zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Refine the caveat about the claimed security of shielded transactions. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2018-06-22 22:22:31 +01:00
parent 7aa8765dc0
commit 4525a1fffd
2 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
protocol/protocol.tex
View File

@ -1927,12 +1927,13 @@ revealing which one. This implies that a spent \note cannot be linked to the
\transaction in which it was created. That is, from an adversary's point of \transaction in which it was created. That is, from an adversary's point of
view the set of possibilities for a given \note input to a \transaction view the set of possibilities for a given \note input to a \transaction
---its \noteTraceabilitySet--- includes \emph{all} previous notes that the ---its \noteTraceabilitySet--- includes \emph{all} previous notes that the
adversary does not control or know to have been spent.\footnote{We make this claim adversary does not control or know to have been spent.\footnotewithlabel{securitycaveat}{We
only for \emph{fully shielded} \transactions. It does not exclude the possibility make this claim only for \emph{fully shielded} \transactions. It does not exclude the
that an adversary may use metadata-based heuristics such as timing or the number of possibility that an adversary may use data present in the cleartext of a \transaction
inputs and outputs to make probabilistic inferences about \transaction linkage. such as the number of inputs and outputs, or metadata-based heuristics such as timing,
to make probabilistic inferences about \transaction linkage.
For consequences of this in the case of partially shielded \transactions, For consequences of this in the case of partially shielded \transactions,
see \cite{Peterson2017} and \cite{Quesnelle2017}.} This contrasts with see \cite{Peterson2017}, \cite{Quesnelle2017}, and \cite{KYMM2018}.} This contrasts with
other proposals for private payment systems, such as CoinJoin \cite{Bitcoin-CoinJoin} other proposals for private payment systems, such as CoinJoin \cite{Bitcoin-CoinJoin}
or \CryptoNote \cite{vanSaberh2014}, that are based on mixing of a limited number of or \CryptoNote \cite{vanSaberh2014}, that are based on mixing of a limited number of
transactions and that therefore have smaller \noteTraceabilitySets. transactions and that therefore have smaller \noteTraceabilitySets.
@ -9424,6 +9425,8 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
\item Remove the consensus rule \item Remove the consensus rule
``If $\nJoinSplit > 0$, the \transaction{} \MUSTNOT use \sighashTypes other than $\SIGHASHALL$.'', ``If $\nJoinSplit > 0$, the \transaction{} \MUSTNOT use \sighashTypes other than $\SIGHASHALL$.'',
which was never implemented. which was never implemented.
\item Clarify the wording of the caveat\footnoteref{securitycaveat} about the claimed security
of shielded \transactions.
\item Correct the definition of set difference ($S \setminus T$). \item Correct the definition of set difference ($S \setminus T$).
\sapling{ \sapling{
\item Use the more precise subgroup types $\SubgroupG$ and $\SubgroupJ$ in preference to \item Use the more precise subgroup types $\SubgroupG$ and $\SubgroupJ$ in preference to

11
protocol/zcash.bib
View File

@ -902,6 +902,17 @@ generic composition paradigm},
urldate={2018-04-15} urldate={2018-04-15}
} }
@misc{KYMM2018,
presort={KYMM2018},
author={George Kappos and Haaroon Yousaf and Mary Maller and Sarah Meiklejohn},
title={An {E}mpirical {A}nalysis of {A}nonymity in {Z}cash},
howpublished={Preprint, to be presented at the 27th Usenix Security Syposium
(Baltimore, Maryland, USA, August~15--17, 2018).},
date={2018-05-08},
url={https://smeiklej.com/files/usenix18.pdf},
urldate={2018-06-05}
}
@misc{EWD-831, @misc{EWD-831,
presort={EWD-831}, presort={EWD-831},
author={Edsger W. Dijkstra}, author={Edsger W. Dijkstra},