mirror of https://github.com/zcash/zips.git
Add hash algorithm for authorizing data.
This commit is contained in:
parent
71e90991e8
commit
381b67a650
104
zip-0062.rst
104
zip-0062.rst
|
@ -97,10 +97,24 @@ initial requirement that all transactions be non-malleable.
|
||||||
Specification
|
Specification
|
||||||
=============
|
=============
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
-------
|
||||||
|
Digests
|
||||||
|
-------
|
||||||
|
|
||||||
|
All digests are personalized BLAKE2b-256 hashes. In cases where no elements are
|
||||||
|
available for hashing (for example, if there are no TZE inputs) the resulting hash
|
||||||
|
will be over just the personalization string, providing domain separation even for
|
||||||
|
empty data fields.
|
||||||
|
|
||||||
|
TxId Digest
|
||||||
|
===========
|
||||||
|
|
||||||
A new transaction digest algorithm is defined that constructs the identifier for
|
A new transaction digest algorithm is defined that constructs the identifier for
|
||||||
a transaction from a tree of hashes. The overall structure of the hash is as follows:
|
a transaction from a tree of hashes. The overall structure of the hash is as follows:
|
||||||
|
|
||||||
top_digest
|
txid_digest
|
||||||
├── header_digest
|
├── header_digest
|
||||||
├── transparent_digest
|
├── transparent_digest
|
||||||
│ ├── prevouts_digest
|
│ ├── prevouts_digest
|
||||||
|
@ -124,19 +138,7 @@ Each node written as ``snake_case`` in this tree is a BLAKE2b-256 hash of its
|
||||||
children, initialized with a personalization string specific to that branch
|
children, initialized with a personalization string specific to that branch
|
||||||
of the tree. Nodes that are not themselves digests are written in ``camelCase``.
|
of the tree. Nodes that are not themselves digests are written in ``camelCase``.
|
||||||
|
|
||||||
-------
|
``txid_digest``
|
||||||
Digests
|
|
||||||
-------
|
|
||||||
|
|
||||||
All digests are personalized BLAKE2b-256 hashes. In cases where no elements are
|
|
||||||
available for hashing (for example, if there are no TZE inputs) the resulting hash
|
|
||||||
will be over just the personalization string, providing domain separation even for
|
|
||||||
empty data fields.
|
|
||||||
|
|
||||||
Digest definitions
|
|
||||||
==================
|
|
||||||
|
|
||||||
``top_digest``
|
|
||||||
--------------
|
--------------
|
||||||
A BLAKE2b-256 hash of the following values ::
|
A BLAKE2b-256 hash of the following values ::
|
||||||
|
|
||||||
|
@ -341,11 +343,85 @@ The personalization field of this hash is set to::
|
||||||
|
|
||||||
"ZTxIdSOutN__Hash"
|
"ZTxIdSOutN__Hash"
|
||||||
|
|
||||||
|
Witness Digest
|
||||||
|
==============
|
||||||
|
|
||||||
|
A new transaction digest algorithm is defined that constructs a digest which commits
|
||||||
|
to the authorizing data of a transaction from a tree of BLAKE2b-256 hashes.
|
||||||
|
The overall structure of the hash is as follows:
|
||||||
|
|
||||||
|
auth_digest
|
||||||
|
├── transparent_scripts_digest
|
||||||
|
├── tze_witnesses_digest
|
||||||
|
├── sprout_sigs_digest
|
||||||
|
└── sapling_sigs_digest
|
||||||
|
|
||||||
|
Each node written as ``snake_case`` in this tree is a BLAKE2b-256 hash of authorizing
|
||||||
|
data of the transaction.
|
||||||
|
|
||||||
|
``auth_digest``
|
||||||
|
--------------
|
||||||
|
A BLAKE2b-256 hash of the following values ::
|
||||||
|
|
||||||
|
* ``transparent_scripts_digest`` (32-byte hash output)
|
||||||
|
* ``tze_witnesses_digest (32-byte hash output)
|
||||||
|
* ``sprout_sigs_digest (32-byte hash output)
|
||||||
|
* ``sapling_sigs_digest (32-byte hash output)
|
||||||
|
|
||||||
|
The personalization field of this hash is set to::
|
||||||
|
|
||||||
|
"ZTxAuth_____Hash"
|
||||||
|
|
||||||
|
1: ``transparent_scripts_digest``
|
||||||
|
`````````````````````````````````
|
||||||
|
A BLAKE2b-256 hash of the *transaction serialized form* of the Bitcoin script associated
|
||||||
|
with each transparent input belonging to the transaction.
|
||||||
|
|
||||||
|
The personalization field of this hash is set to::
|
||||||
|
|
||||||
|
"ZTxAuthTransHash"
|
||||||
|
|
||||||
|
2: ``tze_witnesses_digest``
|
||||||
|
```````````````````````````
|
||||||
|
A BLAKE2b-256 hash of the *transaction serialized form* of the witness data associated
|
||||||
|
with each TZE input belonging to the transaction.
|
||||||
|
|
||||||
|
The personalization field of this hash is set to::
|
||||||
|
|
||||||
|
"ZTxAuthTZE__Hash"
|
||||||
|
|
||||||
|
3: ``sprout_sigs_digest``
|
||||||
|
```````````````````````````
|
||||||
|
A BLAKE2b-256 hash of the *transaction serialized form* of the joinsplit signature
|
||||||
|
belonging to the transaction.
|
||||||
|
|
||||||
|
The personalization field of this hash is set to::
|
||||||
|
|
||||||
|
"ZTxAuthSprouHash"
|
||||||
|
|
||||||
|
3: ``sapling_sigs_digest``
|
||||||
|
```````````````````````````
|
||||||
|
A BLAKE2b-256 hash of the *transaction serialized form* of the sapling signature
|
||||||
|
of each Sapling spend description belonging to the transaction, followed by the
|
||||||
|
*transaction serialized form* of the binding signature.
|
||||||
|
|
||||||
|
The personalization field of this hash is set to::
|
||||||
|
|
||||||
|
"ZTxAuthSapliHash"
|
||||||
|
|
||||||
|
--------------------
|
||||||
|
Block Header Changes
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
// TODO: Need @str4d's help here.
|
||||||
|
|
||||||
|
========================
|
||||||
Reference implementation
|
Reference implementation
|
||||||
========================
|
========================
|
||||||
|
|
||||||
- https://github.com/zcash/librustzcash/pull/319/files
|
- https://github.com/zcash/librustzcash/pull/319/files
|
||||||
|
|
||||||
|
==========
|
||||||
References
|
References
|
||||||
==========
|
==========
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue