Add definition of PRF^nr.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -734,6 +734,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\NotePosition}{\mathsf{pos}}
 \newcommand{\NotePositionBase}{\mathcal{J}}
 \newcommand{\NullifierRand}{\mathsf{nr}}
+\newcommand{\Hashnr}{H^{\NullifierRand}}
 \newcommand{\Diversifier}{\mathsf{d}}
 \newcommand{\DiversifierLength}{\mathsf{\ell_{\Diversifier}}}
 \newcommand{\DiversifierType}{\byteseq{\DiversifierLength/8}}
@@ -4310,6 +4311,30 @@ be necessary.})
 }
 }
 
+\newsavebox{\nrbox}
+\begin{lrbox}{\nrbox}
+\setsapling
+\begin{bytefield}[bitwidth=0.04em]{512}
+    \bitbox{256}{$256$-bit $\reprJ(\AuthProvePublic)$} &
+    \bitbox{256}{$256$-bit $\reprJ(\NoteAddressRand)$}
+\end{bytefield}
+\end{lrbox}
+
+\sapling{
+\introlist
+\vspace{2ex}
+$\PRFnr{}$, described in \crossref{abstractprfs}, is instantiated using the
+$\BlakeTwosGeneric$ \hashFunction defined in \crossref{concreteblake2}:
+
+Define:
+
+\begin{formulae}
+  \item $\Hashnr(x) := \BlakeTwos{256}(\ascii{ZcashnrL}, x) \bconcat \BlakeTwos{256}(\ascii{ZcashnrH}, x)$.
+  \item $\PRFnr{\AuthProvePublic}(\NoteAddressRand) :=
+           \LEOStoIP{512}\!\left(\Hashnr\!\left(\Justthebox{\nrbox}\right)\right) \bmod \ParamS{r}$.
+\end{formulae}
+}
+
 \sapling{
 \introsection
 \nsubsubsection{\PseudoRandomGenerators} \label{concreteprgs}