zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cosmetics. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2018-08-05 17:29:44 +01:00
parent ef1cee8dcf
commit 2e74200366
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
protocol/protocol.tex
View File

@ -508,6 +508,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\shieldedOutput}{\term{shielded output}}
\newcommand{\shieldedOutputs}{\term{shielded outputs}}
\newcommand{\statement}{\term{statement}}
\newcommand{\statements}{\term{statements}}
\newcommand{\ZkSNARKStatements}{\titleterm{Zk-SNARK Statement\notsprout{s}}}
\newcommand{\zkProof}{\term{zk proof}}
\newcommand{\zeroKnowledgeProof}{\term{zero-knowledge proof}}
@ -2601,7 +2602,7 @@ Therefore, balance can be enforced by adding all of the \valueCommitments for
\shieldedInputs, subtracting all of the \valueCommitments for \shieldedOutputs,
and proving by use of a \bindingSignature (as described in \crossref{bindingsig})
that the result commits to a value consistent with the net \transparent value change.
This approach allows all of the \zkSNARK statements to be independent of
This approach allows all of the \zkSNARK \statements to be independent of
each other, potentially increasing opportunities for precomputation.
A \spendDescription includes an \anchor, which refers to the output
@ -4555,7 +4556,7 @@ similar to the check in \crossref{sproutspendauthority} that is part of the \joi
The motivation for a separate signature is to allow devices that are limited in memory
and computational capacity, such as hardware wallets, to authorize a \Sapling shielded spend.
Typically such devices cannot create, and may not be able to verify, \zkSNARKProofs for
a statement of the size needed using the $\PHGR$ or $\Groth$ proving systems.
a \statement of the size needed using the $\PHGR$ or $\Groth$ proving systems.
\vspace{1ex}
The verifying key of the signature must be revealed in the \spendDescription so that
@ -4709,7 +4710,7 @@ $(\TreePath{i}, \NotePosition_i)$ is a valid \merklePath (see \crossref{merklepa
$\MerkleDepthSprout$ from $\NoteCommitmentSprout(\nOld{i})$ to the \anchor $\rt$.
\vspace{-1ex}
\textbf{Note:} Merkle path validity covers conditions 1.\,(a) and 1.\,(d) of the NP statement
\textbf{Note:} Merkle path validity covers conditions 1.\,(a) and 1.\,(d) of the NP \statement
in \cite[section 4.2]{BCGGMTV2014}.
\changed{\snarkcondition{Merkle path enforcement} \label{sproutmerklepathenforcement}
@ -9892,7 +9893,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
\sapling{
\item Add a section on re-randomizable signatures.
\item Add definition of $\PRF{}{\mathsf{nr}}$.
\item Work-in-progress on \Sapling statements.
\item Work-in-progress on \Sapling \statements.
\item Rename \quotedterm{raw} to \quotedterm{homomorphic} \xPedersenCommitments.
\item Add packing modulo the field size and range checks to Appendix A.
\item Update the algorithm for variable-base scalar multiplication to
@ -10392,7 +10393,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
\subsection{\QuadraticConstraintPrograms}
\Sapling defines two circuits, Spend and Output, each implementing an abstract
statement described in \crossref{spendstatement} and \crossref{outputstatement}
\statement described in \crossref{spendstatement} and \crossref{outputstatement}
respectively. It also adds a $\Groth$ circuit for the \joinSplitStatement
described in \crossref{joinsplitstatement}.