mirror of https://github.com/zcash/zips.git
Minor clarifications.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
b6bf914478
commit
275aee328b
|
@ -410,6 +410,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\newcommand{\commitmentTrapdoor}{\term{commitment trapdoor}}
|
||||
\newcommand{\commitmentTrapdoors}{\term{commitment trapdoors}}
|
||||
\newcommand{\trapdoor}{\term{trapdoor}}
|
||||
\newcommand{\xCommitment}{\term{commitment}}
|
||||
\newcommand{\noteCommitment}{\term{note commitment}}
|
||||
\newcommand{\noteCommitments}{\term{note commitments}}
|
||||
\newcommand{\xNoteCommitments}{\term{Note commitments}}
|
||||
|
@ -1294,6 +1295,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\newcommand{\MerkleDepth}{\mathsf{MerkleDepth}}
|
||||
\newcommand{\MerkleDepthSprout}{\optSprout{\MerkleDepth}}
|
||||
\newcommand{\MerkleDepthSapling}{\MerkleDepth^\mathsf{Sapling}}
|
||||
\newcommand{\MerkleDepthSproutOrSapling}{\MerkleDepth^\mathsf{Sprout\sapling{,Sapling}}}
|
||||
\newcommand{\MerkleNode}[2]{\mathsf{M}^{#1}_{#2}}
|
||||
\newcommand{\MerkleSibling}{\mathsf{sibling}}
|
||||
\newcommand{\MerkleCRH}{\mathsf{MerkleCRH}}
|
||||
|
@ -2297,7 +2299,7 @@ where $\NoteCommitSapling{}$ is instantiated in \crossref{concretewindowedcommit
|
|||
Notice that the above definition of a \Sapling \note does not have a
|
||||
$\NoteAddressRand$ field. There is in fact a $\NoteAddressRand$ value associated
|
||||
with each \Sapling \note, but this only be computed once its position in the
|
||||
\noteCommitmentTree is known (see \crossref{blockchain} and \crossref{transactions}).
|
||||
\noteCommitmentTree is known (see \crossref{transactions} and \crossref{merkletree}).
|
||||
We refer to the combination of a \note and its \notePosition $\NotePosition$, as a
|
||||
\positionedNote.
|
||||
|
||||
|
@ -2532,8 +2534,8 @@ for the whole \transaction to balance.
|
|||
|
||||
\vspace{1.5ex}
|
||||
\begin{consensusrules}
|
||||
\item \transaction{} \MUST balance as specified in \crossref{saplingbalance}.
|
||||
\item The \anchor of each \spendDescription{} \MUST refer to some earlier \block's final
|
||||
\item \vspace{-0.5ex} The \transaction{} \MUST balance as specified in \crossref{saplingbalance}.
|
||||
\item \vspace{-0.5ex} The \anchor of each \spendDescription{} \MUST refer to some earlier \block's final
|
||||
\Sapling \treestate.
|
||||
\end{consensusrules}
|
||||
} %sapling
|
||||
|
@ -2543,7 +2545,7 @@ for the whole \transaction to balance.
|
|||
|
||||
\vspace{-2ex}
|
||||
\begin{center}
|
||||
\includegraphics[scale=.4,interpolate]{incremental_merkle}
|
||||
\includegraphics[scale=.35,interpolate]{incremental_merkle}
|
||||
\end{center}
|
||||
\vspace{-2ex}
|
||||
%\sapling{\todo{The commitment indices in the above diagram should be zero-based to reflect the \notePosition{}.}}
|
||||
|
@ -2565,6 +2567,9 @@ $2^h$ \merkleNodes with \merkleIndices $0$ to $2^h-1$ inclusive.
|
|||
The \merkleHash associated with the \merkleNode at \merkleIndex $i$ in \merkleLayer $h$
|
||||
is denoted $\MerkleNode{h}{i}$.
|
||||
|
||||
The index of a \note's \xCommitment at the leafmost layer
|
||||
($\MerkleDepthSproutOrSapling$) is called its \notePosition.
|
||||
|
||||
|
||||
\subsection{\NullifierSets} \label{nullifierset}
|
||||
|
||||
|
@ -3755,12 +3760,12 @@ where
|
|||
\item $\cm \typecolon \NoteCommitSaplingOutput$ is the \noteCommitment for the output \note;
|
||||
\item $\EphemeralPublic \typecolon \KASaplingPublic$ is
|
||||
a key agreement public key, used to derive the key for encryption
|
||||
of the \notesCiphertext (\crossref{saplinginband});
|
||||
of the \noteCiphertext (\crossref{saplinginband});
|
||||
\item $\TransmitCiphertext{} \typecolon \Ciphertext$ is
|
||||
a ciphertext component for the encrypted output \note;
|
||||
\item $\OutCiphertext{} \typecolon \Ciphertext$ is a ciphertext component that allows the holder of
|
||||
a \fullViewingKey to recover the recipient \diversifiedTransmissionKey $\DiversifiedTransmitPublic$
|
||||
and the ephemeral private key $\EphemeralPrivate$;
|
||||
and the ephemeral private key $\EphemeralPrivate$ (and therefore the entire \notePlaintext);
|
||||
\item $\ProofOutput \typecolon \OutputProof$ is a \zeroKnowledgeProof with \primaryInput
|
||||
$(\cv, \cm, \EphemeralPublic)$ for the \outputStatement defined in \crossref{outputstatement}.
|
||||
\end{itemize}
|
||||
|
@ -3950,7 +3955,7 @@ A \dummy{} \Sapling input \note is constructed as follows:
|
|||
\vOld{})$.
|
||||
\item Compute $\nfOld{} = \PRFnfSapling{\AuthProvePublicRepr}(\reprJ(\NoteAddressRand))$.
|
||||
\item Construct a \dummy \merklePath $\TreePath{}$ for use in the
|
||||
\auxiliaryInput to the \spendStatement (this will not be checked).
|
||||
\auxiliaryInput to the \spendStatement (this will not be checked, because $\vOld{} = 0$).
|
||||
\end{itemize}
|
||||
|
||||
As in \Sprout, a \dummy{} \Sapling output \note is constructed as normal but with
|
||||
|
@ -8993,6 +8998,16 @@ found by Brian Warner.
|
|||
\intropart
|
||||
\section{Change History}
|
||||
|
||||
\subparagraph{2018.0-beta-19}
|
||||
|
||||
\begin{itemize}
|
||||
\item No changes to \Sprout.
|
||||
\sapling{
|
||||
\item Minor clarifications.
|
||||
} %sapling
|
||||
\end{itemize}
|
||||
|
||||
\introlist
|
||||
\subparagraph{2018.0-beta-18}
|
||||
|
||||
\begin{itemize}
|
||||
|
|
Loading…
Reference in New Issue