From 34bae57edb7f7f4a8e98c1dd2631b161a86821ff Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Tue, 6 Mar 2018 22:30:15 +0000
Subject: [PATCH] Add definition of PRF^nr.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 protocol/protocol.tex | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 4e02e948..dd2e1087 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -734,6 +734,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\NotePosition}{\mathsf{pos}}
 \newcommand{\NotePositionBase}{\mathcal{J}}
 \newcommand{\NullifierRand}{\mathsf{nr}}
+\newcommand{\Hashnr}{H^{\NullifierRand}}
 \newcommand{\Diversifier}{\mathsf{d}}
 \newcommand{\DiversifierLength}{\mathsf{\ell_{\Diversifier}}}
 \newcommand{\DiversifierType}{\byteseq{\DiversifierLength/8}}
@@ -4310,6 +4311,30 @@ be necessary.})
 }
 }
 
+\newsavebox{\nrbox}
+\begin{lrbox}{\nrbox}
+\setsapling
+\begin{bytefield}[bitwidth=0.04em]{512}
+    \bitbox{256}{$256$-bit $\reprJ(\AuthProvePublic)$} &
+    \bitbox{256}{$256$-bit $\reprJ(\NoteAddressRand)$}
+\end{bytefield}
+\end{lrbox}
+
+\sapling{
+\introlist
+\vspace{2ex}
+$\PRFnr{}$, described in \crossref{abstractprfs}, is instantiated using the
+$\BlakeTwosGeneric$ \hashFunction defined in \crossref{concreteblake2}:
+
+Define:
+
+\begin{formulae}
+  \item $\Hashnr(x) := \BlakeTwos{256}(\ascii{ZcashnrL}, x) \bconcat \BlakeTwos{256}(\ascii{ZcashnrH}, x)$.
+  \item $\PRFnr{\AuthProvePublic}(\NoteAddressRand) :=
+           \LEOStoIP{512}\!\left(\Hashnr\!\left(\Justthebox{\nrbox}\right)\right) \bmod \ParamS{r}$.
+\end{formulae}
+}
+
 \sapling{
 \introsection
 \nsubsubsection{\PseudoRandomGenerators} \label{concreteprgs}