mirror of https://github.com/zcash/halo2.git
Merge pull request #68 from daira/daira-nullifiers
[Book] Update nullifier explanation to include Extract_P
This commit is contained in:
commit
632fa8dcf2
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
The nullifier design we use for Orchard is
|
The nullifier design we use for Orchard is
|
||||||
|
|
||||||
$$\mathsf{nf} = [F_{\mathsf{nk}}(\rho) + \psi \pmod{p}] \mathcal{G} + \mathsf{cm},$$
|
$$\mathsf{nf} = \mathsf{Extract}_{\mathbb{P}}\big([F_{\mathsf{nk}}(\rho) + \psi \pmod{p}] \mathcal{G} + \mathsf{cm}\big),$$
|
||||||
|
|
||||||
where:
|
where:
|
||||||
|
|
||||||
|
@ -15,6 +15,7 @@ where:
|
||||||
is derived from both $\rho$ and a sender-selected random value $\mathsf{rseed}$:
|
is derived from both $\rho$ and a sender-selected random value $\mathsf{rseed}$:
|
||||||
$$\psi = KDF^\psi(\rho, \mathsf{rseed}).$$
|
$$\psi = KDF^\psi(\rho, \mathsf{rseed}).$$
|
||||||
- $\mathcal{G}$ is a fixed independent base.
|
- $\mathcal{G}$ is a fixed independent base.
|
||||||
|
- $\mathsf{Extract}_{\mathbb{P}}$ extracts the $x$-coordinate of a Pallas curve point.
|
||||||
|
|
||||||
This gives a note structure of
|
This gives a note structure of
|
||||||
|
|
||||||
|
@ -95,6 +96,11 @@ $\color{red}{\textsf{⚠ Caution}}$: be skeptical of the claims in this table ab
|
||||||
problem(s) each security property depends on. They may not be accurate and are definitely
|
problem(s) each security property depends on. They may not be accurate and are definitely
|
||||||
not fully rigorous.
|
not fully rigorous.
|
||||||
|
|
||||||
|
The entries in this table omit the application of $\mathsf{Extract}_{\mathbb{P}}$,
|
||||||
|
which is an optimization to halve the nullifier length. That optimization requires its
|
||||||
|
own security analysis, but because it is a deterministic mapping, only Faerie Resistance
|
||||||
|
could be affected by it.
|
||||||
|
|
||||||
$$
|
$$
|
||||||
\begin{array}{|c|l|c|c|c|c|c|}
|
\begin{array}{|c|l|c|c|c|c|c|}
|
||||||
\hline
|
\hline
|
||||||
|
|
Loading…
Reference in New Issue