mirror of https://github.com/zcash/zips.git
Add a paragraph to \crossref{truncation} covering Orchard.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
748e6f8f37
commit
4804f6040e
|
@ -13970,6 +13970,16 @@ no need for truncation in the inputs to any of these hashes. Note however that t
|
|||
$\BlakeTwosGeneric$ truncated to $251$ bits (see \crossref{concretecrhivk}).
|
||||
}
|
||||
|
||||
\nufive{
|
||||
\Orchard replaces \xPedersenHashes by \xSinsemillaHashes which can also be efficiently
|
||||
instantiated for arbitrary input lengths. It replaces uses of $\BlakeTwosGeneric$ in the
|
||||
circuit by the \commitmentScheme $\CommitIvk{}$, and by a construction for \nullifier
|
||||
derivation that uses the $\Poseidon$-based $\PRFnf{Orchard}{}$ (along with scalar
|
||||
multiplication on the \pallasCurve). Again, there is no need for truncation in the
|
||||
inputs to any of these functions, and the need for truncation in the derivation of
|
||||
$\InViewingKey$ is removed.
|
||||
} %nufive
|
||||
|
||||
\lsubsection{In-band secret distribution}{inbandrationale}
|
||||
|
||||
\Zerocash specified ECIES (referencing Certicom's SEC 1 standard) as the
|
||||
|
@ -14259,6 +14269,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
|||
\item Vanity \diversifiers are not an issue for \Orchard given that it does not have its own
|
||||
\paymentAddress format, and given the use of ``jumbling'' (\cite{ZIP-316}) in
|
||||
\unifiedPaymentAddresses. Remove the corresponding note from \crossref{orchardkeycomponents}.
|
||||
\item Add a paragraph to \crossref{truncation} covering \Orchard.
|
||||
\item Clarify the definition of $\pad$ in \crossref{concretesinsemillahash} by
|
||||
disambiguating $\Mpieces$ from $\Mpadded$.
|
||||
} %nufive
|
||||
|
|
Loading…
Reference in New Issue