zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cosmetics. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2020-07-06 22:57:59 +01:00
parent 4d148920ae
commit 0bfbbd54e2
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
protocol/protocol.tex
View File

@ -7366,11 +7366,11 @@ As required, $\RedDSADerivePublic$ is a group monomorphism, since it is injectiv
&$= \RedDSADerivePublic(\sk_1)\, \combplus \RedDSADerivePublic(\sk_2)$.
\end{tabular}
\vspace{1ex}
\vspace{0.5ex}
A $\RedDSA$ \validatingKey $\vk$ can be encoded as a bit sequence $\reprG{}\Of{\vk}$\, of
length $\ellG{}$ bits (or as a corresponding byte sequence $\vkBytes{}$ by then applying $\LEBStoOSP{\ellG{}}$).
\vspace{1ex}
\vspace{0.5ex}
\introlist
The scheme $\RedJubjub$ specializes $\RedDSA$ with:
\begin{itemize}
@ -7379,14 +7379,17 @@ The scheme $\RedJubjub$ specializes $\RedDSA$ with:
\item $\RedDSAHash(x) := \BlakeTwobOf{512}{\ascii{Zcash\_RedJubjubH}, x}$ as defined in \crossref{concreteblake2}.
\end{itemize}
The generator $\GenG{} \typecolon \SubgroupG{}$ is left as an unspecified parameter, which is different between
\vspace{-1ex}
The generator $\GenG{} \typecolon \SubgroupG{}$ is left as an unspecified parameter, different between
$\BindingSig$ and $\SpendAuthSig$.
} %sapling
\sapling{
\vspace{-1ex}
\lsubsubsubsection{Spend Authorization Signature}{concretespendauthsig}
\vspace{-1ex}
Let $\RedJubjub$ be as defined in \crossref{concreteredjubjub}.
Define $\AuthSignBase := \FindGroupJHash\Of{\ascii{Zcash\_G\_}, \ascii{}}$.
@ -7394,9 +7397,10 @@ Define $\AuthSignBase := \FindGroupJHash\Of{\ascii{Zcash\_G\_}, \ascii{}}$.
The \defining{\spendAuthSignatureScheme}, $\SpendAuthSig$, is instantiated as $\RedJubjub$
with key re-randomization, and with generator $\GenG{} = \AuthSignBase$.
\vspace{1ex}
\vspace{0.5ex}
See \crossref{spendauthsig} for details on the use of this \signatureScheme.
\vspace{-1ex}
\securityrequirement{
$\SpendAuthSig$ must be a SURK-CMA secure \rerandomizableSignatureScheme as defined
in \crossref{abstractsigrerand}.
@ -7405,8 +7409,10 @@ in \crossref{abstractsigrerand}.
\sapling{
\vspace{-1ex}
\lsubsubsubsection{Binding Signature}{concretebindingsig}
\vspace{-1ex}
Let $\RedJubjub$ be as defined in \crossref{concreteredjubjub}.
Let $\ValueCommitRandBase$ be the randomness base defined in \crossref{concretevaluecommit}.
@ -7414,9 +7420,10 @@ Let $\ValueCommitRandBase$ be the randomness base defined in \crossref{concretev
The \defining{\bindingSignatureScheme}, $\BindingSig$, is instantiated as $\RedJubjub$ without
use of key re-randomization, and with generator $\GenG{} = \ValueCommitRandBase$.
\vspace{1ex}
\vspace{0.5ex}
See \crossref{bindingsig} for details on the use of this \signatureScheme.
\vspace{-1ex}
\securityrequirement{
$\BindingSig$ must be a SUF-CMA secure \keyMonomorphicSignatureScheme as defined in
\crossref{abstractsigmono}. A signature must prove knowledge of the discrete logarithm of
@ -7426,8 +7433,10 @@ the \validatingKey with respect to the base $\ValueCommitRandBase$.
\introlist
\vspace{-1ex}
\lsubsubsection{Commitment schemes}{concretecommit}
\vspace{-1ex}
\lsubsubsubsection{\SproutOrNothingText{} Note Commitments}{concretesproutnotecommit}
\newsavebox{\cmbox}
@ -7449,6 +7458,7 @@ the \validatingKey with respect to the base $\ValueCommitRandBase$.
\end{bytefield}
\end{lrbox}
\vspace{-1ex}
The commitment scheme $\NoteCommitSprout{}$ specified in \crossref{abstractcommit} is
instantiated using \shaHash as follows:
@ -7457,6 +7467,7 @@ instantiated using \shaHash as follows:
\item $\NoteCommitSproutGenTrapdoor()$ generates the uniform distribution on $\NoteCommitSproutTrapdoor$.
\end{formulae}
\vspace{-1ex}
\changed{\pnote{
The leading byte of the \shaHash input is $\hexint{B0}$.
}}
@ -10656,7 +10667,6 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
\historyentry{2020.1.6}{2020-06-17}
\begin{itemize}
\item No changes to \Sprout.
\canopy{
\item Incorporate changes to \Sapling{} \note encryption from \cite{ZIP-212}.
} %canopy
@ -13002,7 +13012,7 @@ The \windowedPedersenCommitments defined in the preceding section are
highly efficient, but they do not support the homomorphic property we
need when instantiating $\ValueCommit{}$.
\introlist
\introsection
In order to support this property, we also define \homomorphicPedersenCommitments
as follows: