From 2379ba88d7242045c14aca52efbccd86270bba94 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Tue, 18 Jun 2019 22:51:55 +0100 Subject: [PATCH] Protocol spec: cosmetics. Signed-off-by: Daira Hopwood --- protocol/protocol.tex | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/protocol/protocol.tex b/protocol/protocol.tex index d965e4a0..879a9a3d 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -2246,9 +2246,9 @@ $\vproduct{i=1}{\rmN} a_i$ means the product of $a_{\allN{}}$.\; $\vxor{i=1}{\rmN} a_i$ means the bitwise exclusive-or of $a_{\allN{}}$. When $N = 0$ these yield the appropriate neutral element, i.e. -\smash{$\vsum{i=1}{0} a_i = 0$, $\vproduct{i=1}{0} a_i = 1$, and -$\vxor{i=1}{0} a_i = 0$} or the all-zero bit sequence of the -appropriate length given by the type of $a$. +$\ssum{i=1}{0} a_i = 0$, $\sproduct{i=1}{0} a_i = 1$, and +$\sxor{i=1}{0} a_i = 0$ or the all-zero bit sequence of length given +by the type of $a$. \notsprout{ $\ssqrt{a}$, where $a \typecolon \GF{q}$, means the positive @@ -5015,7 +5015,7 @@ For details of the form and encoding of \spendStatement proofs, see \crossref{gr \begin{pnotes} \item Public and \auxiliaryInputs{} \MUST be constrained to have the types specified. In particular, - see \crossref{ccteddecompressvalidate} for implementation of validity checks on compressed + see \crossref{ccteddecompressvalidate}, for required validity checks on compressed representations of \jubjubCurve points. The $\ValueCommitOutput$ and $\SpendAuthSigPublic$ types also represent points, i.e. $\GroupJ$. @@ -5094,7 +5094,7 @@ For details of the form and encoding of \outputStatement proofs, see \crossref{g \begin{pnotes} \item Public and \auxiliaryInputs{} \MUST be constrained to have the types specified. In particular, - see \crossref{ccteddecompressvalidate} for implementation of validity checks on compressed + see \crossref{ccteddecompressvalidate}, for required validity checks on compressed representations of \jubjubCurve points. The $\ValueCommitOutput$ type also represents points, i.e. $\GroupJ$. @@ -6222,10 +6222,10 @@ $\UncommittedSapling = \ItoLEBSPOf{\MerkleHashLengthSapling}{1}$ is not in the r \end{theorem} \begin{proof} -By injectivity of $\ItoLEBSP{\MerkleHashLengthSapling}$ and the definitions of +By injectivity of $\ItoLEBSP{\MerkleHashLengthSapling}$ and definitions of $\PedersenHash$ and $\ExtractJ$, $\ItoLEBSPOf{\smash{\MerkleHashLengthSapling}}{1}$ can be in the range of $\PedersenHash$ only if there exist -$(D \typecolon \byteseq{8}$, $M \typecolon \bitseq{\PosInt})$ such that $\Selectu\Of{\PedersenHashToPoint(D, M)} = 1$. +$(D \typecolon \smash{\byteseq{8}}$, $M \typecolon \smash{\bitseq{\PosInt}})$ such that $\Selectu\Of{\PedersenHashToPoint(D, M)} = 1$. The latter can only be the affine-ctEdwards $u$-coordinate of a point in $\strut\GroupJ$. We show that there are no points in $\GroupJ$ with affine-ctEdwards $u$-coordinate $1$. Suppose for a contradiction that $(u, \varv) \in \GroupJ$ for $u = 1$ and some @@ -6640,8 +6640,8 @@ Define $\KASaplingAgree(\sk, P) := \scalarmult{\ParamJ{h} \mult \sk}{P}$. \begin{lrbox}{\kdfsaplinginputbox} \setsapling \begin{bytefield}[bitwidth=0.07em]{544} - \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJ\Of{\DHSecret{}}\hairspace}$} & - \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJ\Of{\EphemeralPublic}\hairspace}$} + \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJ\Of{\DHSecret{}}\kern 0.02em}$} & + \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJ\Of{\EphemeralPublic}\kern 0.02em}$} \end{bytefield} \end{lrbox} @@ -7266,7 +7266,7 @@ The \representedPairing $\BLSCurve$ is defined in this section. Parameters are t \cite{Bowe2017}. \introlist -Let $\ParamS{q} :=\;$\scalebox{0.81}[1]{$4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787$.} +Let $\ParamS{q} :=\;$\scalebox{0.805}[1]{$4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787$.} Let $\ParamS{r} := 52435875175126190479447740508185965837690552500527637822603658699938581184513$. @@ -7303,18 +7303,18 @@ Let $\GenS{1} \typecolon \SubgroupSstar{1} :=$ \vspace{-1ex} \begin{tabular}{@{\tab}r@{}l@{}} -$($\scalebox{0.81}[1]{$ 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507$} & $, $ \\ - \scalebox{0.81}[1]{$13395065449444764730204713799419212215849338759383496204265437364165114239563335064727246553533665349923917564415691$} & $)$. +$($\scalebox{0.805}[1]{$ 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507$} & $, $ \\ + \scalebox{0.805}[1]{$13395065449444764730204713799419212215849338759383496204265437364165114239563335064727246553533665349923917564415691$} & $)$. \end{tabular} Let $\GenS{2} \typecolon \SubgroupSstar{2} :=$ \vspace{-1ex} \begin{tabular}{@{\tab}r@{}l@{}} -$($\scalebox{0.81}[1]{$ 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758$} & $\,\mult\, t\;+$ \\ - \scalebox{0.81}[1]{$ 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160$} & $, $ \\ - \scalebox{0.81}[1]{$ 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582$} & $\,\mult\, t\;+$ \\ - \scalebox{0.81}[1]{$ 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905$} & $). $ +$($\scalebox{0.805}[1]{$ 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758$} & $\,\mult\, t\;+$ \\ + \scalebox{0.805}[1]{$ 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160$} & $, $ \\ + \scalebox{0.805}[1]{$ 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582$} & $\,\mult\, t\;+$ \\ + \scalebox{0.805}[1]{$ 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905$} & $). $ \end{tabular} $\GenS{1}$ and $\GenS{2}$ are generators of $\SubgroupS{1}$ and $\SubgroupS{2}$ respectively. @@ -9069,9 +9069,9 @@ Define: \vspace{-0.5ex} \item \tab $\AveragingWindowTimespan\blossom{(\BlockHeight \typecolon \Nat)} + \trunc{\scalebox{0.98}{\hfrac{\ActualTimespan(\BlockHeight) - \AveragingWindowTimespan\blossom{(\BlockHeight)}}{\PoWDampingFactor}}}$ \item $\ActualTimespanBounded(\BlockHeight \typecolon \Nat) := \bound{\MinActualTimespan\blossom{(\BlockHeight)}}{\MaxActualTimespan\blossom{(\BlockHeight)}}(\ActualTimespanDamped(\BlockHeight))$ - \item $\MeanTarget(\BlockHeight \typecolon \Nat) := \begin{cases} + \item $\MeanTarget(\BlockHeight \typecolon \Nat) := \!\begin{cases} \PoWLimit, \hspace{16em}\text{if } \BlockHeight \leq \PoWAveragingWindow \\ - \mean(\listcomp{\!\ToTarget(\nBits(i)) \for i \from \BlockHeight\!-\!\PoWAveragingWindow \upto \BlockHeight\!-\!1\!}),\\ + \mean(\listcomp{\!\ToTarget(\nBits(i)\kern-0.1em) \for i \from \BlockHeight\!-\!\PoWAveragingWindow \upto \BlockHeight\!-\!1\!}),\\ \hspace{20.7em}\text{otherwise.} \end{cases}$ \end{formulae} @@ -9080,7 +9080,7 @@ Define: The \targetThreshold for a given \blockHeight $\BlockHeight$ is then calculated as: \begin{formulae} - \item $\Threshold(\BlockHeight \typecolon \Nat) \hspace{0.43em} := \begin{cases} + \item $\Threshold(\BlockHeight \typecolon \Nat) \hspace{0.43em} := \hspace{0.3em} \begin{cases} \PoWLimit, \hspace{16em}\text{if } \BlockHeight = 0 \\ \minimum(\PoWLimit, \floor{\hfrac{\MeanTarget(\BlockHeight)}{\AveragingWindowTimespan}} \mult \ActualTimespanBounded(\BlockHeight)),\\