clsag rules

src/SUMMARY.md

@@ -18,5 +18,6 @@
       - [MLSAG](./consensus_rules/ring_ct/mlsag.md)
       - [Borromean](./consensus_rules/ring_ct/borromean.md)
       - [Bulletproofs](./consensus_rules/ring_ct/bulletproofs.md)
+      - [CLSAG](./consensus_rules/ring_ct/clsag.md)
       - [Bulletproofs+](./consensus_rules/ring_ct/bulletproofs+.md)
 - [Pruning](./pruning.md)

src/consensus_rules/ring_ct.md

@@ -13,17 +13,15 @@ A pedersen commitment to the output amount.
 Pseudo-outs:
 A pedersen commitment to the true spends amount with a different mask, such that the sum of the pseudo-outs is the same as the sum of the outPKs + fee * H.
 
-ecdhInfo:
-Data needed so the receiver can recover the amount they have received.
-
 ## Index
 
 1. [Rules That Apply To All Types](#rules-that-apply-to-all-types)
 2. [Simple Types Rules](#simple-types-rules)
 3. [MLSAG Rules](./ring_ct/mlsag.md)
 4. [Borromean Rules](./ring_ct/borromean.md)
 5. [Bulletproofs Rules](./ring_ct/bulletproofs.md)
-6. [Bulletproofs+ Rules](./ring_ct/bulletproofs+.md)
+6. [CLSAG Rules](./ring_ct/clsag.md)
+7. [Bulletproofs+ Rules](./ring_ct/bulletproofs+.md)
 
 ## Rules That Apply To All Types
 

src/consensus_rules/ring_ct/bulletproofs+.md

@@ -30,7 +30,7 @@ There must be at least one element of V, which is constructed from the outPKs wh
 
 ### The Bulletproof Must Be Valid
 
-## The bulletproof must pass verification. [^bulletproof+-valid]
+The bulletproof must pass verification. [^bulletproof+-valid]
 
 [^L-R-Size]: <https://github.com/monero-project/monero/blob/master/src/ringct/rctTypes.cpp#L300-L304>
 

src/consensus_rules/ring_ct/clsag.md

@@ -0,0 +1,35 @@
+# CLSAG Rules
+
+## Introduction
+
+These rules apply to all ringCT types that use CLSAG signatures.
+
+## Rules
+
+### `s` Size
+
+The `s` field must have has many elements as the amount of ring members.[^s-size]
+
+### Canonical Encoding
+
+All `s` scalars must be fully reduced, the `c1` scalar must be fully reduced[^scalars-reduced] and the `D` point must be canonically encoded.[^D-canonical]
+
+### Key Images Not Identity
+
+The key image and 8 * `D`, the commitment key image, must both not be the identity point.[^kis-not-identity]
+
+### The CLSAG Signature Must Be Correctly Formed
+
+The signature must be valid.[^clsag-valid]
+
+---
+
+[^s-size]: <https://github.com/monero-project/monero/blame/ac02af92867590ca80b2779a7bbeafa99ff94dcb/src/ringct/rctSigs.cpp#L880>
+
+[^scalars-reduced]: <https://github.com/monero-project/monero/blob/ac02af92867590ca80b2779a7bbeafa99ff94dcb/src/ringct/rctSigs.cpp#L881-L883>
+
+[^D-canonical]: <https://github.com/monero-project/monero/blob/ac02af92867590ca80b2779a7bbeafa99ff94dcb/src/ringct/rctSigs.cpp#L894>
+
+[^kis-not-identity]: <https://github.com/monero-project/monero/blob/ac02af92867590ca80b2779a7bbeafa99ff94dcb/src/ringct/rctSigs.cpp#L895> and <https://github.com/monero-project/monero/blob/ac02af92867590ca80b2779a7bbeafa99ff94dcb/src/ringct/rctSigs.cpp#L884>
+
+[^clsag-valid]: <https://github.com/monero-project/monero/blob/ac02af92867590ca80b2779a7bbeafa99ff94dcb/src/ringct/rctSigs.cpp#L872>

src/consensus_rules/transactions.md

@@ -111,6 +111,10 @@ The outputs unlock time must have passed, see the [chapter on unlock time](./tra
 
 From hard-fork 12 all ring members must be at least 10 blocks old[^minimum-out-age].
 
+### 2 Outputs
+
+From hard-fork 12 version 2 transactions must have 2 outputs[^minimum-2-outs].
+
 ---
 
 [^tx-v0]: <https://github.com/monero-project/monero/blob/eac1b86bb2818ac552457380c9dd421fb8935e5b/src/cryptonote_core/tx_pool.cpp#L152>
@@ -155,3 +159,5 @@ and <https://github.com/monero-project/monero/blob/eac1b86bb2818ac552457380c9dd4
 [^output-must-exist]: <https://github.com/monero-project/monero/blob/eac1b86bb2818ac552457380c9dd421fb8935e5b/src/cryptonote_core/blockchain.cpp#L3995>
 
 [^minimum-out-age]: <https://github.com/monero-project/monero/blob/eac1b86bb2818ac552457380c9dd421fb8935e5b/src/cryptonote_core/blockchain.cpp#L3533>
+
+[^minimum-2-outs]: <https://github.com/monero-project/monero/blob/ac02af92867590ca80b2779a7bbeafa99ff94dcb/src/cryptonote_core/blockchain.cpp#L3324>