zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Define DiversifyHash. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2018-07-06 02:36:25 +01:00
parent ebecd8c1ff
commit 42506f08bd
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
zip-0032.rst
View File

@ -84,6 +84,9 @@ Most of the notation and functions used in this ZIP are defined in the Sapling p
- ToScalar(*x*) := LEOS2IP\ :sub:`512`\ (*x*) (mod *r*\ :sub:`J`\ ), where *r*\ :sub:`J` \ is the order
of the Jubjub large prime subgroup.
- DiversifyHash(*d*) maps a diversifier *d* to a base point on the Jubjub elliptic curve, or to ⊥ if the
diversifier is invalid. It is instantiated in [#sapling-spec]_ section 5.4.1.6.
The following algorithm standardized in [#NIST-SP-800-38G]_ is used:
- FF1-AES256.Encrypt(*key*, *tweak*, *x*) refers to the FF1 encryption algorithm using AES with a