mirror of https://github.com/zcash/zips.git
Clarify the notes concerning domain separation of prefixes for MerkleCRH^Sapling and NoteCommit^Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
2a7002a010
commit
25b64382e4
|
@ -5747,8 +5747,8 @@ $\MerkleCRHSapling \typecolon \MerkleLayerSapling \times \MerkleHashSapling \tim
|
|||
|
||||
\vspace{1ex}
|
||||
\textbf{Note:}\;\; The prefix $l$ provides domain separation between inputs at different layers of the
|
||||
\noteCommitmentTree. It is distinct from the $\NoteCommitSaplingAlg$ prefix
|
||||
as noted in \crossref{concretewindowedcommit}.} %sapling
|
||||
\noteCommitmentTree. $\NoteCommitSaplingAlg$, like $\PedersenHash$, is defined in terms of $\PedersenHashToPoint$,
|
||||
but using a prefix that cannot collide with a layer prefix, as noted in \crossref{concretewindowedcommit}.} %sapling
|
||||
|
||||
|
||||
\subsubsubsection{\hSigText{} \HashFunction} \label{hsigcrh}
|
||||
|
@ -6913,11 +6913,13 @@ instantiated as follows using $\WindowedPedersenCommitAlg$:
|
|||
|
||||
\vspace{-2ex}
|
||||
\begin{pnotes}
|
||||
\item The prefix $\ones{6}$ distinguishes the use of $\WindowedPedersenCommitAlg$ in
|
||||
$\NoteCommitSaplingAlg$ from the layer prefix used in $\MerkleCRHSapling$ (see
|
||||
\crossref{merklecrh}). The latter is a $6$-bit little-endian encoding of an integer
|
||||
in $\range{0}{\MerkleDepthSapling-1}$; because $\MerkleDepthSapling < 64$, this
|
||||
cannot collide with $\ones{6}$.
|
||||
\item $\MerkleCRHSapling$ is also defined in terms of $\PedersenHashToPoint$
|
||||
(see \crossref{merklecrh}). The prefix $\ones{6}$ distinguishes the use of
|
||||
$\WindowedPedersenCommitAlg$ in
|
||||
$\NoteCommitSaplingAlg$ from the layer prefix used in $\MerkleCRHSapling$.
|
||||
That layer prefix is a $6$-bit little-endian encoding of an integer
|
||||
in the range $\range{0}{\MerkleDepthSapling-1}$; because $\MerkleDepthSapling < 64$,
|
||||
it cannot collide with $\ones{6}$.
|
||||
\item The arguments to $\NoteCommitSapling{}$ are in a different order to their encodings
|
||||
in $\WindowedPedersenCommit{}$. There is no particularly good reason for this.
|
||||
\end{pnotes}
|
||||
|
@ -9787,6 +9789,8 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
|||
\item Address some of the findings of the QED-it report:
|
||||
\begin{itemize}
|
||||
\item Improved cross-referencing in \crossref{concretepedersenhash}.
|
||||
\item Clarify the notes concerning domain separation of prefixes in
|
||||
\crossref{saplingmerklecrh} and \crossref{concretesaplingnotecommit}.
|
||||
\end{itemize}
|
||||
} %sapling
|
||||
\item Add the QED-it report to the acknowledgements.
|
||||
|
|
Loading…
Reference in New Issue