mirror of https://github.com/zcash/zips.git
Add hash algorithm for authorizing data.
This commit is contained in:
parent
71e90991e8
commit
381b67a650
104
zip-0062.rst
104
zip-0062.rst
|
@ -97,10 +97,24 @@ initial requirement that all transactions be non-malleable.
|
|||
Specification
|
||||
=============
|
||||
|
||||
|
||||
|
||||
-------
|
||||
Digests
|
||||
-------
|
||||
|
||||
All digests are personalized BLAKE2b-256 hashes. In cases where no elements are
|
||||
available for hashing (for example, if there are no TZE inputs) the resulting hash
|
||||
will be over just the personalization string, providing domain separation even for
|
||||
empty data fields.
|
||||
|
||||
TxId Digest
|
||||
===========
|
||||
|
||||
A new transaction digest algorithm is defined that constructs the identifier for
|
||||
a transaction from a tree of hashes. The overall structure of the hash is as follows:
|
||||
|
||||
top_digest
|
||||
txid_digest
|
||||
├── header_digest
|
||||
├── transparent_digest
|
||||
│ ├── prevouts_digest
|
||||
|
@ -124,19 +138,7 @@ Each node written as ``snake_case`` in this tree is a BLAKE2b-256 hash of its
|
|||
children, initialized with a personalization string specific to that branch
|
||||
of the tree. Nodes that are not themselves digests are written in ``camelCase``.
|
||||
|
||||
-------
|
||||
Digests
|
||||
-------
|
||||
|
||||
All digests are personalized BLAKE2b-256 hashes. In cases where no elements are
|
||||
available for hashing (for example, if there are no TZE inputs) the resulting hash
|
||||
will be over just the personalization string, providing domain separation even for
|
||||
empty data fields.
|
||||
|
||||
Digest definitions
|
||||
==================
|
||||
|
||||
``top_digest``
|
||||
``txid_digest``
|
||||
--------------
|
||||
A BLAKE2b-256 hash of the following values ::
|
||||
|
||||
|
@ -341,11 +343,85 @@ The personalization field of this hash is set to::
|
|||
|
||||
"ZTxIdSOutN__Hash"
|
||||
|
||||
Witness Digest
|
||||
==============
|
||||
|
||||
A new transaction digest algorithm is defined that constructs a digest which commits
|
||||
to the authorizing data of a transaction from a tree of BLAKE2b-256 hashes.
|
||||
The overall structure of the hash is as follows:
|
||||
|
||||
auth_digest
|
||||
├── transparent_scripts_digest
|
||||
├── tze_witnesses_digest
|
||||
├── sprout_sigs_digest
|
||||
└── sapling_sigs_digest
|
||||
|
||||
Each node written as ``snake_case`` in this tree is a BLAKE2b-256 hash of authorizing
|
||||
data of the transaction.
|
||||
|
||||
``auth_digest``
|
||||
--------------
|
||||
A BLAKE2b-256 hash of the following values ::
|
||||
|
||||
* ``transparent_scripts_digest`` (32-byte hash output)
|
||||
* ``tze_witnesses_digest (32-byte hash output)
|
||||
* ``sprout_sigs_digest (32-byte hash output)
|
||||
* ``sapling_sigs_digest (32-byte hash output)
|
||||
|
||||
The personalization field of this hash is set to::
|
||||
|
||||
"ZTxAuth_____Hash"
|
||||
|
||||
1: ``transparent_scripts_digest``
|
||||
`````````````````````````````````
|
||||
A BLAKE2b-256 hash of the *transaction serialized form* of the Bitcoin script associated
|
||||
with each transparent input belonging to the transaction.
|
||||
|
||||
The personalization field of this hash is set to::
|
||||
|
||||
"ZTxAuthTransHash"
|
||||
|
||||
2: ``tze_witnesses_digest``
|
||||
```````````````````````````
|
||||
A BLAKE2b-256 hash of the *transaction serialized form* of the witness data associated
|
||||
with each TZE input belonging to the transaction.
|
||||
|
||||
The personalization field of this hash is set to::
|
||||
|
||||
"ZTxAuthTZE__Hash"
|
||||
|
||||
3: ``sprout_sigs_digest``
|
||||
```````````````````````````
|
||||
A BLAKE2b-256 hash of the *transaction serialized form* of the joinsplit signature
|
||||
belonging to the transaction.
|
||||
|
||||
The personalization field of this hash is set to::
|
||||
|
||||
"ZTxAuthSprouHash"
|
||||
|
||||
3: ``sapling_sigs_digest``
|
||||
```````````````````````````
|
||||
A BLAKE2b-256 hash of the *transaction serialized form* of the sapling signature
|
||||
of each Sapling spend description belonging to the transaction, followed by the
|
||||
*transaction serialized form* of the binding signature.
|
||||
|
||||
The personalization field of this hash is set to::
|
||||
|
||||
"ZTxAuthSapliHash"
|
||||
|
||||
--------------------
|
||||
Block Header Changes
|
||||
--------------------
|
||||
|
||||
// TODO: Need @str4d's help here.
|
||||
|
||||
========================
|
||||
Reference implementation
|
||||
========================
|
||||
|
||||
- https://github.com/zcash/librustzcash/pull/319/files
|
||||
|
||||
==========
|
||||
References
|
||||
==========
|
||||
|
||||
|
|
Loading…
Reference in New Issue