From 2e50a09e9704ae8f11665e5a95203d6000c84c48 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Thu, 25 Mar 2021 23:40:48 +0000 Subject: [PATCH] NCC audit: Correct the definition of PRFnf^Orchard by changing Poseidon to PoseidonHash. Signed-off-by: Daira Hopwood --- protocol/protocol.tex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/protocol/protocol.tex b/protocol/protocol.tex index 9b8f7b71..22ab65d6 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -8781,12 +8781,12 @@ part of deriving the \nullifier for an \Orchard \note. It is instantiated using the $\PoseidonHash$ \hashFunction \cite{GKRRS2019} defined in \crossref{poseidonhash}: \begin{formulae} - \item $\PRFnf{Orchard}{\NullifierKey}(\NoteUniqueRand) := \Poseidon(\NullifierKey, \NoteUniqueRand)$. + \item $\PRFnf{Orchard}{\NullifierKey}(\NoteUniqueRand) := \PoseidonHash(\NullifierKey, \NoteUniqueRand)$. \end{formulae} \vspace{-2ex} \securityrequirement{ -$\Poseidon \typecolon \GF{\ParamP{q}} \times \GF{\ParamP{q}} \rightarrow \GF{\ParamP{q}}$ must be a +$\PoseidonHash \typecolon \GF{\ParamP{q}} \times \GF{\ParamP{q}} \rightarrow \GF{\ParamP{q}}$ must be a PRF when keyed by its first argument, with its second argument as input. } %securityrequirement @@ -13835,6 +13835,8 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}. \item Propagate $\bot$ from the inputs of $\MerkleCRH{Orchard}$ to its output, and add an explicit consensus rule that $\rt{Orchard}$ computed from appending a \noteCommitment is not $\bot$. + \item Correct the definition of $\PRFnf{Orchard}{}$ in \crossref{concreteprfs} + by changing $\Poseidon$ to $\PoseidonHash$. \end{itemize} \item Correct the description of $\lengthField$ in \crossref{unifiedpaymentaddrencoding}. \item Correct the type signature of $\DiversifyHash{Orchard}$ in \crossref{abstracthashes}.