mirror of https://github.com/zcash/zips.git
Correct the argument that the sum of value commitments is in range.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
001474760a
commit
432e39ee4c
|
@ -4503,9 +4503,13 @@ $\vSum = 0$, we also need to demonstrate that it does not overflow $\ValueCommit
|
|||
|
||||
The $\spendStatements$ prove that all of $\vOld{\alln}$ are in $\ValueType$.
|
||||
Similarly the $\outputStatements$ prove that all of $\vNew{\allm}$ are in $\ValueType$.
|
||||
Also, $n \mult (2^{\ValueLength}-1)$ and $(m+1) \mult (2^{\ValueLength}-1)$ do not exceed $\SignedScalarLimitJ$.
|
||||
This is sufficient to conclude that $\ssum{i=1}{n} \vOld{i} - \ssum{j=1}{m} \vNew{j} - \vBalance$
|
||||
does not overflow $\ValueCommitType$.
|
||||
$\vBalance$ is encoded in the \transaction as a signed two's complement $64$-bit integer
|
||||
in the range $\range{-2^{63}}{2^{63}-1}$. $\ValueLength$ is defined as 64, so $\vSum$
|
||||
is in the range $\range{-m \mult (2^{64}-1) - 2^{63} + 1}{n \mult (2^{64}-1) + 2^{63}}$.
|
||||
The maximum \transaction size of $2$ MB limits $n$ to at most $\floor{\frac{2000000}{384}} = 5208$
|
||||
and $m$ to at most $\floor{\frac{2000000}{948}} = 2109$, ensuring
|
||||
$\vSum \in \range{-38913406623490299131842}{96079866507916199586728}$
|
||||
which is a subrange of $\ValueCommitType$.
|
||||
|
||||
Thus checking the \bindingSignature ensures that the \transaction balances, without
|
||||
the individual values of the \spendDescriptions and \outputDescriptions being revealed.
|
||||
|
@ -9545,6 +9549,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
|||
\item Add a consensus rule that $\valueBalance$ is in the range $\range{-\MAXMONEY}{\MAXMONEY}$.
|
||||
\item Enforce stronger constraints on the types of key components $\DiversifiedTransmitPublic$,
|
||||
$\AuthSignPublic$, and $\AuthProvePublic$.
|
||||
\item Correct the argument that $\vSum$ is in range in \crossref{saplingbalance}.
|
||||
\item Correct or improve the types of $\GroupJHash{}$, $\FindGroupJHash$, $\ExtractJ$, $\PRFexpand{}$,
|
||||
$\PRFock{}$, and $\CRHivk$.
|
||||
\item Instantiate $\PRFock{}$ using $\BlakeTwob{256}$.
|
||||
|
|
Loading…
Reference in New Issue