time in get_transfers
also show it in simplewallet's show_transfer
2017-08-02 10:15:27 +01:00
moneromooo-monero
dc0b312f8a
wallet_rpc_server: optionally return tx blobs on transfer calls
also add do_not_relay flag to them, so it now becomes possible
to create a tx without sending it yet
2017-07-26 10:33:04 +01:00
binaryFate
5a09d79caf Fix #2120: return per-tx amount in transfer_split RPC call. 2017-06-26 12:22:12 +02:00
moneromooo-monero
6df83b3efb
wallet: add sweep_below function
It sweeps all outputs below the given threshold

This is available via the existing sweep_all RPC, by setting
amount_threshold the desired amount (in atomic units)
2017-04-24 19:50:37 +01:00
Howard Chu
110b683152
Resolve #92 add ability to create wallets thru RPC
Reviewed and squashed. Open/Create is only allowed if no walletfile
was specified at startup.
2017-04-11 01:22:44 +01:00
stoffu
8bbcbcfb0d
wallet rpc: enable solo mining 2017-03-20 09:47:16 +09:00
moneromooo-monero
9d134e8647
wallet_rpc_server: add a rescan_spent RPC 2017-03-18 12:04:17 +00:00
moneromooo-monero
ada6a8a2de
wallet_rpc_server: new --trusted-daemon flag
and remove trusted_daemon fields from transfer RPCs,
it is much friendlier on users
2017-02-24 18:20:14 +00:00
Riccardo Spagni
c3599fa7b9
update copyright year, fix occasional lack of newline at line end 2017-02-21 19:38:18 +02:00
kenshi84
8027ce0c75 extract some basic code from libcryptonote_core into libcryptonote_basic 2017-02-08 22:45:15 +09:00
moneromooo-monero
4f5b130de9
wallet_rpc_server: add address book RPC calls 2017-02-04 11:40:49 +00:00
moneromooo-monero
5833d66f65
Change logging to easylogging++
This replaces the epee and data_loggers logging systems with
a single one, and also adds filename:line and explicit severity
levels. Categories may be defined, and logging severity set
by category (or set of categories). epee style 0-4 log level
maps to a sensible severity configuration. Log files now also
rotate when reaching 100 MB.

To select which logs to output, use the MONERO_LOGS environment
variable, with a comma separated list of categories (globs are
supported), with their requested severity level after a colon.
If a log matches more than one such setting, the last one in
the configuration string applies. A few examples:

This one is (mostly) silent, only outputting fatal errors:

MONERO_LOGS=*:FATAL

This one is very verbose:

MONERO_LOGS=*:TRACE

This one is totally silent (logwise):

MONERO_LOGS=""

This one outputs all errors and warnings, except for the
"verify" category, which prints just fatal errors (the verify
category is used for logs about incoming transactions and
blocks, and it is expected that some/many will fail to verify,
hence we don't want the spam):

MONERO_LOGS=*:WARNING,verify:FATAL

Log levels are, in decreasing order of priority:
FATAL, ERROR, WARNING, INFO, DEBUG, TRACE

Subcategories may be added using prefixes and globs. This
example will output net.p2p logs at the TRACE level, but all
other net* logs only at INFO:

MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE

Logs which are intended for the user (which Monero was using
a lot through epee, but really isn't a nice way to go things)
should use the "global" category. There are a few helper macros
for using this category, eg: MGINFO("this shows up by default")
or MGINFO_RED("this is red"), to try to keep a similar look
and feel for now.

Existing epee log macros still exist, and map to the new log
levels, but since they're used as a "user facing" UI element
as much as a logging system, they often don't map well to log
severities (ie, a log level 0 log may be an error, or may be
something we want the user to see, such as an important info).
In those cases, I tried to use the new macros. In other cases,
I left the existing macros in. When modifying logs, it is
probably best to switch to the new macros with explicit levels.

The --log-level options and set_log commands now also accept
category settings, in addition to the epee style log levels.
2017-01-16 00:25:46 +00:00
moneromooo-monero
19c4041df5
wallet_rpc_server: new RPC call to get a transfer by txid 2017-01-08 13:16:22 +00:00
moneromooo-monero
82ba2108e9
wallet: add API and RPC to create/parse monero: URIs 2016-11-28 17:54:22 +00:00
moneromooo-monero
4eb7347fdd
wallet: return fee in transfer RPC 2016-11-16 18:56:45 +00:00
moneromooo-monero
9c7b0cb28e
wallet: change priority/fee to ArticMine's recommendation
We keep 1, 2, 3 multipliers till the fee decrase from 0.01/kB
to 0.002/kB, where we start using 1, 20, 166 multipliers.
This ensures the higher multiplier will compensate for the
block reward penalty when pushing past 100% of the past median.

The fee-multiplier wallet setting is now rename to priority,
since it keeps its [0..3] range, but maps to different multiplier
values.
2016-09-16 11:50:52 +01:00
moneromooo-monero
adca903589
wallet_rpc_server: return payment id in make_integrated_address RPC
It is useful, especially when requesting a random one
2016-08-29 12:18:22 +01:00
moneromooo-monero
d4b62a1e29
rct amount key modified as per luigi1111's recommendations
This allows the key to be not the same for two outputs sent to
the same address (eg, if you pay yourself, and also get change
back). Also remove the key amounts lists and return parameters
since we don't actually generate random ones, so we don't need
to save them as we can recalculate them when needed if we have
the correct keys.
2016-08-28 21:30:19 +01:00
moneromooo-monero
1303cda646
wallet: always use new algorithm for RPC transfers
This ensures we get rct transactions when appropriate
2016-08-28 21:30:03 +01:00
moneromooo-monero
e81a2b2cfa
port get_tx_key/check_tx_key to rct 2016-08-28 21:29:24 +01:00
moneromooo-monero
ebf97d76f0
wallet: new {ex,im}port_key_images commands and RPC calls
They are used to export a signed set of key images from a wallet
with a private spend key, so an auditor with the matching view key
may see which of those are spent, and which are not.
2016-07-24 09:23:30 +01:00
moneromooo-monero
b89b96394a
wallet: add unconfirmed incoming txes from the txpool
Shown in show_transfers simplewallet command, and get_transfers
RPC command, if req.pool is true.
2016-07-20 19:14:44 +01:00
moneromooo-monero
89d9f382a0
wallet: add command and RPC to sign/verify data
Signing is done using the spend key, since the view key may
be shared. This could be extended later, to let the user choose
which key (even a per tx key).
simplewallet's sign/verify API uses a file. The RPC uses a
string (simplewallet can't easily do strings since commands
receive a tokenized set of arguments).
2016-07-19 20:39:03 +01:00
moneromooo-monero
945c272f6c
wallet: add a fee multiplier
Fee can now be multiplied by 2 or 3, if users want to give
priority to their transactions. There are only three levels
to avoid too much fingerprinting. Default is 1 (minimum fee).
The default multiplier can be set by "set fee-multiplier X".
2016-06-22 22:21:30 +01:00
moneromooo-monero
09dddf281a
wallet: add a filter_by_height field to get_transfers
It allows a simple get_transfers (with default 0 min_height and
max_height) to return all transactions, instead of the unexpected
set of txes in block 0, which is probably none at all.
2016-04-27 23:43:39 +01:00
moneromooo-monero
48ab3f93ff
wallet: add get_transfers rpc call
Allows getting in, out, pending, and failed transfers, similarly
to the show_transfers command.
2016-04-26 22:39:52 +01:00
moneromooo-monero
7baed9bd89
wallet: allow attaching notes to txids 2016-04-26 19:07:33 +01:00
moneromooo-monero
b0850a9bea
wallet: add a new sweep_all command and RPC command
This sends all outputs in a wallet to a given address, alleviating
the difficulty people have had trying to send all monero but
being left with some small amount left.
2016-04-19 21:20:27 +01:00
moneromooo-monero
48d0747d00
wallet: better output selection for transfer/transfer_new
This now requests the set of outputs that can be mixed first,
to avoid trying non dust but unmixable outputs, which we know
will fail.
2016-04-02 14:17:02 +01:00
moneromooo-monero
0be6e08dd0
wallet: do not leak owned amounts to the daemon unless --trusted-daemon
This will be slower, though more private.

New trusted_daemon parameter to the matching RPC call, false by default.
2016-03-26 23:29:29 +00:00
Riccardo Spagni
de03926850
updated copyright year 2015-12-31 08:39:56 +02:00
moneromooo-monero
bc8a52efd8
wallet: add a rescan_bc command and rescan_blockchain RPC
Blockchain hashes and key images are flushed, and blocks are
pulled anew from the daemon.
The console command is shortened to match bc_height.
This should make it a lot easier on users who are currently
told to remove this particular cache file but keep the keys
one, etc, etc.
2015-12-30 15:06:03 +00:00
Brendan Telzrow
791e7fb263 changed height to uint64_t 2015-12-23 13:10:59 -06:00
Brendan Telzrow
4cd7913a04 added RPC wallet command getheight 2015-12-23 10:04:04 -06:00
moneromooo-monero
1965fce402
wallet: add a stop_wallet RPC call 2015-12-05 14:53:37 +00:00
moneromooo-monero
d91eb8c7b4
wallet: only return tx keys via RPC if requested
To get the tx keys returned via RPC, set the "get_tx_key" or
"get_tx_keys" request field to true (defaults to false).
2015-08-24 17:36:44 +01:00
moneromooo-monero
6c995710d8
make tx keys available to the user
They are also stored in the cache file, to be retrieved using
a new get_tx_key command.
2015-08-19 21:11:48 +01:00
moneromooo-monero
988fe1f843
wallet: new transaction construction algorithm
It should avoid a lot of the issues sending more than half the
wallet's contents due to change.

Actual output selection is still random. Changing this would
improve the matching of transaction amounts to output sizes,
but may have non obvious effects on blockchain analysis.

Mapped to the new transfer_new command in simplewallet, and
transfer uses the existing algorithm.

To use in RPC, add "new_algorithm: true" in the transfer_split
JSON command. It is not used in the transfer command.
2015-07-22 19:24:30 +01:00
moneromooo-monero
6f8a6dcb6c Add RPC commands to manipulate integrated addresses 2015-06-13 16:08:00 +01:00
moneromooo-monero
a62daebba5
wallet_rpc_server: add a sweep_dust RPC command as well 2015-05-30 21:48:05 +01:00
Riccardo Spagni
7b01a076b9
added tx size to incoming_transfers RPC Call 2015-02-20 00:57:26 +02:00
Riccardo Spagni
f4b69d553a
year updated in license 2015-01-02 18:52:46 +02:00
Jakob Lind
0c3255ead8 query_key command in wallet rpc.
only support mnemonic as key_type currently
2014-08-05 08:17:23 +02:00
fluffypony
6fc995fe5d License updated to BSD 3-clause 2014-07-23 15:03:52 +02:00
Zachary Michaels
12596ad566 Add get_bulk_payments rpc call 2014-07-22 12:16:15 -04:00
Thomas Winget
d433a696e5 wallet RPC converted to use new transaction semantics
wallet RPC now uses wallet2::create_transactions and wallet2::commit_tx instead
of wallet2::transfer.  This made it possible to add the RPC call /transfer_split, which
will split transactions automatically if they are too large.  The old call to
/transfer will return an error stating to use /transfer_split if multiple
transactions are needed to fulfill the request.
2014-06-30 07:16:50 -04:00