Update viewing key encoding.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -483,8 +483,9 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\PaymentAddressLeadByte}{\hexint{16}}
 \newcommand{\PaymentAddressSecondByte}{\hexint{9A}}
 \newcommand{\InViewingKey}{\mathsf{ivk}}
-\newcommand{\ViewingKeyLeadByte}{\hexint{0B}}
-\newcommand{\ViewingKeySecondByte}{\hexint{1C}}
+\newcommand{\InViewingKeyLeadByte}{\hexint{A8}}
+\newcommand{\InViewingKeySecondByte}{\hexint{AB}}
+\newcommand{\InViewingKeyThirdByte}{\hexint{D3}}
 \newcommand{\SpendingKeyLeadByte}{\hexint{AB}}
 \newcommand{\SpendingKeySecondByte}{\hexint{36}}
 \newcommand{\PtoSHAddressLeadByte}{\hexint{1C}}
@@ -493,8 +494,9 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\PtoPKHAddressSecondByte}{\hexint{B8}}
 \newcommand{\PaymentAddressTestnetLeadByte}{\hexint{16}}
 \newcommand{\PaymentAddressTestnetSecondByte}{\hexint{B6}}
-\newcommand{\ViewingKeyTestnetLeadByte}{\hexint{0B}}
-\newcommand{\ViewingKeyTestnetSecondByte}{\hexint{2A}}
+\newcommand{\InViewingKeyTestnetLeadByte}{\hexint{A8}}
+\newcommand{\InViewingKeyTestnetSecondByte}{\hexint{AC}}
+\newcommand{\InViewingKeyTestnetThirdByte}{\hexint{0C}}
 \newcommand{\SpendingKeyTestnetLeadByte}{\hexint{AC}}
 \newcommand{\SpendingKeyTestnetSecondByte}{\hexint{08}}
 \newcommand{\PtoSHAddressTestnetLeadByte}{\hexint{1C}}
@@ -3606,24 +3608,29 @@ components are derived from a \spendingKey as described in \crossref{keycomponen
 
 \introlist
 The raw encoding of an \incomingViewingKey consists of, in order:
+}
 \vspace{2ex}
 \begin{equation*}
-\begin{bytefield}[bitwidth=0.07em]{520}
-    \bitbox{80}{$8$-bit $\ViewingKeyLeadByte$}
-    \bitbox{80}{$8$-bit $\ViewingKeySecondByte$}
+\begin{bytefield}[bitwidth=0.062em]{536}
+\changed{
+    \bitbox{88}{$8$-bit $\InViewingKeyLeadByte$}
+    \bitbox{88}{$8$-bit $\InViewingKeySecondByte$}
+    \bitbox{88}{$8$-bit $\InViewingKeyThirdByte$}
     \bitbox{256}{$256$-bit $\AuthPublic$}
-    \bitbox{256}{\changed{$256$}-bit $\TransmitPrivate$}
+    \bitbox{256}{$256$-bit $\TransmitPrivate$}
+}
 \end{bytefield}
 \end{equation*}
 
+\changed{
 \begin{itemize}
-    \item Two bytes $[\ViewingKeyLeadByte, \ViewingKeySecondByte]$,
+  \item Three bytes $[\InViewingKeyLeadByte, \InViewingKeySecondByte, \InViewingKeyThirdByte]$,
         indicating this version of the raw encoding of a \Zcash \incomingViewingKey
         on the production network. (Addresses on the test network use
-        $[\ViewingKeyTestnetLeadByte, \ViewingKeyTestnetSecondByte]$
+        $[\InViewingKeyTestnetLeadByte, \InViewingKeyTestnetSecondByte, \InViewingKeyTestnetThirdByte]$
         instead.)
-    \item 256 bits specifying $\AuthPublic$.
-    \item 256 bits specifying $\TransmitPrivate$, using the normal encoding
+  \item 256 bits specifying $\AuthPublic$.
+  \item 256 bits specifying $\TransmitPrivate$, using the normal encoding
         of a Curve25519 private key \cite{Bern2006}.
 \end{itemize}
 
@@ -3634,9 +3641,9 @@ considered invalid if $\TransmitPrivate \neq \KAFormatPrivate(\TransmitPrivate)$
 
 \pnote{
 For addresses on the production network, the lead bytes and encoded length
-cause the first two characters of the Base58Check encoding to be fixed as
-\ascii{VK}. For the test network, the first two characters are fixed as
-\ascii{VT}.
+cause the first four characters of the Base58Check encoding to be fixed as
+\ascii{ZiVK}. For the test network, the first four characters are fixed as
+\ascii{ZiVt}.
 }
 }
 
@@ -4992,6 +4999,15 @@ The errors in the proof of Ledger Indistinguishability mentioned in
 \introlist
 \nsection{Change history}
 
+\subparagraph{2017.0-beta-2.9}
+
+\begin{itemize}
+    \item Refer to $\TransmitPrivate$ as a \receivingKey rather than as a
+          viewing key.
+    \item Updates for \incomingViewingKey support.
+\end{itemize}
+
+\introlist
 \subparagraph{2017.0-beta-2.8}
 
 \begin{itemize}