update spec

libraries/chain/include/graphene/chain/blinded_balance_object.hpp

@@ -20,8 +20,7 @@ namespace graphene { namespace chain {
 
          fc::ecc::commitment_type                commitment;
          asset_id_type                           asset_id;
-         optional<account_id_type>               owner;
+         static_variant<address,account_id_type> owner;
-         address                                 key;
    };
 
    struct by_asset;
@@ -35,9 +34,7 @@ namespace graphene { namespace chain {
       blinded_balance_object,
       indexed_by<
          ordered_unique< tag<by_id>, member< object, object_id_type, &object::id > >,
-         hashed_unique< tag<by_commitment>, member<blinded_balance_object, commitment_type, &blinded_balance_object::commitment> >,
+         hashed_unique< tag<by_commitment>, member<blinded_balance_object, commitment_type, &blinded_balance_object::commitment> >
-         ordered_non_unique< tag<by_owner>, member<blinded_balance_object, account_id_type, &blinded_balance_object::owner> >,
-         ordered_non_unique< tag<by_asset>, member<blinded_balance_object, asset_id_type, &blinded_balance_object::asset_type> >
       >
    > blinded_balance_object_multi_index_type;
    typedef generic_index<blinded_balance_object, blinded_balance_object_multi_index_type> balance_index;

libraries/chain/include/graphene/chain/operations.hpp

@@ -445,8 +445,130 @@ namespace graphene { namespace chain {
          acc.adjust( to, amount );
       }
    };
+   /**
+    * @defgroup stealth Stealth Transfer
+    * @brief Operations related to stealth transfer of value
+    *
+    * Stealth Transfers enable users to maintain their finanical privacy against even
+    * though all transactions are public.  Every account has three balances:
+    *
+    * 1. Public Balance - every can see the balance changes and the parties involved
+    * 2. Blinded Balance - everyone can see who is transacting but not the amounts involved
+    * 3. Stealth Balance - both the amounts and parties involved are obscured
+    *
+    * Account owners may set a flag that allows their account to receive(or not) transfers of these kinds
+    * Asset issuers can enable or disable the use of each of these types of accounts.
+    *
+    * Using the "temp account" which has no permissions required, users can transfer a 
+    * stealth balance to the temp account and then use the temp account to register a new 
+    * account.  In this way users can use stealth funds to create anonymous accounts with which
+    * they can perform other actions that are not compatible with blinded balances (such as market orders)
+    *
+    * @section referral_program Referral Progam
+    *
+    * Stealth transfers that do not specify any account id cannot pay referral fees so 100% of the
+    * transaction fee is paid to the network.  
+    *
+    * @section transaction_fees Fees 
+    *
+    * Stealth transfers can have an arbitrarylly large size and therefore the transaction fee for
+    * stealth transfers is based purley on the data size of the transaction.  
+    */
+   ///@{
 
    /**
+    *  @ingroup stealth 
+    *  This data is encrypted and stored in the
+    *  encrypted memo portion of the blind output.
+    */
+   struct blind_memo
+   {
+      account_id_type     from;
+      share_type          amount;
+      string              message;
+      /** set to the first 4 bytes of the shared secret
+       * used to encrypt the memo.  Used to verify that
+       * decryption was successful.
+       */
+      uint32_t            check= 0;
+   };
+
+   /**
+    *  @ingroup stealth 
+    */
+   struct blind_input
+   {
+      fc::ecc::commitment_type                commitment;
+      /** provided to maintain the invariant that all authority
+       * required by an operation is explicit in the operation.  Must
+       * match blinded_balance_id->owner 
+       */
+      static_variant<address,account_id_type> owner;
+   };
+
+   /**
+    *  @class blind_output
+    *  @brief Defines data required to create a new blind commitment
+    *  @ingroup stealth 
+    *
+    *  The blinded output that must be proven to be greater than 0
+    */
+   struct blind_output
+   {
+      fc::ecc::commitment_type                commitment;
+      /** only required if there is more than one blind output */
+      range_proof_type                        range_proof;
+      static_variant<address,account_id_type> owner;
+      public_key_type                         one_time_key;
+      /** encrypted via aes with shared secret derived from
+       * one_time_key and (owner or owner.memo_key)
+       */
+      vector<char>                            encrypted_memo;
+   };
+
+   /**
+    *  @class transfer_to_blind_operation
+    *  @ingroup stealth 
+    *  @brief Converts public account balance to a blinded or stealth balance
+    */
+   struct transfer_to_blind_operation
+   {
+      asset                 fee;
+      asset                 amount;
+      account_id_type       from;
+      vector<blind_output>  outputs;
+
+      account_id_type fee_payer()const;
+      void            get_required_auth( flat_set<account_id_type>& active_auth_set, 
+                                         flat_set<account_id_type>& )const;
+      void            validate()const;
+      share_type      calculate_fee( const fee_schedule_type& k )const;
+      void            get_balance_delta( balance_accumulator& acc, const operation_result& result = asset())const;
+   };
+
+   /**
+    *  @ingroup stealth
+    *  @brief Converts blinded/stealth balance to a public account balance
+    */
+   struct transfer_from_blind_operation
+   {
+      asset                 fee;
+      asset                 amount;
+      account_id_type       to;
+      vector<blind_input>   inputs;
+
+      account_id_type fee_payer()const;
+      void            get_required_auth( flat_set<account_id_type>& active_auth_set, 
+                                         flat_set<account_id_type>& )const;
+      void            validate()const;
+      share_type      calculate_fee( const fee_schedule_type& k )const;
+      void            get_balance_delta( balance_accumulator& acc, const operation_result& result = asset())const;
+   };
+
+   /**
+    *  @ingroup stealth
+    *  @brief Transfers from blind to blind 
+    *
     *  There are two ways to transfer value while maintaining privacy:
     *  1. account to account with amount kept secret
     *  2. stealth transfers with amount sender/receiver kept secret 
@@ -466,9 +588,6 @@ namespace graphene { namespace chain {
     *  Using this operation you can transfer from an account and/or blinded balances 
     *  to an account and/or blinded balances.  
     *
-    *  The sum of the blind_inputs + public inputs - public outputs - blind_outputs - fee must
-    *  be 0.
-    *
     *  Stealth Transfers:
     *
     *  Assuming Receiver has key pair R,r and has shared public key R with Sender 
@@ -491,58 +610,9 @@ namespace graphene { namespace chain {
     */
    struct blind_transfer_operation
    {
-      /**
-       *  This data is encrypted and stored in the
-       *  encrypted memo portion of the blind output.
-       */
-      struct blind_memo
-      {
-         account_id_type     from;
-         share_type          amount;
-         string              message;
-         /** set to the first 4 bytes of the shared secret
-          * used to encrypt the memo.  Used to verify that
-          * decryption was successful.
-          */
-         uint32_t            check= 0;
-      };
-
-      struct blind_input
-      {
-         fc::ecc::commitment_type                commitment;
-         /** provided to maintain the invariant that all authority
-          * required by an operation is explicit in the operation.  Must
-          * match blinded_balance_id->owner 
-          */
-         static_variant<address,account_id_type> owner;
-      };
-
-      /**
-       *  The blinded output that must be proven to be greater than 0
-       */
-      struct blind_output
-      {
-         fc::ecc::commitment_type                commitment;
-         /** only required if there is more than one blind output */
-         range_proof_type                        range_proof;
-         static_variant<address,account_id_type> owner;
-         public_key_type                         one_time_key;
-         /** encrypted via aes with shared secret derived from
-          * one_time_key and (owner or owner.memo_key)
-          */
-         vector<char>                            encrypted_memo;
-      };
 
       asset                 fee;
       account_id_type       fee_payer_id;
-      account_id_type       from_account;
-      /** unblinded amount transfered from from account */
-      share_type            from_amount;
-      account_id_type       to_account;
-      /** unblinded amount transfered to to_account */
-      share_type            to_amount;
-      string                to_account_name;
-      optional<address>     to_address;
       vector<blind_input>   inputs;
       vector<blind_output>  outputs;
 
@@ -553,6 +623,7 @@ namespace graphene { namespace chain {
       share_type      calculate_fee( const fee_schedule_type& k )const;
       void            get_balance_delta( balance_accumulator& acc, const operation_result& result = asset())const;
    };
+   ///@} endgroup stealth
 
    /**
     * @ingroup operations