mirror of https://github.com/zcash/zips.git
Refine the caveat about the claimed security of shielded transactions.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
7aa8765dc0
commit
4525a1fffd
|
@ -1927,12 +1927,13 @@ revealing which one. This implies that a spent \note cannot be linked to the
|
||||||
\transaction in which it was created. That is, from an adversary's point of
|
\transaction in which it was created. That is, from an adversary's point of
|
||||||
view the set of possibilities for a given \note input to a \transaction
|
view the set of possibilities for a given \note input to a \transaction
|
||||||
---its \noteTraceabilitySet--- includes \emph{all} previous notes that the
|
---its \noteTraceabilitySet--- includes \emph{all} previous notes that the
|
||||||
adversary does not control or know to have been spent.\footnote{We make this claim
|
adversary does not control or know to have been spent.\footnotewithlabel{securitycaveat}{We
|
||||||
only for \emph{fully shielded} \transactions. It does not exclude the possibility
|
make this claim only for \emph{fully shielded} \transactions. It does not exclude the
|
||||||
that an adversary may use metadata-based heuristics such as timing or the number of
|
possibility that an adversary may use data present in the cleartext of a \transaction
|
||||||
inputs and outputs to make probabilistic inferences about \transaction linkage.
|
such as the number of inputs and outputs, or metadata-based heuristics such as timing,
|
||||||
|
to make probabilistic inferences about \transaction linkage.
|
||||||
For consequences of this in the case of partially shielded \transactions,
|
For consequences of this in the case of partially shielded \transactions,
|
||||||
see \cite{Peterson2017} and \cite{Quesnelle2017}.} This contrasts with
|
see \cite{Peterson2017}, \cite{Quesnelle2017}, and \cite{KYMM2018}.} This contrasts with
|
||||||
other proposals for private payment systems, such as CoinJoin \cite{Bitcoin-CoinJoin}
|
other proposals for private payment systems, such as CoinJoin \cite{Bitcoin-CoinJoin}
|
||||||
or \CryptoNote \cite{vanSaberh2014}, that are based on mixing of a limited number of
|
or \CryptoNote \cite{vanSaberh2014}, that are based on mixing of a limited number of
|
||||||
transactions and that therefore have smaller \noteTraceabilitySets.
|
transactions and that therefore have smaller \noteTraceabilitySets.
|
||||||
|
@ -9424,6 +9425,8 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
||||||
\item Remove the consensus rule
|
\item Remove the consensus rule
|
||||||
``If $\nJoinSplit > 0$, the \transaction{} \MUSTNOT use \sighashTypes other than $\SIGHASHALL$.'',
|
``If $\nJoinSplit > 0$, the \transaction{} \MUSTNOT use \sighashTypes other than $\SIGHASHALL$.'',
|
||||||
which was never implemented.
|
which was never implemented.
|
||||||
|
\item Clarify the wording of the caveat\footnoteref{securitycaveat} about the claimed security
|
||||||
|
of shielded \transactions.
|
||||||
\item Correct the definition of set difference ($S \setminus T$).
|
\item Correct the definition of set difference ($S \setminus T$).
|
||||||
\sapling{
|
\sapling{
|
||||||
\item Use the more precise subgroup types $\SubgroupG$ and $\SubgroupJ$ in preference to
|
\item Use the more precise subgroup types $\SubgroupG$ and $\SubgroupJ$ in preference to
|
||||||
|
|
|
@ -902,6 +902,17 @@ generic composition paradigm},
|
||||||
urldate={2018-04-15}
|
urldate={2018-04-15}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@misc{KYMM2018,
|
||||||
|
presort={KYMM2018},
|
||||||
|
author={George Kappos and Haaroon Yousaf and Mary Maller and Sarah Meiklejohn},
|
||||||
|
title={An {E}mpirical {A}nalysis of {A}nonymity in {Z}cash},
|
||||||
|
howpublished={Preprint, to be presented at the 27th Usenix Security Syposium
|
||||||
|
(Baltimore, Maryland, USA, August~15--17, 2018).},
|
||||||
|
date={2018-05-08},
|
||||||
|
url={https://smeiklej.com/files/usenix18.pdf},
|
||||||
|
urldate={2018-06-05}
|
||||||
|
}
|
||||||
|
|
||||||
@misc{EWD-831,
|
@misc{EWD-831,
|
||||||
presort={EWD-831},
|
presort={EWD-831},
|
||||||
author={Edsger W. Dijkstra},
|
author={Edsger W. Dijkstra},
|
||||||
|
|
Loading…
Reference in New Issue