From 47a2c7899044b0a81cfa8a9814aab9367b3ad0f1 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Sat, 4 Jul 2020 03:24:23 +0100 Subject: [PATCH] Correct a bug: esk is only to be checked against ToScalar(PRF^expand_rseed([4])) when the lead byte != 0x01. Signed-off-by: Daira Hopwood --- protocol/protocol.tex | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/protocol/protocol.tex b/protocol/protocol.tex index e8a950a6..6fa21251 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -5736,8 +5736,7 @@ from $\TransmitPlaintext{}$ \canopyonwarditem{if $\BlockHeight < \CanopyActivationHeight + \ZIPTwoOneTwoGracePeriod \text{ and } \NotePlaintextLeadByte \not\in \setof{\hexint{01}, \hexint{02}}$, return $\bot$} \canopyonwarditem{if $\BlockHeight \geq \CanopyActivationHeight + \ZIPTwoOneTwoGracePeriod \text{ and } \NotePlaintextLeadByte \neq \hexint{02}$, return $\bot$} \vspace{-0.25ex} - \canopyonwarditem{let $\EphemeralPrivate' = \ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{04})\kern-0.11em\big)$} - \canopyonwarditem{if $\EphemeralPrivate' \neq \EphemeralPrivate$, return $\bot$} + \canopyonwarditem{if $\NotePlaintextLeadByte \neq \hexint{01}$ and $\ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{04})\kern-0.11em\big) \neq \EphemeralPrivate$, return $\bot$} \canopyonwarditem{let $\NoteCommitRandBytes = \begin{cases} \NoteSeedBytes,&\caseif \NotePlaintextLeadByte = \hexint{01} \\ \ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{05})\kern-0.11em\big),&\caseotherwise @@ -10521,6 +10520,9 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}. \canopy{ \item Specify that \shieldedOutputs of \coinbaseTransactions \MUST use v2 \notePlaintexts after \Canopy activation. + \item Correct a bug in \crossref{saplingdecryptovk}: $\EphemeralPrivate$ is only to be checked + against $\ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{04})\kern-0.11em\big)$ + when $\NotePlaintextLeadByte \neq \hexint{01}$. } \end{itemize}