diff --git a/protocol/protocol.tex b/protocol/protocol.tex index f7bc4f2f..a8df5440 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -10483,6 +10483,12 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}. \sapling{ \item Define \Sapling \notePlaintextLeadBytes as just bytes (so that decoding to a \notePlaintext always succeeds, and error handling is more explicit). + \item Fix a sign error in the fixed-base term of the batch validation equation in + \crossref{reddsabatchvalidate}. +} +\canopy{ + \item Fix a sign error in the fixed-base term of the batch validation equation in + \crossref{ed25519batchvalidate}. } \end{itemize} @@ -13339,11 +13345,11 @@ Define $\RedDSABatchValidate \typecolon (\Entry{\barerange{0}{N-1}} \typecolon \ \vspace{1ex} \begin{itemize} \item for all $j \in \range{0}{N-1}$, $\RedDSASigR{j} \neq \bot$ and $\RedDSASigS{j} < \ParamG{r}$; and - \item $\scalarmult{\ParamG{h}}{\Big(\Bigscalarmult{\ssum{j=0}{N-1}{(z_j \mult \RedDSASigS{j}) - \pmod{\ParamG{r}}}}{\GenG{}} + \ssum{j=0}{N-1}{\big(\scalarmult{z_j}{\RedDSASigR{j}} + \scalarmult{z_j \mult \RedDSASigc{j} \pmod{\ParamG{r}}}{\vk_j}\big)}\!\Big)} + \item $\scalarmult{\ParamG{h}}{\Big(-\!\Bigscalarmult{\ssum{j=0}{N-1}{(z_j \mult \RedDSASigS{j}) + \pmod{\ParamG{r}}}}{\GenG{}} + = \ZeroG{}$, \end{itemize} \vspace{-1ex} @@ -13523,8 +13529,8 @@ Define $\EdSpecificBatchValidate \typecolon (\Entry{\barerange{0}{N-1}} \typecol \vspace{1ex} \begin{itemize} \item for all $j \in \range{0}{N-1}$, $\EdDSASigR{j} \neq \bot$; and - \item $\scalarmult{8}{\Big(\Bigscalarmult{\ssum{j=0}{N-1}{(z_j \mult \EdDSASigS{j}) - \pmod{\ell}}}{\EdDSABase} + + \item $\scalarmult{8}{\Big(-\!\Bigscalarmult{\ssum{j=0}{N-1}{(z_j \mult \EdDSASigS{j}) + \pmod{\ell}}}{\EdDSABase} + \ssum{j=0}{N-1}{\big(\scalarmult{z_j}{\EdDSASigR{j}} + \scalarmult{z_j \mult \EdDSASigc{j} \pmod{\ell}}{\EdDSASigA{j}}\big)}\!\Big)}