zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove the claim that Discrete Logarithm Independence is stronger than collision resistance of GroupHash. 

(That's not clearly true, and it's irrelevant.)

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2020-05-27 17:20:27 +01:00
parent 8d19a94716
commit 092e6092ef
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
protocol/protocol.tex
View File

@ -3862,8 +3862,7 @@ not return $\bot$) as a random oracle.
\item Under the Discrete Logarithm assumption on $\SubgroupG{}$, a random oracle almost surely satisfies \item Under the Discrete Logarithm assumption on $\SubgroupG{}$, a random oracle almost surely satisfies
Discrete Logarithm Independence. Discrete Logarithm Independence implies \collisionResistance\!, Discrete Logarithm Independence. Discrete Logarithm Independence implies \collisionResistance\!,
since a collision $(m_1, m_2)$ for $\GroupGHash{\URS}$ trivially gives a since a collision $(m_1, m_2)$ for $\GroupGHash{\URS}$ trivially gives a
discrete logarithm relation with $x_1 = 1$ and $x_2 = -1$. It is in fact discrete logarithm relation with $x_1 = 1$ and $x_2 = -1$.
stronger than \collisionResistance\!.
\item $\GroupJHash{}$ is also used to instantiate $\DiversifyHash$ in \crossref{concretediversifyhash}. \item $\GroupJHash{}$ is also used to instantiate $\DiversifyHash$ in \crossref{concretediversifyhash}.
We do not know how to prove the Unlinkability property defined in that section We do not know how to prove the Unlinkability property defined in that section
in the standard model, but in a model where $\GroupJHash{}$ (restricted to in the standard model, but in a model where $\GroupJHash{}$ (restricted to