mirror of https://github.com/zcash/zips.git
Add section on JoinSplit parameters.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood
parent
45edaca45f
commit
08ba32a4aa
|
|
@ -512,6 +512,8 @@
|
|||
\newcommand{\ZKVerify}[1]{\mathsf{ZK.}\mathtt{Verify}_{#1}}
|
||||
\newcommand{\JoinSplit}{\text{\footnotesize\texttt{JoinSplit}}}
|
||||
\newcommand{\ZKJoinSplit}{\mathsf{ZK}_{\JoinSplit}}
|
||||
\newcommand{\ZKJoinSplitVerify}{\ZKJoinSplit\mathsf{.Verify}}
|
||||
\newcommand{\ZKJoinSplitProve}{\ZKJoinSplit\mathsf{.Prove}}
|
||||
\newcommand{\Proof}{\pi}
|
||||
\newcommand{\JoinSplitProof}{\Proof_{\JoinSplit}}
|
||||
\newcommand{\zkproof}{\mathtt{zkproof}}
|
||||
|
|
@ -1227,7 +1229,9 @@ no information that helps to find a proof for other $(x, w)$.)
|
|||
|
||||
The \provingSystem is instantiated in \crossref{proofs}.
|
||||
$\ZKJoinSplit$ refers to this \provingSystem specialized to the \joinSplitStatement
|
||||
given in \crossref{jsstatement}.
|
||||
given in \crossref{jsstatement}. In this case we omit the key subscripts on
|
||||
$\ZKJoinSplitVerify$ and $\ZKJoinSplitProve$, taking them to be the particular
|
||||
\provingKey and \verifyingKey defined by the \joinSplitParameters in \crossref{jsparameters}.
|
||||
|
||||
|
||||
\nsubsection{Key Components} \label{keycomponents}
|
||||
|
|
@ -2318,8 +2322,9 @@ Many details of the \provingSystem are beyond the scope of this protocol
|
|||
document. For example, the \arithmeticCircuit verifying the \joinSplitStatement,
|
||||
or its expression as a \rankOneConstraintSystem, are not specified here.
|
||||
In practice it will be necessary to use the specific proving and verification keys
|
||||
generated for the \Zcash production \blockchain, and a \provingSystem implementation
|
||||
that is interoperable with the \Zcash fork of \libsnark, to ensure compatibility.
|
||||
generated for the \Zcash production \blockchain (see \crossref{jsparameters}),
|
||||
and a \provingSystem implementation that is interoperable with the \Zcash fork
|
||||
of \libsnark, to ensure compatibility.
|
||||
}
|
||||
|
||||
\nsubsubsection{Encoding of Points} \label{pointencoding}
|
||||
|
|
@ -2434,6 +2439,20 @@ verifier \MUST check, for the encoding of each element, that:
|
|||
\item the encoding represents a point on the relevant curve.
|
||||
\end{itemize}
|
||||
|
||||
\nsubsection{\JoinSplitParameters} \label{jsparameters}
|
||||
|
||||
For the testnet in release v0.11.2.z9 and later, the $\FullHashName$ hashes of the
|
||||
\provingKey and \verifyingKey for the \joinSplitStatement, encoded in \libsnark
|
||||
format, are:
|
||||
|
||||
\begin{verbatim}
|
||||
226913bbdc48b70834f8e044d194ddb61c8e15329f67cdc6014f4e5ac11a82ab z9-proving.key
|
||||
4c151c562fce2cdee55ac0a0f8bd9454eb69e6a0db9a8443b58b770ec29b37f5 z9-verifying.key
|
||||
\end{verbatim}
|
||||
|
||||
The \Zcash production \blockchain will use parameters obtained by a multi-party
|
||||
computation, which has yet to be performed.
|
||||
|
||||
|
||||
\nsection{Consensus Changes from \Bitcoin}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue