Clarify conditions where only TZE inputs or outputs are present.

Add links to librustzcash & zcashd reference implementation pull requests.
2020-09-15 13:45:15 -06:00 · 2020-09-15 13:45:15 -06:00 · 374a3fb812
parent 48830325ce
commit 374a3fb812
1 changed files with 24 additions and 14 deletions
--- a/zip-0222.rst
+++ b/zip-0222.rst
@ -138,7 +138,7 @@ constant-length, but MUST be solely determined by the pair ``(type, mode)``.

 The introduction of TZEs by this ZIP produces a new transparent unspent
 outpoint set, distinct from the UTXO set, such that indices into this set of
-outpoints may be referred to by TZE inpoints in spending transactions.
+outpoints may be referred to by TZE inputs in spending transactions.

 Encoding in transactions
 ------------------------
@ -189,14 +189,14 @@ types is as with Bitcoin.

 ``tze_data`` encoding:

-====================== ==================================== ======================
-Field                  Description                          Type           
-====================== ==================================== ======================
-``tze_id``             extension ``type``                   ``compactSize``
-``tze_mode``           extension ``mode``                   ``compactSize``
-``tze_data_len``       length of precondition/witness data  ``compactSize``
-``tze_data``           serialized precondition/witness data ``tze_data_len`` bytes
-====================== ==================================== ======================
+======================== ==================================== ==============================
+Field                    Description                          Type           
+======================== ==================================== ==============================
+``tze_id``               extension ``type``                   ``compactSize``
+``tze_mode``             extension ``mode``                   ``compactSize``
+``tze_data_payload_len`` length of precondition/witness data  ``compactSize``
+``tze_data_payload``     serialized precondition/witness data ``tze_data_payload_len`` bytes
+======================== ==================================== ==============================

 TZE Input Encoding:

@ -230,14 +230,20 @@ Once this ZIP becomes active, the following new consensus rules are enforced:
    transaction.
  - ``tze_verify(mode, precondition, witness, context)`` MUST return ``true``.

- If a transaction has non-empty ``tze_inputs`` and non-empty ``tze_outputs``, then every
-  element in both fields MUST have the same ``type``.
+- If a transaction has non-empty ``tze_inputs`` and non-empty ``tze_outputs``,
+  then every element in both fields MUST have the same ``type`` in order to
+  eliminate the possibility for cross-extension attacks. As this is not a
+  consideration in the case that only ``tze_inputs`` or only ``tze_outputs``
+  are present, the extension ``type`` MAY vary between elements in that case.

 - Non-coinbase transactions MUST have at least one of the following:
  - nonempty transparent inputs
  - nonempty shielded inputs
  - nonempty ``tze_inputs``

+The above rule replaces ``[Sapling onward] At least one of tx_in_count,
+nShieldedSpend, and nJoinSplit MUST be nonzero`` in [#protocol_consensus]_.
+
 - Transactions MUST have at least one of the following:
  - nonempty transparent outputs
  - nonempty shielded outputs
@ -283,8 +289,8 @@ extension logic too tightly to the transparent address logic. Instead, this ZIP
 dedicated transaction fields, and a separate unspent output set.


-Security and Privacy Considerations
-===================================
+Security and Privacy Considerations for Future TZE Implementations
+==================================================================

 This ZIP assumes that the base transaction format is non-malleable. However, the
 ``precondition`` and ``witness`` byte sequences are treated here as opaque. It is the
@ -306,7 +312,8 @@ and/or appropriately restrict which modes may be combined within a single transa
 Reference Implementation
 ========================

-TBD (link to zcashd pr)
+- Librustzcash reference implementation of TZE API: [#librustzcash_zip222]_
+- Zcashd reference implementation of consensus rule changes: [#zcashd_zip222]_


 Acknowledgements
@ -330,3 +337,6 @@ References
 .. [#spec-notation] `Section 2: Notation. Zcash Protocol Specification, Version 2019.0.2 [Overwinter+Sapling] <protocol/protocol.pdf>`_
 .. [#zip-0032] `ZIP 32: Shielded Hierarchical Deterministic Wallets <https://github.com/zcash/zips/blob/master/zip-0032.rst>`_
 .. [#protocol] `Zcash Protocol Specification, Version 2020.1.11 [Overwinter+Sapling+Blossom+Heartwood] <protocol/protocol.pdf>`_
+.. [#protocol_consensus] `Zcash Protocol Specification, Version 2020.1.14 [Overwinter+Sapling+Blossom+Heartwood+Canopy] <protocol/protocol.pdf#txnencodingandconsensus>`_
+.. [#librustzcash_zip222] `Rust language reference implementation of TZE API <https://github.com/zcash/librustzcash/pull/286>`_
+.. [#zcashd_zip222] `zcashd reference implementation of consensus rule changes <https://github.com/zcash/zcash/pull/4480>`_