ZIP 316: Define a named constant \ell^MAX_M to replace the magic number 4194368.

Also define \ell_H = 64.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

zip-0316.rst

@@ -579,9 +579,13 @@ Let :math:`H_i` be a hash personalized by :math:`i,` with maximum output
 length :math:`\ell_H` bytes. Let :math:`G_i` be a XOF (a hash function with
 extendable output length) based on :math:`H,` personalized by :math:`i.`
 
+Define :math:`\ell^\mathsf{MAX}_M = (2^{16} + 1) \cdot \ell_H.`
+For the instantiation using BLAKE2b defined below,
+:math:`\ell^\mathsf{MAX}_M = 4194368.`
+
 Given input :math:`M` of length :math:`\ell_M` bytes such that
-:math:`48 \leq \ell_M \leq 4194368,` define :math:`\mathsf{F4Jumble}(M)`
-by:
+:math:`48 \leq \ell_M \leq \ell^\mathsf{MAX}_M,` define
+:math:`\mathsf{F4Jumble}(M)` by:
 
 * let :math:`\ell_L = \mathsf{min}(\ell_H, \mathsf{floor}(\ell_M/2))`
 * let :math:`\ell_R = \ell_M - \ell_L`
@@ -599,7 +603,7 @@ The first argument to BLAKE2b below is the personalization.
 
 We instantiate :math:`H_i(u)` by
 :math:`\mathsf{BLAKE2b‐}(8\ell_L)(\texttt{“UA_F4Jumble_H”} \,||\,`
-:math:`[i, 0, 0], u).`
+:math:`[i, 0, 0], u),` with :math:`\ell_H = 64.`
 
 We instantiate :math:`G_i(u)` as the first :math:`\ell_R` bytes of the
 concatenation of
@@ -627,14 +631,15 @@ zero bytes, to the raw encoding, then applies :math:`\mathsf{F4Jumble}`
 before encoding the result with Bech32m.
 
 The Consumer rejects any Bech32m-decoded byte sequence that is less than
-48 bytes or greater than 4194368 bytes; otherwise it applies
-:math:`\mathsf{F4Jumble}^{-1}.` It rejects any result that does not end
-in the expected padding, before stripping these 16 bytes and parsing the
-result.
+48 bytes or greater than :math:`\ell^\mathsf{MAX}_M` bytes; otherwise it
+applies :math:`\mathsf{F4Jumble}^{-1}.` It rejects any result that does
+not end in the expected padding, before stripping these 16 bytes and
+parsing the result.
 
 (48 bytes is the minimum size of a valid UA, UFVK, or UIVK raw encoding
 plus 16 zero bytes, corresponding to a single Sapling Incoming Viewing Key.
-4194368 bytes is the largest input/output size supported by :math:`\mathsf{F4Jumble}.`)
+:math:`\ell^\mathsf{MAX}_M` bytes is the largest input/output size
+supported by :math:`\mathsf{F4Jumble}.`)
 
 Heuristic analysis
 ''''''''''''''''''
@@ -701,7 +706,7 @@ For longer UAs (when other Typecodes are added), the cost increases to 6
 BLAKE2b compressions for :math:`128 < \ell_M \leq 192,` and 10 BLAKE2b
 compressions for :math:`192 < \ell_M \leq 256,` for example. The maximum
 cost for which the algorithm is defined would be 196608 BLAKE2b compressions
-at :math:`\ell_M = 4194368` bytes.
+at :math:`\ell_M = \ell^\mathsf{MAX}_M` bytes.
 
 A naïve implementation of the :math:`\mathsf{F4Jumble}^{-1}` function would
 require roughly :math:`\ell_M` bytes plus the size of a BLAKE2b hash state.