mirror of https://github.com/zcash/zips.git
ZIP 215: use terminology consistent with the protocol spec for the Ed25519 curve.
("The Edwards form of Curve25519" is not a unique description; there are multiple twisted Edwards curves birationally equivalent to Curve25519, but only one is called Ed25519.) Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
c6a925a30b
commit
092e79e017
|
@ -37,7 +37,7 @@ License: BSD-2-Clause</pre>
|
|||
<span class="math">\(A\)</span>
|
||||
and
|
||||
<span class="math">\(R\)</span>
|
||||
respectively on the Edwards form of Curve25519;</li>
|
||||
respectively on the complete twisted Edwards curve Ed25519;</li>
|
||||
<li>
|
||||
<span class="math">\(\underline{S}\)</span>
|
||||
MUST represent an integer
|
||||
|
|
|
@ -57,7 +57,7 @@ After activation of this ZIP, the :math:`\mathsf{JoinSplitSig}` validation rules
|
|||
in §5.4.5 of the protocol specification [#protocol]_ are changed to the following:
|
||||
|
||||
- :math:`\underline{A}` and :math:`\underline{R}` MUST be encodings of points
|
||||
:math:`A` and :math:`R` respectively on the Edwards form of Curve25519;
|
||||
:math:`A` and :math:`R` respectively on the complete twisted Edwards curve Ed25519;
|
||||
- :math:`\underline{S}` MUST represent an integer :math:`S` less than :math:`\ell`;
|
||||
- The group equation :math:`[8][S]B = [8]R + [8][k]A` MUST be satisfied, where
|
||||
:math:`k` and :math:`B` are defined as in RFC 8032 sections §5.1.7 and §5.1
|
||||
|
|
Loading…
Reference in New Issue