mirror of https://github.com/zcash/zips.git
Correct a subtle problem with the type of the value input to ValueCommit.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
b11064a39c
commit
06b0a6e79f
|
@ -1100,6 +1100,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\newcommand{\ValueOld}[1]{\Value^\mathsf{old}_{#1}}
|
||||
\newcommand{\ValueLength}{\ell_{\mathsf{value}}}
|
||||
\newcommand{\ValueType}{\binaryrange{\ValueLength}}
|
||||
\newcommand{\ValueCommitType}{\range{-\SignedScalarLimitJ}{\SignedScalarLimitJ}}
|
||||
\newcommand{\ValueCommitRand}{\mathsf{rcv}}
|
||||
\newcommand{\ValueCommitRandLength}{\mathsf{\ell_{\ValueCommitRand}}}
|
||||
\newcommand{\ValueCommitRandOld}[1]{\ValueCommitRand^\mathsf{old}_{#1}}
|
||||
|
@ -1517,6 +1518,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\newcommand{\ExtractJ}{\ParamJ{\mathsf{Extract}}}
|
||||
\newcommand{\FindGroupJHash}{\mathsf{FindGroupHash}^\mathbb{J}}
|
||||
\newcommand{\FindGroupJHashOf}[1]{\FindGroupJHash\!\left({#1}\right)\!}
|
||||
\newcommand{\SignedScalarLimitJ}{\frac{\ParamJ{r}-1}{2}}
|
||||
|
||||
\newcommand{\ParamM}[1]{{{#1}_\mathbb{\hskip 0.03em M}}}
|
||||
\newcommand{\ParamMexp}[2]{{{#1}_\mathbb{\hskip 0.03em M}\!}^{#2}}
|
||||
|
@ -3199,7 +3201,7 @@ instantiated in \crossref{concretesproutnotecommit}.
|
|||
\begin{tabular}{@{\hskip 1.5em}r@{\;}l@{\;}l}
|
||||
$\NoteCommitSapling{} $&$\typecolon\; \NoteCommitSaplingTrapdoor \times \ReprJ \times \ReprJ \times \ValueType
|
||||
$&$\rightarrow \NoteCommitSaplingOutput$ \\
|
||||
$\ValueCommit{} $&$\typecolon\; \ValueCommitTrapdoor \times \ValueType $&$\rightarrow \ValueCommitOutput$
|
||||
$\ValueCommit{} $&$\typecolon\; \ValueCommitTrapdoor \times \ValueCommitType $&$\rightarrow \ValueCommitOutput$
|
||||
\end{tabular}
|
||||
|
||||
$\NoteCommitSapling{}$ is instantiated in \crossref{concretesaplingnotecommit}, and
|
||||
|
@ -4139,7 +4141,7 @@ values are in excess of the \outputDescription values.
|
|||
Let $\ValueCommit{}$, $\ValueCommitValueBase$, and $\ValueCommitRandBase$
|
||||
be as defined in \crossref{concretevaluecommit}:
|
||||
\begin{formulae}
|
||||
\item $\ValueCommit{} \typecolon \ValueCommitTrapdoor \times \ValueType \rightarrow \ValueCommitOutput$;
|
||||
\item $\ValueCommit{} \typecolon \ValueCommitTrapdoor \times \ValueCommitType \rightarrow \ValueCommitOutput$;
|
||||
\item $\ValueCommitValueBase \typecolon \GroupJ$ is the value base in $\ValueCommit{}$;
|
||||
\item $\ValueCommitRandBase \typecolon \GroupJ$ is the randomness base in $\ValueCommit{}$.
|
||||
\end{formulae}
|
||||
|
@ -8936,6 +8938,10 @@ found by Brian Warner.
|
|||
\begin{itemize}
|
||||
\item No changes to \Sprout.
|
||||
\sapling{
|
||||
\item Correct a subtle problem with the type of the value input to
|
||||
$\ValueCommit{}$: although it is only directly used to commit to
|
||||
values in $\ValueType$, the security argument depends on a sum
|
||||
of commitments being binding on $\ValueCommitType$.
|
||||
\item Fix the loss of tightness in the use of $\PRFnfSapling{}$ by
|
||||
specifying the keyspace more precisely.
|
||||
\item Correct type ambiguities for $\NoteAddressRand$.
|
||||
|
|
Loading…
Reference in New Issue