mirror of https://github.com/zcash/zips.git
Correct explanation of commitments in overview to apply to Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
9cfe4b9243
commit
49ab63e322
|
@ -1739,16 +1739,16 @@ a \paymentAddress, which is a destination to which \notes can be sent.
|
|||
As in \Bitcoin, this is associated with a private key that can be used to
|
||||
spend \notes sent to the address; in \Zcash this is called a \spendingKey.
|
||||
|
||||
To each \note there is cryptographically associated a \noteCommitment, and
|
||||
a \nullifier\footnoteref{notesandnullifiers} (so that there is a 1:1:1 relation
|
||||
between \notes, \noteCommitments, and \nullifiers). Computing the \nullifier
|
||||
requires the associated private \spendingKey\sapling{ (or the \nullifierKey for \Sapling \notes)}.
|
||||
It is infeasible to correlate the \noteCommitment with the corresponding
|
||||
\nullifier without knowledge of at least this \sprout{\spendingKey}\notsprout{key}.
|
||||
An unspent valid \note, at a given point on the \blockchain,
|
||||
is one for which the \noteCommitment has been publically revealed on the
|
||||
\blockchain prior to that point, but the \nullifier has not.
|
||||
\notsprout{\todo{The ``1:1:1'' part isn't correct for \Sapling.}}
|
||||
To each \note there is cryptographically associated a \noteCommitment. Once the
|
||||
\transaction creating the \note has been mined, it is associated with a fixed
|
||||
\notePosition in a tree of \noteCommitments, and with a \nullifier\footnoteref{notesandnullifiers}
|
||||
unique to that \note. Computing the \nullifier requires the associated private
|
||||
\spendingKey\sapling{ (or the \nullifierKey for \Sapling \notes)}.
|
||||
It is infeasible to correlate the \noteCommitment or \notePosition with the
|
||||
corresponding \nullifier without knowledge of at least this
|
||||
\sprout{\spendingKey}\notsprout{key}. An unspent valid \note, at a given point
|
||||
on the \blockchain, is one for which the \noteCommitment has been publically
|
||||
revealed on the \blockchain prior to that point, but the \nullifier has not.
|
||||
|
||||
\introlist
|
||||
A \transaction can contain \transparent inputs, outputs, and scripts, which all
|
||||
|
@ -8775,6 +8775,7 @@ Daira Hopwood, Sean Bowe, and Jack Grigg.
|
|||
\item Refactor the abstract definition of a \signatureScheme to allow derivation
|
||||
of verifying keys independent of key pair generation.
|
||||
\sapling{
|
||||
\item Correct the explanation in \crossref{overview} to apply to \Sapling.
|
||||
\item Add the definition of a private key to public key homomorphism for \signatureSchemes.
|
||||
\item Remove the output index as an input to $\KDFSapling$.
|
||||
\item Allow dummy \Sapling input \notes.
|
||||
|
|
Loading…
Reference in New Issue