From 36252cebf69783fa95c81d9ad1e6bb375632fae8 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Wed, 1 Dec 2021 18:01:21 +0000 Subject: [PATCH] Add "note commitment scheme" as a term. Signed-off-by: Daira Hopwood --- protocol/protocol.tex | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/protocol/protocol.tex b/protocol/protocol.tex index e8fef3cd..e146a082 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -782,6 +782,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\noteCommitments}{\terms{note commitment}} \newcommand{\xNoteCommitments}{\termxs{note commitment}} \newcommand{\notesCommitment}{\termandindex{note's commitment}{note commitment}} +\newcommand{\noteCommitmentScheme}{\term{note commitment scheme}} \newcommand{\noteCommitmentTree}{\term{note commitment tree}} \newcommand{\noteCommitmentTrees}{\terms{note commitment tree}} \newcommand{\notePosition}{\term{note position}} @@ -4381,7 +4382,7 @@ Define $\NoteCommitTrapdoor{Sprout} := \bitseq{\NoteCommitRandLengthSprout}$ and $\NoteCommitOutput{Sprout} := \bitseq{\MerkleHashLength{Sprout}}$. \introlist -\Sprout uses a \note \commitmentScheme +\Sprout uses a \noteCommitmentScheme \begin{tabular}{@{\hskip 1.5em}r@{\;}l} $\NoteCommit{Sprout}{} $&$\typecolon\; \NoteCommitTrapdoor{Sprout} \times \PRFOutputSprout @@ -9945,7 +9946,7 @@ $\ValueCommitRandBase{Orchard}$}. \end{lrbox} \vspace{-1ex} -The \commitmentScheme $\NoteCommit{Sprout}{}$ specified in \crossref{abstractcommit} is +The \noteCommitmentScheme $\NoteCommit{Sprout}{}$ specified in \crossref{abstractcommit} is instantiated using \shaHash as follows: \begin{formulae}[leftmargin=1em] @@ -9981,7 +9982,7 @@ and adding a randomized point on the \jubjubCurve (see \crossref{jubjub}): See \crossref{cctwindowedcommit} for rationale and efficient circuit implementation of this function. -The \commitmentScheme $\NoteCommitAlg{Sapling}$ specified in \crossref{abstractcommit} is +The \noteCommitmentScheme $\NoteCommitAlg{Sapling}$ specified in \crossref{abstractcommit} is instantiated as follows using $\WindowedPedersenCommitAlg$: \begin{formulae} @@ -10176,7 +10177,7 @@ condition, since \hiding cannot be affected by applying any fixed function to th \emph{output} of $\SinsemillaCommitAlg$. \vspace{0.5ex} -The \commitmentScheme $\NoteCommitAlg{Orchard}$ specified in \crossref{abstractcommit} is +The \noteCommitmentScheme $\NoteCommitAlg{Orchard}$ specified in \crossref{abstractcommit} is instantiated as follows using $\SinsemillaCommitAlg$: \begin{formulae} @@ -17288,7 +17289,7 @@ to allow several optimizations in the circuit implementation. \Sapling circuits. $\MerkleDepth{Sapling}$ \xPedersenHash instances are used in the \spendCircuit to check a \merklePath to the \noteCommitment of the \note being spent. We also reuse the \xPedersenHash implementation to -construct the \commitmentScheme $\NoteCommitAlg{Sapling}$. +construct the \noteCommitmentScheme $\NoteCommitAlg{Sapling}$. This motivates considerable attention to optimizing this circuit implementation of this primitive, even at the cost of complexity.