Fix sign errors in the fixed-base terms of the batch validation equations in Appendices B.1 and B.3.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-26 19:11:47 +01:00 · 2020-06-26 19:11:47 +01:00 · 45c2b616e2
parent 3e98e63a6c
commit 45c2b616e2
1 changed files with 10 additions and 4 deletions
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@ -10483,6 +10483,12 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
 \sapling{
    \item Define \Sapling \notePlaintextLeadBytes as just bytes (so that decoding to a \notePlaintext
          always succeeds, and error handling is more explicit).
+    \item Fix a sign error in the fixed-base term of the batch validation equation in
+          \crossref{reddsabatchvalidate}.
+}
+\canopy{
+    \item Fix a sign error in the fixed-base term of the batch validation equation in
+          \crossref{ed25519batchvalidate}.
 }
 \end{itemize}

@ -13339,11 +13345,11 @@ Define $\RedDSABatchValidate \typecolon (\Entry{\barerange{0}{N-1}} \typecolon \
        \vspace{1ex}
        \begin{itemize}
          \item for all $j \in \range{0}{N-1}$, $\RedDSASigR{j} \neq \bot$ and $\RedDSASigS{j} < \ParamG{r}$; and
-          \item $\scalarmult{\ParamG{h}}{\Big(\Bigscalarmult{\ssum{j=0}{N-1}{(z_j \mult \RedDSASigS{j})
-                                                                             \pmod{\ParamG{r}}}}{\GenG{}} +
                                              \ssum{j=0}{N-1}{\big(\scalarmult{z_j}{\RedDSASigR{j}} +
                                                                   \scalarmult{z_j \mult \RedDSASigc{j}
                                                                               \pmod{\ParamG{r}}}{\vk_j}\big)}\!\Big)}
+          \item $\scalarmult{\ParamG{h}}{\Big(-\!\Bigscalarmult{\ssum{j=0}{N-1}{(z_j \mult \RedDSASigS{j})
+                                                                                \pmod{\ParamG{r}}}}{\GenG{}} +
                = \ZeroG{}$,
        \end{itemize}
        \vspace{-1ex}
@ -13523,8 +13529,8 @@ Define $\EdSpecificBatchValidate \typecolon (\Entry{\barerange{0}{N-1}} \typecol
        \vspace{1ex}
        \begin{itemize}
          \item for all $j \in \range{0}{N-1}$, $\EdDSASigR{j} \neq \bot$; and
-          \item $\scalarmult{8}{\Big(\Bigscalarmult{\ssum{j=0}{N-1}{(z_j \mult \EdDSASigS{j})
-                                                                    \pmod{\ell}}}{\EdDSABase} +
+          \item $\scalarmult{8}{\Big(-\!\Bigscalarmult{\ssum{j=0}{N-1}{(z_j \mult \EdDSASigS{j})
+                                                                       \pmod{\ell}}}{\EdDSABase} +
                                     \ssum{j=0}{N-1}{\big(\scalarmult{z_j}{\EdDSASigR{j}} +
                                                          \scalarmult{z_j \mult \EdDSASigc{j}
                                                                      \pmod{\ell}}{\EdDSASigA{j}}\big)}\!\Big)}