From 137121cf30b432b2be25d32279164aac312d594e Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Wed, 7 Feb 2018 11:05:39 +0000
Subject: [PATCH] Terminology and notation changes.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 protocol/protocol.tex | 82 ++++++++++++++++++++++++++-----------------
 1 file changed, 49 insertions(+), 33 deletions(-)

diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 6f34807f..562d75df 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -384,8 +384,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\primaryInputs}{\term{primary inputs}}
 \newcommand{\auxiliaryInput}{\term{auxiliary input}}
 \newcommand{\auxiliaryInputs}{\term{auxiliary inputs}}
-\newcommand{\fullnode}{\term{full node}}
-\newcommand{\fullnodes}{\term{full nodes}}
+\newcommand{\fullValidator}{\term{full validator}}
+\newcommand{\fullValidators}{\term{full validators}}
 \newcommand{\anchor}{\term{anchor}}
 \newcommand{\anchors}{\term{anchors}}
 \newcommand{\block}{\term{block}}
@@ -448,9 +448,9 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\outputUniqueValues}{\term{$\OutputUnique$-values}}
 \newcommand{\outputUniquenessSet}{\term{$\OutputUnique$-uniqueness set}}
 \newcommand{\OutputUniquenessSet}{\titleterm{\titlemu-Uniqueness Set}}
-% Daira: This doesn't adequately distinguish between zk stuff and transparent stuff
-\newcommand{\paymentAddress}{\term{payment address}}
-\newcommand{\paymentAddresses}{\term{payment addresses}}
+\newcommand{\paymentAddress}{\term{shielded payment address}}
+\newcommand{\paymentAddresses}{\term{shielded payment addresses}}
+\newcommand{\PaymentAddresses}{\titleterm{Shielded Payment Addresses}}
 \newcommand{\diversifiedPaymentAddress}{\term{diversified payment address}}
 \newcommand{\diversifiedPaymentAddresses}{\term{diversified payment addresses}}
 \newcommand{\diversifier}{\term{diversifier}}
@@ -471,8 +471,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\transmissionKeys}{\term{transmission keys}}
 \newcommand{\diversifiedTransmissionKey}{\term{diversified transmission key}}
 \newcommand{\diversifiedTransmissionKeys}{\term{diversified transmission keys}}
-\newcommand{\authSigningKey}{\term{spend authorization key}}
-\newcommand{\authSigningKeys}{\term{spend authorization keys}}
+\newcommand{\authSigningKey}{\term{spend authorizing key}}
+\newcommand{\authSigningKeys}{\term{spend authorizing keys}}
 \newcommand{\delegatedProvingKey}{\term{delegated proving key}}
 \newcommand{\delegatedProvingKeys}{\term{delegated proving keys}}
 \newcommand{\humanReadablePart}{\term{Human-Readable Part}}
@@ -558,7 +558,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\length}{\mathsf{length}}
 \newcommand{\mean}{\mathsf{mean}}
 \newcommand{\median}{\mathsf{median}}
-\newcommand{\clamp}[2]{\mathsf{clamp\,}_{#1}^{#2}}
+\newcommand{\bound}[2]{\mathsf{bound\,}_{#1}^{#2}}
 \newcommand{\Lower}{\mathsf{lower}}
 \newcommand{\Upper}{\mathsf{upper}}
 \newcommand{\bitlength}{\mathsf{bitlength}}
@@ -805,7 +805,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\NoteTuple}[1]{\mathbf{n}_{#1}}
 \newcommand{\NoteType}{\mathsf{Note}}
 \newcommand{\NotePlaintext}[1]{\mathbf{np}_{#1}}
-\newcommand{\NoteCommitRand}{\mathsf{r}}
+\newcommand{\NoteCommitRand}{\mathsf{\sprout{r}\notsprout{rcm}}}
 \newcommand{\NoteCommitRandLength}{\mathsf{\ell_{\NoteCommitRand}}}
 \newcommand{\NoteCommitRandOld}[1]{\NoteCommitRand^\mathsf{old}_{#1}}
 \newcommand{\NoteCommitRandNew}[1]{\NoteCommitRand^\mathsf{new}_{#1}}
@@ -871,7 +871,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\MaxActualTimespan}{\mathsf{MaxActualTimespan}}
 \newcommand{\ActualTimespan}{\mathsf{ActualTimespan}}
 \newcommand{\ActualTimespanDamped}{\mathsf{ActualTimespanDamped}}
-\newcommand{\ActualTimespanClamped}{\mathsf{ActualTimespanClamped}}
+\newcommand{\ActualTimespanBounded}{\mathsf{ActualTimespanBounded}}
 \newcommand{\Threshold}{\mathsf{Threshold}}
 \newcommand{\ThresholdBits}{\mathsf{ThresholdBits}}
 
@@ -934,7 +934,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\dataToBeSigned}{\mathsf{dataToBeSigned}}
 
 % Merkle tree
-\newcommand{\MerkleDepth}{\mathsf{d_{Merkle}}}
+
+\newcommand{\MerkleDepth}{\mathsf{MerkleDepth}}
 \newcommand{\MerkleNode}[2]{\mathsf{M}^{#1}_{#2}}
 \newcommand{\MerkleSibling}{\mathsf{sibling}}
 \newcommand{\MerkleCRH}{\mathsf{MerkleCRH}}
@@ -1062,7 +1063,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\ParamPexp}[2]{{{#1}_\mathbb{P}\!}^{#2}}
 \newcommand{\GroupP}[1]{\mathbb{P}_{#1}}
 \newcommand{\GroupPstar}[1]{\mathbb{P}^\ast_{#1}}
-\newcommand{\GroupPHash}[1]{\mathsf{GH}^\mathbb{P}_{#1}}
+\newcommand{\GroupPHash}[1]{\mathsf{GroupHash}^\GroupP{#1}}
 \newcommand{\CurveP}[1]{\Curve_{\GroupP{#1}}}
 \newcommand{\ZeroP}[1]{\Zero_{\GroupP{#1}}}
 \newcommand{\GenP}[1]{\Generator_{\GroupP{#1}}}
@@ -1076,7 +1077,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\ParamGexp}[2]{{{#1}_\mathbb{G}\!}^{#2}}
 \newcommand{\GroupG}[1]{\mathbb{G}_{#1}}
 \newcommand{\GroupGstar}[1]{\mathbb{G}^\ast_{#1}}
-\newcommand{\GroupGHash}[1]{\mathsf{GH}^\mathbb{G}_{#1}}
+\newcommand{\GroupGHash}[1]{\mathsf{GroupHash}^\GroupG{#1}}
 \newcommand{\CurveG}[1]{\Curve_{\GroupG{#1}}}
 \newcommand{\ZeroG}[1]{\Zero_{\GroupG{#1}}}
 \newcommand{\GenG}[1]{\Generator_{\GroupG{#1}}}
@@ -1090,7 +1091,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\ParamSexp}[2]{{{#1}_\mathbb{\hskip 0.03em S}\!}^{#2}}
 \newcommand{\GroupS}[1]{\mathbb{S}_{#1}}
 \newcommand{\GroupSstar}[1]{\mathbb{S}^\ast_{#1}}
-\newcommand{\GroupSHash}[1]{\mathsf{GH}^\mathbb{S}_{#1}}
+\newcommand{\GroupSHash}[1]{\mathsf{GroupHash}^\mathbb{S}_{#1}}
 \newcommand{\CurveS}[1]{\Curve_{\GroupS{#1}}}
 \newcommand{\ZeroS}[1]{\Zero_{\GroupS{#1}}}
 \newcommand{\GenS}[1]{\Generator_{\GroupS{#1}}}
@@ -1103,7 +1104,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\ParamJ}[1]{{{#1}_\mathbb{\hskip 0.01em J}}}
 \newcommand{\ParamJexp}[2]{{{#1}_\mathbb{\hskip 0.01em J}\!}^{#2}}
 \newcommand{\GroupJ}{\mathbb{J}}
-\newcommand{\GroupJHash}{\mathsf{GH}^\mathbb{J}}
+\newcommand{\GroupJHash}[1]{\mathsf{GroupHash}^\mathbb{J}_{#1}}
 \newcommand{\CurveJ}{\Curve_{\GroupJ}}
 \newcommand{\ZeroJ}{\Zero_{\GroupJ}}
 \newcommand{\GenJ}{\Generator_{\GroupJ}}
@@ -1661,7 +1662,7 @@ $\Memo$ represents a \memo associated with this \note. The usage of the
 
 \nsubsection{The Block Chain} \label{blockchain}
 
-At a given point in time, each \fullnode is aware of a set of candidate
+At a given point in time, each \fullValidator is aware of a set of candidate
 \blocks. These form a tree rooted at the \genesisBlock, where each node
 in the tree refers to its parent via the $\hashPrevBlock$ \blockHeader field
 (see \crossref{blockheader}).
@@ -1812,7 +1813,7 @@ is denoted $\MerkleNode{h}{i}$.
 
 \nsubsection{\NullifierSets} \label{nullifierset}
 
-Each \fullnode maintains a \nullifierSet logically associated with each \treestate.
+Each \fullValidator maintains a \nullifierSet logically associated with each \treestate.
 As valid \transactions containing \joinSplitTransfers are processed, the \nullifiers
 revealed in \joinSplitDescriptions are inserted into this \nullifierSet.
 
@@ -4463,7 +4464,7 @@ be the constant defined in \crossref{constants}.
   \item \todo{Other rules inherited from \Bitcoin.}
 \end{consensusrules}
 
-In addition, a \fullnode{} \MUSTNOT accept \blocks with $\nTimeField$ more than two hours
+In addition, a \fullValidator{} \MUSTNOT accept \blocks with $\nTimeField$ more than two hours
 in the future according to its clock. This is not strictly a consensus rule because it is
 nondeterministic, and clock time varies between nodes. Also note that a \block that is
 rejected by this rule at a given point in time may later be accepted.
@@ -4691,7 +4692,7 @@ Define:
 \hfuzz=10pt
   \item $\mean(S) := \left( \vsum{i=1}{\length(S)} S_i \right) \raisebox{-0.4ex}{\scalebox{1.4}{/\,}} \length(S)$.
   \item $\median(S) := \sorted(S)_{\ceiling{\length(S) / 2}}$
-  \item $\clamp{\Lower}{\Upper}(x) := \maximum(\Lower, \minimum(\Upper, x)))$
+  \item $\bound{\Lower}{\Upper}(x) := \maximum(\Lower, \minimum(\Upper, x)))$
   \item $\trunc{x} := \begin{cases}
           \floor{x},&\caseif x \geq 0 \\
           -\floor{-x},&\caseotherwise
@@ -4704,7 +4705,7 @@ Define:
                                               \maximum(0, \BlockHeight - \PoWMedianBlockSpan) \upto \BlockHeight - 1})$
   \item $\ActualTimespan(\BlockHeight) := \MedianTime(\BlockHeight) - \MedianTime(\BlockHeight - \PoWAveragingWindow)$
   \item $\ActualTimespanDamped(\BlockHeight) := \AveragingWindowTimespan + \trunc{\scalebox{0.98}{\hfrac{\ActualTimespan(\BlockHeight) - \AveragingWindowTimespan}{\PoWDampingFactor}}}$
-  \item $\ActualTimespanClamped(\BlockHeight) := \clamp{\MinActualTimespan}{\MaxActualTimespan}(\ActualTimespanDamped(\BlockHeight))$
+  \item $\ActualTimespanBounded(\BlockHeight) := \bound{\MinActualTimespan}{\MaxActualTimespan}(\ActualTimespanDamped(\BlockHeight))$
   \item $\MeanTarget(\BlockHeight) := \begin{cases}
           \PoWLimit, \hspace{16em}\text{if } \BlockHeight \leq \PoWAveragingWindow \\
           \mean(\listcomp{\ToTarget(\nBits(i)) \for i \from \BlockHeight - \PoWAveragingWindow \upto \BlockHeight - 1}),\\
@@ -4720,7 +4721,7 @@ The \targetThreshold for a given \blockHeight $\BlockHeight$ is then calculated
   \item $\Threshold(\BlockHeight) \hspace{0.43em} := \hspace{0.43em} \begin{cases}
                \PoWLimit, \hspace{16em}\text{if } \BlockHeight = 0 \\
                \minimum(\PoWLimit, \floor{\hfrac{\MeanTarget(\BlockHeight)}{\AveragingWindowTimespan}}
-                                   \mult \ActualTimespanClamped(\BlockHeight)),\\
+                                   \mult \ActualTimespanBounded(\BlockHeight)),\\
                           \hspace{20.7em}\text{otherwise}
              \end{cases}$
   \item $\ThresholdBits(\BlockHeight) := \ToCompact(\Threshold(\BlockHeight))$.
@@ -4728,7 +4729,7 @@ The \targetThreshold for a given \blockHeight $\BlockHeight$ is then calculated
 
 \pnote{
 The convention used for the height parameters to $\MedianTime$, $\ActualTimespan$,
-$\ActualTimespanDamped$, $\ActualTimespanClamped$, $\MeanTarget$, $\Threshold$, and
+$\ActualTimespanDamped$, $\ActualTimespanBounded$, $\MeanTarget$, $\Threshold$, and
 $\ThresholdBits$ is that these functions use only information from \blocks \emph{preceding}
 the given \blockHeight.
 }
@@ -4777,9 +4778,9 @@ $\MaxBlockSubsidy$, and $\FoundersFraction$ are instantiated in \crossref{consta
   \item $\SlowStartRate \typecolon \Nat := \hfrac{\MaxBlockSubsidy}{\SlowStartInterval}$
   \item $\Halving(\BlockHeight) := \floor{\hfrac{\BlockHeight - \SlowStartShift}{\HalvingInterval}}$
   \item $\BlockSubsidy(\BlockHeight) := \begin{cases}
-          \SlowStartRate \mult \BlockHeight,&\!\!\text{if } \BlockHeight < \hfrac{\SlowStartInterval}{2} \\[1.4ex]
-          \SlowStartRate \mult (\BlockHeight + 1),&\!\!\text{if } \hfrac{\SlowStartInterval}{2} \leq \BlockHeight < \SlowStartInterval \\[1.4ex]
-          \floor{\hfrac{\MaxBlockSubsidy}{2^{\Halving(\BlockHeight)}}},&\!\!\text{otherwise}
+          \SlowStartRate \mult \BlockHeight,&\caseif \BlockHeight < \hfrac{\SlowStartInterval}{2} \\[1.4ex]
+          \SlowStartRate \mult (\BlockHeight + 1),&\caseif \hfrac{\SlowStartInterval}{2} \leq \BlockHeight < \SlowStartInterval \\[1.4ex]
+          \floor{\hfrac{\MaxBlockSubsidy}{2^{\Halving(\BlockHeight)}}},&\caseotherwise
         \end{cases}$
 
   \item $\FoundersReward(\BlockHeight) := \begin{cases}
@@ -5493,6 +5494,21 @@ The errors in the proof of Ledger Indistinguishability mentioned in
 
 \introsection
 \nsection{Change History}
+
+\subparagraph{2018.0-beta-7}
+
+\begin{itemize}
+    \item Rename $\mathsf{clamp}$ to $\mathsf{bound}$ and
+          $\mathsf{ActualTimespanClamped}$ to $\ActualTimespanBounded$
+          in the difficulty adjustment algorithm, to avoid a name
+          collision with Curve25519 scalar ``clamping''.
+    \item Change uses of the term \term{full node} to \fullValidator.
+          A \term{full node} by definition participates in the
+          peer-to-peer network, whereas a \fullValidator just needs a copy
+          of the \blockchain from somewhere. The latter is what was meant.
+\end{itemize}
+
+\introlist
 \subparagraph{2018.0-beta-6}
 
 \begin{itemize}
@@ -6165,16 +6181,16 @@ If the base point $B$ is fixed for a given scalar multiplication $\scalarmult{k}
 we can fully precompute window tables for each window position.
 
 It is most efficient to use $3$-bit fixed windows. Since the length of
-$\ParamG{s}$ is $252$ bits, we need $84$ windows.
+$\ParamJ{r}$ is $252$ bits, we need $84$ windows.
 
-Let $k = \vsum{i=0}{83} k_i \smult 8^i$.
+Express $k$ in base $8$, i.e.\ $k = \vsum{i=0}{83} k_i \smult 8^i$.
 
-Then $\scalarmult{k}{B} = \vsum{i=0}{83} w_{i,\,k_i}$, where
-$w_{i,\,k_i} = \scalarmult{k_i \smult 8^i}{B}$.
+Then $\scalarmult{k}{B} = \vsum{i=0}{83} w_{(B,\,i,\,k_i)}$, where
+$w_{(B,\,i,\,k_i)} = \scalarmult{k_i \smult 8^i}{B}$.
 
-We precompute all of $w_{i,\,s}$ for $i \in \range{0}{83}, s \in \range{0}{7}$.
+We precompute all of $w_{(B,\,i,\,s)}$ for $i \in \range{0}{83}, s \in \range{0}{7}$.
 
-To look up a given window entry $w_{i,\,s} = (u_s, \varv_s)$, where
+To look up a given window entry $w_{(B,\,i,\,s)} = (u_s, \varv_s)$, where
 $s = 4 \smult s_2 + 2 \smult s_1 + s_0$, we use:
 
 \begin{formulae}
@@ -6183,13 +6199,13 @@ $s = 4 \smult s_2 + 2 \smult s_1 + s_0$, we use:
                                - u_1 \smult s_0 \plus u_2 \smult s\suband - u_2 \smult s_1 - u_3 \smult s\suband \\
          \mhspace{2.91em}      \plus u_4 \smult s\suband - u_4 \smult s_1 - u_4 \smult s_0 \plus u_4 - u_5 \smult s\suband
                                \plus u_5 \smult s_0 - u_6 \smult s\suband \plus u_6 \smult s_1 \plus u_7 \smult s\suband) = \\
-         \mhspace{1.52em}     \lincomb{u_r - u_0 \smult s\suband \plus u_0 \smult s_1 \plus u_0 \smult s_0 - u_0 \plus u_1 \smult s\suband
+         \mhspace{1.52em}     \lincomb{u_s - u_0 \smult s\suband \plus u_0 \smult s_1 \plus u_0 \smult s_0 - u_0 \plus u_1 \smult s\suband
                                            - u_1 \smult s_0 \plus u_2 \smult s\suband - u_2 \smult s_1 - u_3 \smult s\suband}$
   \item $\lincomb{s_2} \times (-\hairspace \vv_0 \smult s\suband \plus \vv_0 \smult s_1 \plus \vv_0 \smult s_0 - \vv_0 \plus \vv_1 \smult s\suband
                                - \vv_1 \smult s_0 \plus \vv_2 \smult s\suband - \vv_2 \smult s_1 - \vv_3 \smult s\suband \\
          \mhspace{2.91em}      \plus \vv_4 \smult s\suband - \vv_4 \smult s_1 - \vv_4 \smult s_0 \plus \vv_4 - \vv_5 \smult s\suband
                                \plus \vv_5 \smult s_0 - \vv_6 \smult s\suband \plus \vv_6 \smult s_1 \plus \vv_7 \smult s\suband) = \\
-         \mhspace{1.52em}     \lincomb{\vv_r - \vv_0 \smult s\suband \plus \vv_0 \smult s_1 \plus \vv_0 \smult s_0 - \vv_0 \plus \vv_1 \smult s\suband
+         \mhspace{1.52em}     \lincomb{\vv_s - \vv_0 \smult s\suband \plus \vv_0 \smult s_1 \plus \vv_0 \smult s_0 - \vv_0 \plus \vv_1 \smult s\suband
                                              - \vv_1 \smult s_0 \plus \vv_2 \smult s\suband - \vv_2 \smult s_1 - \vv_3 \smult s\suband}$
 \end{formulae}