mirror of https://github.com/zcash/zips.git
Correct some uses of r_J that should have been r_S or q.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
dc41de37f3
commit
5524822ed5
|
@ -2165,7 +2165,7 @@ appropriate length given by the type of $a$.
|
||||||
|
|
||||||
\notsprout{
|
\notsprout{
|
||||||
$\ssqrt{a}$, where $a \typecolon \GF{q}$, means the positive
|
$\ssqrt{a}$, where $a \typecolon \GF{q}$, means the positive
|
||||||
(i.e.\ in the range $\range{0}{\hfrac{\ParamJ{r}-1}{2}}$)
|
(i.e.\ in the range $\range{0}{\hfrac{q-1}{2}}$)
|
||||||
square root of $a$ in $\GF{q}$. It is only used in cases where the
|
square root of $a$ in $\GF{q}$. It is only used in cases where the
|
||||||
square root must exist.
|
square root must exist.
|
||||||
|
|
||||||
|
@ -4930,7 +4930,7 @@ For details of the form and encoding of \spendStatement proofs, see \crossref{gr
|
||||||
|
|
||||||
The $\ValueCommitOutput$ and $\SpendAuthSigPublic$ types also represent points, i.e. $\GroupJ$.
|
The $\ValueCommitOutput$ and $\SpendAuthSigPublic$ types also represent points, i.e. $\GroupJ$.
|
||||||
\item In the Merkle path validity check, each \merkleLayer does \emph{not} check that its
|
\item In the Merkle path validity check, each \merkleLayer does \emph{not} check that its
|
||||||
input bit sequence is a canonical encoding (in $\range{0}{\ParamJ{r}-1}$) of the integer
|
input bit sequence is a canonical encoding (in $\range{0}{\ParamS{r}-1}$) of the integer
|
||||||
from the previous \merkleLayer.
|
from the previous \merkleLayer.
|
||||||
\item It is \emph{not} checked in the \spendStatement that $\AuthSignRandomizedPublic$ is not of
|
\item It is \emph{not} checked in the \spendStatement that $\AuthSignRandomizedPublic$ is not of
|
||||||
small order. However, this \emph{is} checked outside the \spendStatement, as specified in
|
small order. However, this \emph{is} checked outside the \spendStatement, as specified in
|
||||||
|
@ -6130,10 +6130,10 @@ $(D \typecolon \byteseq{8}$, $M \typecolon \bitseq{\PosInt})$ such that $\Select
|
||||||
The latter can only be the affine-Edwards $u$-coordinate of a point in $\strut\GroupJ$.
|
The latter can only be the affine-Edwards $u$-coordinate of a point in $\strut\GroupJ$.
|
||||||
We show that there are no points in $\GroupJ$ with affine-Edwards $u$-coordinate $1$.
|
We show that there are no points in $\GroupJ$ with affine-Edwards $u$-coordinate $1$.
|
||||||
Suppose for a contradiction that $(u, \varv) \in \GroupJ$ for $u = 1$ and some
|
Suppose for a contradiction that $(u, \varv) \in \GroupJ$ for $u = 1$ and some
|
||||||
$\varv \typecolon \GF{\ParamJ{r}}$. By writing the curve equation as
|
$\varv \typecolon \GF{\ParamS{r}}$. By writing the curve equation as
|
||||||
$\varv^2 = (1 - \ParamJ{a} \smult u^2) / (1 - \ParamJ{d} \smult u^2)$, and noting that
|
$\varv^2 = (1 - \ParamJ{a} \smult u^2) / (1 - \ParamJ{d} \smult u^2)$, and noting that
|
||||||
$1 - \ParamJ{d} \smult u^2 \neq 0$, we have $\varv^2 = (1 - \ParamJ{a}) / (1 - \ParamJ{d})$.
|
$1 - \ParamJ{d} \smult u^2 \neq 0$, we have $\varv^2 = (1 - \ParamJ{a}) / (1 - \ParamJ{d})$.
|
||||||
The right-hand-side is a nonsquare in $\GF{\ParamJ{r}}$, so there are no solutions for $\varv$
|
The right-hand-side is a nonsquare in $\GF{\ParamS{r}}$, so there are no solutions for $\varv$
|
||||||
(contradiction).
|
(contradiction).
|
||||||
\end{proof}
|
\end{proof}
|
||||||
} %sapling
|
} %sapling
|
||||||
|
@ -9776,6 +9776,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item No changes to \Sprout.
|
\item No changes to \Sprout.
|
||||||
\sapling{
|
\sapling{
|
||||||
|
\item Correct some uses of $\ParamJ{r}$ that should have been $\ParamS{r}$ or $q$.
|
||||||
\item Minor changes to avoid clashing notation, affecting extractors
|
\item Minor changes to avoid clashing notation, affecting extractors
|
||||||
$\Extractor{\Adversary}$, Edwards curves $\Edwards{a,d}$, and Montgomery curves
|
$\Extractor{\Adversary}$, Edwards curves $\Edwards{a,d}$, and Montgomery curves
|
||||||
$\Montgomery{A,B}$.
|
$\Montgomery{A,B}$.
|
||||||
|
@ -10848,7 +10849,7 @@ the wrong answer. We must ensure that these cases do not arise.
|
||||||
We will need the theorem below about $y$-coordinates of points on
|
We will need the theorem below about $y$-coordinates of points on
|
||||||
Montgomery curves.
|
Montgomery curves.
|
||||||
|
|
||||||
\fact{$\ParamM{A}^2 - 4$ is a nonsquare in $\GF{\ParamJ{r}}$.}
|
\fact{$\ParamM{A}^2 - 4$ is a nonsquare in $\GF{\ParamS{r}}$.}
|
||||||
|
|
||||||
\begin{theorem} \label{thmmontynotzero}
|
\begin{theorem} \label{thmmontynotzero}
|
||||||
Let $P = (x, y)$ be a point other than $(0, 0)$ on a Montgomery curve $\Montgomery{A,B}$
|
Let $P = (x, y)$ be a point other than $(0, 0)$ on a Montgomery curve $\Montgomery{A,B}$
|
||||||
|
|
Loading…
Reference in New Issue