mirror of https://github.com/zcash/zips.git
Clarify the discussion of proof size.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
30d6ea7129
commit
0e65f7fc9c
|
@ -3636,9 +3636,13 @@ distinct openings of the \noteCommitment when Condition I or II is violated.
|
|||
\Zcash \joinSplitStatement. $\cm$ can be computed from the other fields.
|
||||
\item The length of proof encodings given in the paper is 288 bytes.
|
||||
This differs from the 296 bytes specified in \crossref{proofencoding},
|
||||
because the paper did not take into account the need to encode compressed
|
||||
$y$-coordinates. The fork of \libsnark used by \Zcash uses a different
|
||||
format to upstream \libsnark, in order to follow \cite{IEEE2004}.
|
||||
because both the $x$-coordinate and compressed $y$-coordinate of each
|
||||
point need to be represented. Although it is possible to encode a proof
|
||||
in 288 bytes by making use of the fact that elements of $\GF{q}$ can
|
||||
be represented in 254 bits, we prefer to use the standard formats for points
|
||||
defined in \cite{IEEE2004}. The fork of \libsnark used by \Zcash uses
|
||||
this standard encoding rather than the less efficient (uncompressed) one
|
||||
used by upstream \libsnark.
|
||||
\item The range of monetary values differs. In \Zcash, this range is
|
||||
$\range{0}{\MAXMONEY}$; in \Zerocash it is $\range{0}{2^{64}-1}$.
|
||||
(The \joinSplitStatement still only directly enforces that the sum
|
||||
|
@ -3675,6 +3679,12 @@ The errors in the proof of Ledger Indistinguishability mentioned in
|
|||
|
||||
\nsection{Change history}
|
||||
|
||||
\subparagraph{2016.0-beta-1.10}
|
||||
|
||||
\begin{itemize}
|
||||
\item Clarify the discussion of proof size in ``Differences from the \Zerocash paper''.
|
||||
\end{itemize}
|
||||
|
||||
\subparagraph{2016.0-beta-1.9}
|
||||
|
||||
\begin{itemize}
|
||||
|
|
Loading…
Reference in New Issue