mirror of https://github.com/zcash/zips.git
Add note about non-uniformity of Orchard ivk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
119abe37c3
commit
15d59f11c4
|
@ -4943,11 +4943,16 @@ The \diversifiedPaymentAddress with \diversifierIndex $0$ is called the \definin
|
||||||
\end{pnotes}
|
\end{pnotes}
|
||||||
|
|
||||||
\vspace{-2ex}
|
\vspace{-2ex}
|
||||||
\nnote{
|
\begin{nnotes}
|
||||||
The uses of $\ToScalar{Orchard}$ and $\ToBase{Orchard}$ produce output that is
|
\item The uses of $\ToScalar{Orchard}$ and $\ToBase{Orchard}$ produce output that is
|
||||||
uniform on $\GF{\ParamP{r}}$ and $\GF{\ParamP{q}}$ respectively when applied to random
|
uniform on $\GF{\ParamP{r}}$ and $\GF{\ParamP{q}}$ respectively when applied to
|
||||||
input, by a similar argument to that used in \crossref{saplingkeycomponents}.
|
random input, by a similar argument to that used in \crossref{saplingkeycomponents}.
|
||||||
} %nnote
|
\item The output of $\CommitIvk{}$ is the $x$-coordinate of a \pallasCurve point, which
|
||||||
|
we then use as a $\KA{Orchard}$ private key $\InViewingKey$ for \note encryption.
|
||||||
|
The fact that $\InViewingKey$ is non-uniform on $\GF{\ParamP{r}}$ (since it can
|
||||||
|
only take on roughly half of the possible values) is not expected to cause any
|
||||||
|
security issue.
|
||||||
|
\end{nnotes}
|
||||||
} %nufive
|
} %nufive
|
||||||
|
|
||||||
|
|
||||||
|
@ -14220,6 +14225,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
||||||
\nufive{
|
\nufive{
|
||||||
\item Correct errors in the definitions of $\ExtractP$ and $\ExtractPbot$ in \crossref{concreteextractorpallas}:
|
\item Correct errors in the definitions of $\ExtractP$ and $\ExtractPbot$ in \crossref{concreteextractorpallas}:
|
||||||
$\ExtractP(\ZeroP)$ should be $0$, and $\ExtractPbot(\bot)$ should be $\bot$.
|
$\ExtractP(\ZeroP)$ should be $0$, and $\ExtractPbot(\bot)$ should be $\bot$.
|
||||||
|
\item Add a note in \crossref{orchardkeycomponents} about non-uniformity of $\InViewingKey$.
|
||||||
}
|
}
|
||||||
\item Fix some URLs in references.
|
\item Fix some URLs in references.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
Loading…
Reference in New Issue