zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cleanups

This commit is contained in:
str4d 2018-02-26 22:59:28 +00:00
parent 349b4cf324
commit 3d0c5ecb4c
No known key found for this signature in database
GPG Key ID: 665DBCD284F7DAFF
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
drafts/str4d-overwinter-sighash/draft1.rst
View File

@ -43,7 +43,7 @@ Unfortunately, there are at least 2 weaknesses in the original SignatureHash tra
transaction. Therefore, data hashing grows in O(n\ :sup:`2`) as the number of sigops in a transaction
increases. While a 1 MB block would normally take 2 seconds to verify with an average computer in 2015, a
1MB transaction with 5569 sigops may take 25 seconds to verify. This could be fixed by optimizing the digest
algorithm by introducing some reusable “midstate”, so the time complexity becomes O(n). [#quadratic]_
algorithm by introducing some reusable "midstate", so the time complexity becomes O(n). [#quadratic]_
* The algorithm does not involve the value being spent by the input. This is usually not a problem for online
network nodes as they could request for the specified transaction to acquire the output value. For an
@ -73,7 +73,7 @@ A new transaction digest algorithm is defined::
7. nLockTime of the transaction (4-byte little endian)
8. nExpiryHeight of the transaction (4-byte little endian)
9. sighash type of the signature (4-byte little endian)
10. If we are serializing an input (ie. this is not a JoinSplit signature hash):
10. If we are serializing an input (i.e. this is not a JoinSplit signature hash):
a. outpoint (32-byte hash + 4-byte little endian)
b. scriptCode of the input (serialized as scripts inside CTxOuts)
c. value of the output spent by this input (8-byte little endian)
@ -84,7 +84,7 @@ replay protection inspired by BUIP-HF v1.2. [#BUIP-HF]_
The new algorithm MUST be used for signatures created over the Overwinter transaction format.
[#ZIP-overwinter-tx-format]_ Combined with the new consensus rule that v1 and v2 transaction formats will be
invalid from the Overwinter upgrade, [#ZIP-overwinter-tx-format]_ this effectively means that all transactions
invalid from the Overwinter upgrade, [#ZIP-overwinter-tx-format]_ this effectively means that all transaction
signatures from the Overwinter activation height will use the new algorithm. [#ZIP0000]_
The BLAKE2b-256 personalization field [#BLAKE2-personalization]_ is set to::
@ -180,13 +180,13 @@ is the same script as serialized in the Sprout transaction digest algorithm.
10c: value
`````````
An 8-byte value of the amount of ZEC spent in this input.
An 8-byte little-endian value of the amount, in zatoshi, spent in this input.
Notes
-----
The ``hashPrevouts``, ``hashSequence``, ``hashOutputs``, and ``hashJoinSplits`` calculated in an earlier
verification may be reused in other inputs of the same transaction, so that the time complexity of the whole
verification can be reused in other inputs of the same transaction, so that the time complexity of the whole
hashing process reduces from O(n\ :sup:`2`) to O(n).
Refer to the reference implementation, reproduced below, for the precise algorithm:
@ -202,6 +202,7 @@ Refer to the reference implementation, reproduced below, for the precise algorit
const unsigned char ZCASH_JOINSPLITS_HASH_PERSONALIZATION[16] =
{'Z','c','a','s','h','J','S','p','l','i','t','s','H','a','s','h'};
// The default values are zeroes
uint256 hashPrevouts;
uint256 hashSequence;
uint256 hashOutputs;
@ -317,7 +318,7 @@ References
* `New Bitcoin vulnerability: A transaction that takes at least 3 minutes to verify <https://bitcointalk.org/?topic=140078>`_
* `The Megatransaction: Why Does It Take 25 Seconds? <http://rusty.ozlabs.org/?p=522>`_
.. [#offline-wallets] `SIGHASH_WITHINPUTVALUE: Super-lightweight HW wallets and offline data <https://bitcointalk.org/index.php?topic=181734.0>`_
.. [#BIP0143] `Transaction Signature Verification for Version 0 Witness Program <https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki>`_
.. [#BIP0143] `BIP 143: Transaction Signature Verification for Version 0 Witness Program <https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki>`_
.. [#BUIP-HF] `BUIP-HF Digest for replay protected signature verification across hard forks, version 1.2 <https://github.com/Bitcoin-ABC/bitcoin-abc/blob/master/doc/abc/replay-protected-sighash.md>`_
.. [#ZIP0000] ZIP???: Overwinter Network Upgrade
.. [#ZIP-activation-mechanism] ZIP???: Network Upgrade Activation Mechanism