zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Correct a subtle problem with the type of the value input to ValueCommit. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2018-04-23 03:17:59 +01:00
parent b11064a39c
commit 06b0a6e79f
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
protocol/protocol.tex
View File

@ -1100,6 +1100,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\ValueOld}[1]{\Value^\mathsf{old}_{#1}}
\newcommand{\ValueLength}{\ell_{\mathsf{value}}}
\newcommand{\ValueType}{\binaryrange{\ValueLength}}
\newcommand{\ValueCommitType}{\range{-\SignedScalarLimitJ}{\SignedScalarLimitJ}}
\newcommand{\ValueCommitRand}{\mathsf{rcv}}
\newcommand{\ValueCommitRandLength}{\mathsf{\ell_{\ValueCommitRand}}}
\newcommand{\ValueCommitRandOld}[1]{\ValueCommitRand^\mathsf{old}_{#1}}
@ -1517,6 +1518,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\ExtractJ}{\ParamJ{\mathsf{Extract}}}
\newcommand{\FindGroupJHash}{\mathsf{FindGroupHash}^\mathbb{J}}
\newcommand{\FindGroupJHashOf}[1]{\FindGroupJHash\!\left({#1}\right)\!}
\newcommand{\SignedScalarLimitJ}{\frac{\ParamJ{r}-1}{2}}
\newcommand{\ParamM}[1]{{{#1}_\mathbb{\hskip 0.03em M}}}
\newcommand{\ParamMexp}[2]{{{#1}_\mathbb{\hskip 0.03em M}\!}^{#2}}
@ -3199,7 +3201,7 @@ instantiated in \crossref{concretesproutnotecommit}.
\begin{tabular}{@{\hskip 1.5em}r@{\;}l@{\;}l}
$\NoteCommitSapling{} $&$\typecolon\; \NoteCommitSaplingTrapdoor \times \ReprJ \times \ReprJ \times \ValueType
$&$\rightarrow \NoteCommitSaplingOutput$ \\
$\ValueCommit{} $&$\typecolon\; \ValueCommitTrapdoor \times \ValueType $&$\rightarrow \ValueCommitOutput$
$\ValueCommit{} $&$\typecolon\; \ValueCommitTrapdoor \times \ValueCommitType $&$\rightarrow \ValueCommitOutput$
\end{tabular}
$\NoteCommitSapling{}$ is instantiated in \crossref{concretesaplingnotecommit}, and
@ -4139,7 +4141,7 @@ values are in excess of the \outputDescription values.
Let $\ValueCommit{}$, $\ValueCommitValueBase$, and $\ValueCommitRandBase$
be as defined in \crossref{concretevaluecommit}:
\begin{formulae}
\item $\ValueCommit{} \typecolon \ValueCommitTrapdoor \times \ValueType \rightarrow \ValueCommitOutput$;
\item $\ValueCommit{} \typecolon \ValueCommitTrapdoor \times \ValueCommitType \rightarrow \ValueCommitOutput$;
\item $\ValueCommitValueBase \typecolon \GroupJ$ is the value base in $\ValueCommit{}$;
\item $\ValueCommitRandBase \typecolon \GroupJ$ is the randomness base in $\ValueCommit{}$.
\end{formulae}
@ -8936,6 +8938,10 @@ found by Brian Warner.
\begin{itemize}
\item No changes to \Sprout.
\sapling{
\item Correct a subtle problem with the type of the value input to
$\ValueCommit{}$: although it is only directly used to commit to
values in $\ValueType$, the security argument depends on a sum
of commitments being binding on $\ValueCommitType$.
\item Fix the loss of tightness in the use of $\PRFnfSapling{}$ by
specifying the keyspace more precisely.
\item Correct type ambiguities for $\NoteAddressRand$.