From 52a7763e4b02a002586b522f984bf7d29c3df714 Mon Sep 17 00:00:00 2001
From: Daira Emma Hopwood <daira@jacaranda.org>
Date: Thu, 7 Dec 2023 15:33:08 +0000
Subject: [PATCH] ZIP 32: fix a type error in the derivation of dk_i. (The
 intent was clear.)

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
---
 zip-0032.html | 4 +---
 zip-0032.rst  | 4 ++--
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/zip-0032.html b/zip-0032.html
index ba8a8077..6886f5af 100644
--- a/zip-0032.html
+++ b/zip-0032.html
@@ -712,11 +712,9 @@ License: MIT</pre>
                     .</li>
                     <li>Let
                         <span class="math">\(K = \mathsf{I2LEBSP}_{256}(\mathsf{rivk})\)</span>
-                     and let
-                        <span class="math">\(B = \mathsf{repr}_{\mathbb{P}}(\mathsf{ak})\,||\,\mathsf{I2LEBSP}_{256}(\mathsf{nk})\)</span>
                     .</li>
                     <li>
-                        <span class="math">\(\mathsf{dk}_i = \mathsf{truncate}_{32}(\mathsf{PRF^{expand}}(K, [\texttt{0x82}]\,||\,\mathsf{LEBS2OSP}_{512}(B)))\)</span>
+                        <span class="math">\(\mathsf{dk}_i = \mathsf{truncate}_{32}(\mathsf{PRF^{expand}}(K, [\texttt{0x82}] \,||\, \mathsf{I2LEOSP}_{256}(\mathsf{ak}) \,||\, \mathsf{I2LEOSP}_{256}(\mathsf{nk})))\)</span>
                     .</li>
                     <li>Let
                         <span class="math">\(j\)</span>
diff --git a/zip-0032.rst b/zip-0032.rst
index e702501a..6e29ab3b 100644
--- a/zip-0032.rst
+++ b/zip-0032.rst
@@ -457,8 +457,8 @@ key structure.
 Given an Orchard extended spending key :math:`(\mathsf{sk}_i, \mathsf{c}_i)`:
 
 - Let :math:`(\mathsf{ak}, \mathsf{nk}, \mathsf{rivk})` be the Orchard full viewing key for :math:`\mathsf{sk}_i`.
-- Let :math:`K = \mathsf{I2LEBSP}_{256}(\mathsf{rivk})` and let :math:`B = \mathsf{repr}_{\mathbb{P}}(\mathsf{ak})\,||\,\mathsf{I2LEBSP}_{256}(\mathsf{nk})`.
-- :math:`\mathsf{dk}_i = \mathsf{truncate}_{32}(\mathsf{PRF^{expand}}(K, [\texttt{0x82}]\,||\,\mathsf{LEBS2OSP}_{512}(B)))`.
+- Let :math:`K = \mathsf{I2LEBSP}_{256}(\mathsf{rivk})`.
+- :math:`\mathsf{dk}_i = \mathsf{truncate}_{32}(\mathsf{PRF^{expand}}(K, [\texttt{0x82}] \,||\, \mathsf{I2LEOSP}_{256}(\mathsf{ak}) \,||\, \mathsf{I2LEOSP}_{256}(\mathsf{nk})))`.
 - Let :math:`j` be the index of the desired diversifier, in the range :math:`0\,.\!. 2^{88} - 1`.
 - :math:`d_{i,j} = \mathsf{FF1}\text{-}\mathsf{AES256.Encrypt}(\mathsf{dk}_i, \texttt{“”}, \mathsf{I2LEBSP}_{88}(j))`.