zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Correct explanation of commitments in overview to apply to Sapling. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2018-04-20 04:01:09 +01:00
parent 9cfe4b9243
commit 49ab63e322
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
protocol/protocol.tex
View File

@ -1739,16 +1739,16 @@ a \paymentAddress, which is a destination to which \notes can be sent.
As in \Bitcoin, this is associated with a private key that can be used to
spend \notes sent to the address; in \Zcash this is called a \spendingKey.
To each \note there is cryptographically associated a \noteCommitment, and
a \nullifier\footnoteref{notesandnullifiers} (so that there is a 1:1:1 relation
between \notes, \noteCommitments, and \nullifiers). Computing the \nullifier
requires the associated private \spendingKey\sapling{ (or the \nullifierKey for \Sapling \notes)}.
It is infeasible to correlate the \noteCommitment with the corresponding
\nullifier without knowledge of at least this \sprout{\spendingKey}\notsprout{key}.
An unspent valid \note, at a given point on the \blockchain,
is one for which the \noteCommitment has been publically revealed on the
\blockchain prior to that point, but the \nullifier has not.
\notsprout{\todo{The ``1:1:1'' part isn't correct for \Sapling.}}
To each \note there is cryptographically associated a \noteCommitment. Once the
\transaction creating the \note has been mined, it is associated with a fixed
\notePosition in a tree of \noteCommitments, and with a \nullifier\footnoteref{notesandnullifiers}
unique to that \note. Computing the \nullifier requires the associated private
\spendingKey\sapling{ (or the \nullifierKey for \Sapling \notes)}.
It is infeasible to correlate the \noteCommitment or \notePosition with the
corresponding \nullifier without knowledge of at least this
\sprout{\spendingKey}\notsprout{key}. An unspent valid \note, at a given point
on the \blockchain, is one for which the \noteCommitment has been publically
revealed on the \blockchain prior to that point, but the \nullifier has not.
\introlist
A \transaction can contain \transparent inputs, outputs, and scripts, which all
@ -8775,6 +8775,7 @@ Daira Hopwood, Sean Bowe, and Jack Grigg.
\item Refactor the abstract definition of a \signatureScheme to allow derivation
of verifying keys independent of key pair generation.
\sapling{
\item Correct the explanation in \crossref{overview} to apply to \Sapling.
\item Add the definition of a private key to public key homomorphism for \signatureSchemes.
\item Remove the output index as an input to $\KDFSapling$.
\item Allow dummy \Sapling input \notes.