mirror of https://github.com/zcash/zips.git
Merge pull request #371 from zcash/spec-latex-portability
Protocol spec: improve LaTeX portability
This commit is contained in:
commit
198241c077
|
@ -103,6 +103,7 @@
|
||||||
\usepackage{quattrocento}
|
\usepackage{quattrocento}
|
||||||
\usepackage[bb=ams]{mathalfa}
|
\usepackage[bb=ams]{mathalfa}
|
||||||
\usepackage[scr]{rsfso}
|
\usepackage[scr]{rsfso}
|
||||||
|
\usepackage{upgreek}
|
||||||
|
|
||||||
% Quattrocento is beautiful but doesn't have an italic face. So we scale
|
% Quattrocento is beautiful but doesn't have an italic face. So we scale
|
||||||
% New Century Schoolbook italic to fit in with slanted Quattrocento and
|
% New Century Schoolbook italic to fit in with slanted Quattrocento and
|
||||||
|
@ -426,26 +427,8 @@
|
||||||
\DeclareSymbolFont{matha}{OML}{txmi}{m}{it}
|
\DeclareSymbolFont{matha}{OML}{txmi}{m}{it}
|
||||||
\DeclareMathSymbol{\varv}{\mathord}{matha}{118}
|
\DeclareMathSymbol{\varv}{\mathord}{matha}{118}
|
||||||
|
|
||||||
% newtxmath defines some nice characters, but has too many side effects
|
% These are defined by newtxmath, but that's a very opinionated package that causes a
|
||||||
% and is completely incompatible with lmodern. We pull these definitions out
|
% bunch of regressions (IMO) to math fonts and rendering.
|
||||||
% of <newtxmath.sty>.
|
|
||||||
|
|
||||||
% from <https://tex.stackexchange.com/q/452081/78411>
|
|
||||||
\makeatletter
|
|
||||||
\newif\iftx@libertine
|
|
||||||
\newif\iftx@minion
|
|
||||||
\newif\iftx@coch
|
|
||||||
\newif\iftx@ch
|
|
||||||
\newif\iftx@stxtwo
|
|
||||||
\makeatother
|
|
||||||
|
|
||||||
\DeclareSymbolFont{lettersA}{U}{ntxmia}{m}{it}
|
|
||||||
\SetSymbolFont{lettersA}{bold}{U}{ntxmia}{b}{it}
|
|
||||||
\DeclareFontSubstitution{U}{ntxmia}{m}{it}
|
|
||||||
|
|
||||||
\DeclareMathSymbol{\uprho}{\mathord}{lettersA}{26}
|
|
||||||
\DeclareMathSymbol{\upvarphi}{\mathord}{lettersA}{39}
|
|
||||||
|
|
||||||
\DeclareSymbolFont{AMSm}{U}{ntxsym}{m}{n}
|
\DeclareSymbolFont{AMSm}{U}{ntxsym}{m}{n}
|
||||||
\SetSymbolFont{AMSm}{bold}{U}{ntxsym}{b}{n}
|
\SetSymbolFont{AMSm}{bold}{U}{ntxsym}{b}{n}
|
||||||
\DeclareFontSubstitution{U}{ntxsym}{m}{n}
|
\DeclareFontSubstitution{U}{ntxsym}{m}{n}
|
||||||
|
@ -469,7 +452,7 @@
|
||||||
\newcommand{\clasp}[3][0pt]{\stackengine{0pt}{#3}{\kern#1#2}{O}{c}{F}{F}{L}}
|
\newcommand{\clasp}[3][0pt]{\stackengine{0pt}{#3}{\kern#1#2}{O}{c}{F}{F}{L}}
|
||||||
|
|
||||||
\newcommand{\plus}{\hairspace +\hairspace}
|
\newcommand{\plus}{\hairspace +\hairspace}
|
||||||
\newcommand{\vv}{\hspace{0.071em}\varv\hspace{0.064em}}
|
\newcommand{\spv}{\hspace{0.071em}\varv\hspace{0.064em}}
|
||||||
\newcommand{\varvv}{\varv\kern 0.02em\varv}
|
\newcommand{\varvv}{\varv\kern 0.02em\varv}
|
||||||
\newcommand{\yy}{\hspace{0.022em}y\hspace{0.021em}}
|
\newcommand{\yy}{\hspace{0.022em}y\hspace{0.021em}}
|
||||||
|
|
||||||
|
@ -10389,6 +10372,13 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
||||||
\intropart
|
\intropart
|
||||||
\lsection{Change History}{changehistory}
|
\lsection{Change History}{changehistory}
|
||||||
|
|
||||||
|
\historyentry{2020.1.4}{}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item Improve LaTeX portability of this specification.
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
|
||||||
\historyentry{2020.1.3}{2020-04-22}
|
\historyentry{2020.1.3}{2020-04-22}
|
||||||
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
@ -11623,7 +11613,7 @@ $(u, \varv)$ for affine coordinates on the \ctEdwardsCurve, and $(x, y)$ for
|
||||||
affine coordinates on the \MontgomeryCurve.
|
affine coordinates on the \MontgomeryCurve.
|
||||||
|
|
||||||
A point $P$ is normally represented by two $\GF{\ParamS{r}}$ variables, which
|
A point $P$ is normally represented by two $\GF{\ParamS{r}}$ variables, which
|
||||||
we name as $(P^u, P^{\vv})$ for an \affineCtEdwards point, for instance.
|
we name as $(P^u, P^{\spv})$ for an \affineCtEdwards point, for instance.
|
||||||
|
|
||||||
The implementations of scalar multiplication require the scalar to be represented
|
The implementations of scalar multiplication require the scalar to be represented
|
||||||
as a bit sequence. We therefore allow the notation $\scalarmult{k\Repr}{P}$ meaning
|
as a bit sequence. We therefore allow the notation $\scalarmult{k\Repr}{P}$ meaning
|
||||||
|
@ -12320,12 +12310,12 @@ $s = 4 \smult s_2 + 2 \smult s_1 + s_0$, we use:
|
||||||
\plus u_3 \smult s_1 - u_5 \smult s\suband \plus u_5 \smult s_2 \plus u_7 \smult s\suband\big) = \\
|
\plus u_3 \smult s_1 - u_5 \smult s\suband \plus u_5 \smult s_2 \plus u_7 \smult s\suband\big) = \\
|
||||||
\mhspace{1.92em} \lincomb{u_s - u_0 \smult s\suband \plus u_0 \smult s_2 \plus u_0 \smult s_1 - u_0 \plus u_2 \smult s\suband
|
\mhspace{1.92em} \lincomb{u_s - u_0 \smult s\suband \plus u_0 \smult s_2 \plus u_0 \smult s_1 - u_0 \plus u_2 \smult s\suband
|
||||||
- u_2 \smult s_1 \plus u_4 \smult s\suband - u_4 \smult s_2 - u_6 \smult s\suband}$
|
- u_2 \smult s_1 \plus u_4 \smult s\suband - u_4 \smult s_2 - u_6 \smult s\suband}$
|
||||||
\item $\lconstraint{s_0} \big(\!- \vv_0 \smult s\suband \plus \vv_0 \smult s_2 \plus \vv_0 \smult s_1 - \vv_0 \plus \vv_2 \smult s\suband
|
\item $\lconstraint{s_0} \big(\!- \spv_0 \smult s\suband \plus \spv_0 \smult s_2 \plus \spv_0 \smult s_1 - \spv_0 \plus \spv_2 \smult s\suband
|
||||||
- \vv_2 \smult s_1 \plus \vv_4 \smult s\suband - \vv_4 \smult s_2 - \vv_6 \smult s\suband \\
|
- \spv_2 \smult s_1 \plus \spv_4 \smult s\suband - \spv_4 \smult s_2 - \spv_6 \smult s\suband \\
|
||||||
\mhspace{3.51em} \plus \vv_1 \smult s\suband - \vv_1 \smult s_2 - \vv_1 \smult s_1 \plus \vv_1 - \vv_3 \smult s\suband
|
\mhspace{3.51em} \plus \spv_1 \smult s\suband - \spv_1 \smult s_2 - \spv_1 \smult s_1 \plus \spv_1 - \spv_3 \smult s\suband
|
||||||
\plus \vv_3 \smult s_1 - \vv_5 \smult s\suband \plus \vv_5 \smult s_2 \plus \vv_7 \smult s\suband\big) = \\
|
\plus \spv_3 \smult s_1 - \spv_5 \smult s\suband \plus \spv_5 \smult s_2 \plus \spv_7 \smult s\suband\big) = \\
|
||||||
\mhspace{1.90em} \lincomb{\vv_s - \vv_0 \smult s\suband \plus \vv_0 \smult s_2 \plus \vv_0 \smult s_1 - \vv_0 \plus \vv_2 \smult s\suband
|
\mhspace{1.90em} \lincomb{\spv_s - \spv_0 \smult s\suband \plus \spv_0 \smult s_2 \plus \spv_0 \smult s_1 - \spv_0 \plus \spv_2 \smult s\suband
|
||||||
- \vv_2 \smult s_1 \plus \vv_4 \smult s\suband - \vv_4 \smult s_2 - \vv_6 \smult s\suband}$
|
- \spv_2 \smult s_1 \plus \spv_4 \smult s\suband - \spv_4 \smult s_2 - \spv_6 \smult s\suband}$
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
|
|
||||||
For a full-length ($252$-bit) scalar this costs $3$ constraints for each of $84$ window lookups,
|
For a full-length ($252$-bit) scalar this costs $3$ constraints for each of $84$ window lookups,
|
||||||
|
@ -12375,14 +12365,14 @@ Given $k = \ssum{i=0}{250} k_i \smult 2^i$, we calculate $R = \scalarmult{k}{B}$
|
||||||
\item // $\Base_i = \scalarmult{2^i}{B}$
|
\item // $\Base_i = \scalarmult{2^i}{B}$
|
||||||
\item let $\Base_0 = B$
|
\item let $\Base_0 = B$
|
||||||
\item let $\Acc^u_0 = k_0 \bchoose \Base^u_0 : 0$
|
\item let $\Acc^u_0 = k_0 \bchoose \Base^u_0 : 0$
|
||||||
\item let $\Acc^{\vv}_0\hairspace = k_0 \bchoose \Base^{\vv}_0 : 1$
|
\item let $\Acc^{\spv}_0\hairspace = k_0 \bchoose \Base^{\spv}_0 : 1$
|
||||||
\vspace{1ex}
|
\vspace{1ex}
|
||||||
\item for $i$ from $1$ up to $250$:
|
\item for $i$ from $1$ up to $250$:
|
||||||
\item \tab let $\Base_i = \scalarmult{2}{\Base_{i-1}}$
|
\item \tab let $\Base_i = \scalarmult{2}{\Base_{i-1}}$
|
||||||
\vspace{1ex}
|
\vspace{1ex}
|
||||||
\item \tab // select $\Base_i$ or $\ZeroJ$ depending on the bit $k_i$
|
\item \tab // select $\Base_i$ or $\ZeroJ$ depending on the bit $k_i$
|
||||||
\item \tab let $\Addend^u_i = k_i \bchoose \Base^u_i : 0$
|
\item \tab let $\Addend^u_i = k_i \bchoose \Base^u_i : 0$
|
||||||
\item \tab let $\Addend^{\vv}_i\hairspace = k_i \bchoose \Base^{\vv}_i : 1$
|
\item \tab let $\Addend^{\spv}_i\hairspace = k_i \bchoose \Base^{\spv}_i : 1$
|
||||||
\item \tab let $\Acc_i = \Acc_{i-1} + \Addend_i$
|
\item \tab let $\Acc_i = \Acc_{i-1} + \Addend_i$
|
||||||
\item let $R = \Acc_{250}$.
|
\item let $R = \Acc_{250}$.
|
||||||
\end{algorithm}
|
\end{algorithm}
|
||||||
|
|
Loading…
Reference in New Issue