Merge pull request #163 from zcash/book-notecommit-fixes

book: Fixes to NoteCommit page
2021-07-27 23:10:29 +08:00 · 2021-07-27 23:10:29 +08:00 · 1c2ab16a15
parent bb90f2eb7d ac5404a943
commit 1c2ab16a15
1 changed files with 9 additions and 10 deletions
--- a/book/src/design/circuit/gadgets/sinsemilla/note-commit.md
+++ b/book/src/design/circuit/gadgets/sinsemilla/note-commit.md
@ -200,7 +200,7 @@ y &= \textsf{LSB} \bconcat k_0 \bconcat k_1 \bconcat k_2 \bconcat k_3\\
 \end{align}
 $$

-where $\textsf{LSB}$ is $b_2$ for $\mathsf{y(g_d)}$, and $d_1$ for $\mathsf{y(pk_d)}$. Let $$j = \textsf{LSB} + 2 \cdot k_0 + 10 \cdot k_1.$$ We decompose $j$ to be $250$ bits using $25$ [ten-bit lookups](../decomposition.md#lookup-decomposition).
+where $\textsf{LSB}$ is $b_2$ for $\mathsf{y(g_d)}$, and $d_1$ for $\mathsf{y(pk_d)}$. Let $$j = \textsf{LSB} + 2 \cdot k_0 + 2^{10} \cdot k_1.$$ We decompose $j$ to be $250$ bits using a strict $25-$word [ten-bit lookup](../decomposition.md#lookup-decomposition). The running sum outputs allow us to susbstitute $k_1 = z_{j, 1}.$

 Recall that $b_2 = ỹ(g_d)$ and $d_1 = ỹ(pk_d)$ were pieces input to the Sinsemilla hash and have already been boolean-constrained. To constrain the remaining chunks, we use the following constraints:

@ -211,7 +211,6 @@ $$
  & \ShortLookupRangeCheck{k_0, 9} \\\hline
  & \ShortLookupRangeCheck{k_2, 4} \\\hline
 3 & q_{\NoteCommit,3} \cdot \BoolCheck{k_3} = 0 \\\hline
-  & k_1 := z_{j,1} \\\hline
 \end{array}
 $$

@ -220,8 +219,8 @@ $$
 \begin{array}{|c|l|}
 \hline
 \text{Degree} & \text{Constraint} \\\hline
-2 & q_{\NoteCommit,3} \cdot \left(j - (\textsf{LSB} + 2 \cdot k_0 + 10 \cdot k_1) \right) = 0 \\\hline
-2 & q_{\NoteCommit,3} \cdot \left(y - (j + 2^{250} \cdot k_2 + 2^{254} \cdot k_3) \right) = 0 \\\hline
+2 & q_{\NoteCommit,3} \cdot \left(j - (\textsf{LSB} + k_0 \cdot 2 + k_1 \cdot 2^{10}) \right) = 0 \\\hline
+2 & q_{\NoteCommit,3} \cdot \left(y - (j + k_2 \cdot 2^{250} + k_3 \cdot 2^{254}) \right) = 0 \\\hline
 \end{array}
 $$

@ -431,7 +430,7 @@ $$
 3 & q_{\NoteCommit,2} \cdot h_1 \cdot h_0 = 0 \\\hline
 3 & q_{\NoteCommit,2} \cdot h_1 \cdot z_{g,13} = 0 \\\hline
 2 & q_{\NoteCommit,1} \cdot (g_1 + g_2 \cdot 2^9 + 2^{130} - t_\mathbb{P} - {g_1}{g_2}') = 0 \\\hline
-3 & q_{\NoteCommit,2} \cdot g_0 \cdot z_{{g_1}{g_2}',14} = 0 \\\hline
+3 & q_{\NoteCommit,2} \cdot g_0 \cdot z_{{g_1}{g_2}',13} = 0 \\\hline
 \end{array}
 $$

@ -442,10 +441,10 @@ arranged in a single region across 10 advice columns, requiring four rows.

 $$
 \begin{array}{|c|c|c|c|c|c|c|c|c|c|cc}
-    &         &         &             &   &     &     &     &   &     & q_{\NoteCommit,1} & q_{\NoteCommit,2} \\\hline
-a'  & {b_3}c' & {e_1}f' & {g_1}{g_2}' &  a  &  b  & b_2 & b_3 &  c  &    d    & 0 & 0 \\\hline
-d_1 &   d_2   & z_{d,1} &      e      & e_0 & e_1 &  f  &  g  & g_1 &    h    & 1 & 0 \\\hline
-h_0 &   h_1   & x(g_d)  &   x(pk_d)   &  v  & b_0 & b_1 & d_0 & g_0 & z_{g,1} & 0 & 1 \\\hline
-z_{a',13} & z_{{b_3}c',14} & z_{{e_1}f',14} & z_{{g_1}{g_2}',14} & z_{a,13} & z_{c,13} & z_{f,13} & z_{g,13} & \psi & \rho & 0 & 0 \\\hline
+          &                &                &        &          &                   &          &                &          &           & q_{\NoteCommit,1} & q_{\NoteCommit,2} \\\hline
+    b     &        d       &        e       &   g    &     h    &        d_1        &  x(pk_d) &      b_3       &     a'   &   b_2     &        0          &         0         \\\hline
+  {e_1}f' &  {g_1}{g_2}'   &        v       &  d_2   &  z_{d,1} &        e_0        &{b_3}{c}' &       c        &     a    &  x(g_d)   &        1          &         0         \\\hline
+   e_1    &        f       &       g_0      &  g_1   &  z_{g,1} &        h_0        &    h_1   &      d_0       &    b_0   &   b_1     &        0          &         1         \\\hline
+  \rho    &    z_{f,13}    & z_{{e_1}f',14} &  \psi  & z_{g,13} &z_{{g_1}{g_2}',13} & z_{c,13} & z_{{b_3}c',14} & z_{a,13} & z_{a',13} &        0          &         0         \\\hline
 \end{array}
 $$