mirror of https://github.com/zcash/zips.git
Add note about non-uniformity of Orchard ivk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
119abe37c3
commit
15d59f11c4
|
@ -4943,11 +4943,16 @@ The \diversifiedPaymentAddress with \diversifierIndex $0$ is called the \definin
|
|||
\end{pnotes}
|
||||
|
||||
\vspace{-2ex}
|
||||
\nnote{
|
||||
The uses of $\ToScalar{Orchard}$ and $\ToBase{Orchard}$ produce output that is
|
||||
uniform on $\GF{\ParamP{r}}$ and $\GF{\ParamP{q}}$ respectively when applied to random
|
||||
input, by a similar argument to that used in \crossref{saplingkeycomponents}.
|
||||
} %nnote
|
||||
\begin{nnotes}
|
||||
\item The uses of $\ToScalar{Orchard}$ and $\ToBase{Orchard}$ produce output that is
|
||||
uniform on $\GF{\ParamP{r}}$ and $\GF{\ParamP{q}}$ respectively when applied to
|
||||
random input, by a similar argument to that used in \crossref{saplingkeycomponents}.
|
||||
\item The output of $\CommitIvk{}$ is the $x$-coordinate of a \pallasCurve point, which
|
||||
we then use as a $\KA{Orchard}$ private key $\InViewingKey$ for \note encryption.
|
||||
The fact that $\InViewingKey$ is non-uniform on $\GF{\ParamP{r}}$ (since it can
|
||||
only take on roughly half of the possible values) is not expected to cause any
|
||||
security issue.
|
||||
\end{nnotes}
|
||||
} %nufive
|
||||
|
||||
|
||||
|
@ -14220,6 +14225,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
|||
\nufive{
|
||||
\item Correct errors in the definitions of $\ExtractP$ and $\ExtractPbot$ in \crossref{concreteextractorpallas}:
|
||||
$\ExtractP(\ZeroP)$ should be $0$, and $\ExtractPbot(\bot)$ should be $\bot$.
|
||||
\item Add a note in \crossref{orchardkeycomponents} about non-uniformity of $\InViewingKey$.
|
||||
}
|
||||
\item Fix some URLs in references.
|
||||
\end{itemize}
|
||||
|
|
Loading…
Reference in New Issue