mirror of https://github.com/zcash/zips.git
Clarify that dk is not part of the standard Sapling derivation
This commit is contained in:
parent
a414e4e7d3
commit
1f7b5120f1
|
@ -159,15 +159,20 @@ Let *S* be a seed byte sequence of a chosen length, which MUST be at least 32 by
|
|||
- Split *I* into two 32-byte sequences, *I*\ :sub:`L` and *I*\ :sub:`R`\ .
|
||||
- Use *I*\ :sub:`L` as the master spending key *sk*\ :sub:`m`\ , and *I*\ :sub:`R` as the master chain code
|
||||
*c*\ :sub:`m`\ .
|
||||
- Calculate the master extended spending key *m*\ :sub:`Sapling` = (*ask*\ :sub:`m`\ , *nsk*\ :sub:`m`\ ,
|
||||
*ovk*\ :sub:`m`\ , *dk*\ :sub:`m`\ , *c*\ :sub:`m`\ ) via the standard Sapling derivation
|
||||
- Calculate *ask*\ :sub:`m`\ , *nsk*\ :sub:`m`\ , and *ovk*\ :sub:`m` via the standard Sapling derivation
|
||||
[#sapling-key-components]_:
|
||||
|
||||
- *ask*\ :sub:`m` = ToScalar(PRF\ :sup:`expand`\ (*sk*\ :sub:`m`\ , [0x00]))
|
||||
- *nsk*\ :sub:`m` = ToScalar(PRF\ :sup:`expand`\ (*sk*\ :sub:`m`\ , [0x01]))
|
||||
- *ovk*\ :sub:`m` = truncate\ :sub:`32`\ (PRF\ :sup:`expand`\ (*sk*\ :sub:`m`\ , [0x02]))
|
||||
|
||||
- Calculate *dk*\ :sub:`m` similarly:
|
||||
|
||||
- *dk*\ :sub:`m` = truncate\ :sub:`32`\ (PRF\ :sup:`expand`\ (*sk*\ :sub:`m`\ , [0x10]))
|
||||
|
||||
- Return (*ask*\ :sub:`m`\ , *nsk*\ :sub:`m`\ , *ovk*\ :sub:`m`\ , *dk*\ :sub:`m`\ , *c*\ :sub:`m`\ ) as the
|
||||
master extended spending key *m*\ :sub:`Sapling`\ .
|
||||
|
||||
Child key derivation
|
||||
--------------------
|
||||
|
||||
|
|
Loading…
Reference in New Issue