mirror of https://github.com/zcash/zips.git
Refine the caveat about the claimed security of shielded transactions.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood
parent
7aa8765dc0
commit
4525a1fffd
|
|
@ -1927,12 +1927,13 @@ revealing which one. This implies that a spent \note cannot be linked to the
|
|||
\transaction in which it was created. That is, from an adversary's point of
|
||||
view the set of possibilities for a given \note input to a \transaction
|
||||
---its \noteTraceabilitySet--- includes \emph{all} previous notes that the
|
||||
adversary does not control or know to have been spent.\footnote{We make this claim
|
||||
only for \emph{fully shielded} \transactions. It does not exclude the possibility
|
||||
that an adversary may use metadata-based heuristics such as timing or the number of
|
||||
inputs and outputs to make probabilistic inferences about \transaction linkage.
|
||||
adversary does not control or know to have been spent.\footnotewithlabel{securitycaveat}{We
|
||||
make this claim only for \emph{fully shielded} \transactions. It does not exclude the
|
||||
possibility that an adversary may use data present in the cleartext of a \transaction
|
||||
such as the number of inputs and outputs, or metadata-based heuristics such as timing,
|
||||
to make probabilistic inferences about \transaction linkage.
|
||||
For consequences of this in the case of partially shielded \transactions,
|
||||
see \cite{Peterson2017} and \cite{Quesnelle2017}.} This contrasts with
|
||||
see \cite{Peterson2017}, \cite{Quesnelle2017}, and \cite{KYMM2018}.} This contrasts with
|
||||
other proposals for private payment systems, such as CoinJoin \cite{Bitcoin-CoinJoin}
|
||||
or \CryptoNote \cite{vanSaberh2014}, that are based on mixing of a limited number of
|
||||
transactions and that therefore have smaller \noteTraceabilitySets.
|
||||
|
|
@ -9424,6 +9425,8 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
|||
\item Remove the consensus rule
|
||||
``If $\nJoinSplit > 0$, the \transaction{} \MUSTNOT use \sighashTypes other than $\SIGHASHALL$.'',
|
||||
which was never implemented.
|
||||
\item Clarify the wording of the caveat\footnoteref{securitycaveat} about the claimed security
|
||||
of shielded \transactions.
|
||||
\item Correct the definition of set difference ($S \setminus T$).
|
||||
\sapling{
|
||||
\item Use the more precise subgroup types $\SubgroupG$ and $\SubgroupJ$ in preference to
|
||||
|
|
|
|||
|
|
@ -902,6 +902,17 @@ generic composition paradigm},
|
|||
urldate={2018-04-15}
|
||||
}
|
||||
|
||||
@misc{KYMM2018,
|
||||
presort={KYMM2018},
|
||||
author={George Kappos and Haaroon Yousaf and Mary Maller and Sarah Meiklejohn},
|
||||
title={An {E}mpirical {A}nalysis of {A}nonymity in {Z}cash},
|
||||
howpublished={Preprint, to be presented at the 27th Usenix Security Syposium
|
||||
(Baltimore, Maryland, USA, August~15--17, 2018).},
|
||||
date={2018-05-08},
|
||||
url={https://smeiklej.com/files/usenix18.pdf},
|
||||
urldate={2018-06-05}
|
||||
}
|
||||
|
||||
@misc{EWD-831,
|
||||
presort={EWD-831},
|
||||
author={Edsger W. Dijkstra},
|
||||
|
|
|
|||
Loading…
Reference in New Issue