From 2e74200366274584b4218bdf9823702c8b906935 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Sun, 5 Aug 2018 17:29:44 +0100 Subject: [PATCH] Cosmetics. Signed-off-by: Daira Hopwood --- protocol/protocol.tex | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/protocol/protocol.tex b/protocol/protocol.tex index 8965b65c..ab896864 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -508,6 +508,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\shieldedOutput}{\term{shielded output}} \newcommand{\shieldedOutputs}{\term{shielded outputs}} \newcommand{\statement}{\term{statement}} +\newcommand{\statements}{\term{statements}} \newcommand{\ZkSNARKStatements}{\titleterm{Zk-SNARK Statement\notsprout{s}}} \newcommand{\zkProof}{\term{zk proof}} \newcommand{\zeroKnowledgeProof}{\term{zero-knowledge proof}} @@ -2601,7 +2602,7 @@ Therefore, balance can be enforced by adding all of the \valueCommitments for \shieldedInputs, subtracting all of the \valueCommitments for \shieldedOutputs, and proving by use of a \bindingSignature (as described in \crossref{bindingsig}) that the result commits to a value consistent with the net \transparent value change. -This approach allows all of the \zkSNARK statements to be independent of +This approach allows all of the \zkSNARK \statements to be independent of each other, potentially increasing opportunities for precomputation. A \spendDescription includes an \anchor, which refers to the output @@ -4555,7 +4556,7 @@ similar to the check in \crossref{sproutspendauthority} that is part of the \joi The motivation for a separate signature is to allow devices that are limited in memory and computational capacity, such as hardware wallets, to authorize a \Sapling shielded spend. Typically such devices cannot create, and may not be able to verify, \zkSNARKProofs for -a statement of the size needed using the $\PHGR$ or $\Groth$ proving systems. +a \statement of the size needed using the $\PHGR$ or $\Groth$ proving systems. \vspace{1ex} The verifying key of the signature must be revealed in the \spendDescription so that @@ -4709,7 +4710,7 @@ $(\TreePath{i}, \NotePosition_i)$ is a valid \merklePath (see \crossref{merklepa $\MerkleDepthSprout$ from $\NoteCommitmentSprout(\nOld{i})$ to the \anchor $\rt$. \vspace{-1ex} -\textbf{Note:} Merkle path validity covers conditions 1.\,(a) and 1.\,(d) of the NP statement +\textbf{Note:} Merkle path validity covers conditions 1.\,(a) and 1.\,(d) of the NP \statement in \cite[section 4.2]{BCGGMTV2014}. \changed{\snarkcondition{Merkle path enforcement} \label{sproutmerklepathenforcement} @@ -9892,7 +9893,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}. \sapling{ \item Add a section on re-randomizable signatures. \item Add definition of $\PRF{}{\mathsf{nr}}$. - \item Work-in-progress on \Sapling statements. + \item Work-in-progress on \Sapling \statements. \item Rename \quotedterm{raw} to \quotedterm{homomorphic} \xPedersenCommitments. \item Add packing modulo the field size and range checks to Appendix A. \item Update the algorithm for variable-base scalar multiplication to @@ -10392,7 +10393,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}. \subsection{\QuadraticConstraintPrograms} \Sapling defines two circuits, Spend and Output, each implementing an abstract -statement described in \crossref{spendstatement} and \crossref{outputstatement} +\statement described in \crossref{spendstatement} and \crossref{outputstatement} respectively. It also adds a $\Groth$ circuit for the \joinSplitStatement described in \crossref{joinsplitstatement}.