zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Correct a bug: esk is only to be checked against ToScalar(PRF^expand_rseed([4])) when the lead byte != 0x01. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2020-07-04 03:24:23 +01:00
parent 5689d59d32
commit 47a2c78990
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
protocol/protocol.tex
View File

@ -5736,8 +5736,7 @@ from $\TransmitPlaintext{}$
\canopyonwarditem{if $\BlockHeight < \CanopyActivationHeight + \ZIPTwoOneTwoGracePeriod \text{ and } \NotePlaintextLeadByte \not\in \setof{\hexint{01}, \hexint{02}}$, return $\bot$}
\canopyonwarditem{if $\BlockHeight \geq \CanopyActivationHeight + \ZIPTwoOneTwoGracePeriod \text{ and } \NotePlaintextLeadByte \neq \hexint{02}$, return $\bot$}
\vspace{-0.25ex}
\canopyonwarditem{let $\EphemeralPrivate' = \ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{04})\kern-0.11em\big)$}
\canopyonwarditem{if $\EphemeralPrivate' \neq \EphemeralPrivate$, return $\bot$}
\canopyonwarditem{if $\NotePlaintextLeadByte \neq \hexint{01}$ and $\ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{04})\kern-0.11em\big) \neq \EphemeralPrivate$, return $\bot$}
\canopyonwarditem{let $\NoteCommitRandBytes = \begin{cases}
\NoteSeedBytes,&\caseif \NotePlaintextLeadByte = \hexint{01} \\
\ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{05})\kern-0.11em\big),&\caseotherwise
@ -10521,6 +10520,9 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
\canopy{
\item Specify that \shieldedOutputs of \coinbaseTransactions \MUST use v2 \notePlaintexts after
\Canopy activation.
\item Correct a bug in \crossref{saplingdecryptovk}: $\EphemeralPrivate$ is only to be checked
against $\ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{04})\kern-0.11em\big)$
when $\NotePlaintextLeadByte \neq \hexint{01}$.
}
\end{itemize}