mirror of https://github.com/zcash/zips.git
Clarify the discussion of proof size.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
30d6ea7129
commit
0e65f7fc9c
|
@ -3636,9 +3636,13 @@ distinct openings of the \noteCommitment when Condition I or II is violated.
|
||||||
\Zcash \joinSplitStatement. $\cm$ can be computed from the other fields.
|
\Zcash \joinSplitStatement. $\cm$ can be computed from the other fields.
|
||||||
\item The length of proof encodings given in the paper is 288 bytes.
|
\item The length of proof encodings given in the paper is 288 bytes.
|
||||||
This differs from the 296 bytes specified in \crossref{proofencoding},
|
This differs from the 296 bytes specified in \crossref{proofencoding},
|
||||||
because the paper did not take into account the need to encode compressed
|
because both the $x$-coordinate and compressed $y$-coordinate of each
|
||||||
$y$-coordinates. The fork of \libsnark used by \Zcash uses a different
|
point need to be represented. Although it is possible to encode a proof
|
||||||
format to upstream \libsnark, in order to follow \cite{IEEE2004}.
|
in 288 bytes by making use of the fact that elements of $\GF{q}$ can
|
||||||
|
be represented in 254 bits, we prefer to use the standard formats for points
|
||||||
|
defined in \cite{IEEE2004}. The fork of \libsnark used by \Zcash uses
|
||||||
|
this standard encoding rather than the less efficient (uncompressed) one
|
||||||
|
used by upstream \libsnark.
|
||||||
\item The range of monetary values differs. In \Zcash, this range is
|
\item The range of monetary values differs. In \Zcash, this range is
|
||||||
$\range{0}{\MAXMONEY}$; in \Zerocash it is $\range{0}{2^{64}-1}$.
|
$\range{0}{\MAXMONEY}$; in \Zerocash it is $\range{0}{2^{64}-1}$.
|
||||||
(The \joinSplitStatement still only directly enforces that the sum
|
(The \joinSplitStatement still only directly enforces that the sum
|
||||||
|
@ -3675,6 +3679,12 @@ The errors in the proof of Ledger Indistinguishability mentioned in
|
||||||
|
|
||||||
\nsection{Change history}
|
\nsection{Change history}
|
||||||
|
|
||||||
|
\subparagraph{2016.0-beta-1.10}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item Clarify the discussion of proof size in ``Differences from the \Zerocash paper''.
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
\subparagraph{2016.0-beta-1.9}
|
\subparagraph{2016.0-beta-1.9}
|
||||||
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
|
Loading…
Reference in New Issue