mirror of https://github.com/zcash/zips.git
Specify (as a note in \crossref{actionstatement}) the encoding of primary inputs to the action circuit.
This uses new helper functions $\Selectx$ and $\Selecty$ defined in \crossref{concreteextractorpallas}.
The specification of Extract_P has also been refactored to use $\Selectx$ (this does not change the Orchard protocol).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood
parent
6a0c15df29
commit
5fa8a60b08
|
|
@ -2077,6 +2077,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\newcommand{\Generator}{\mathcal{P}}
|
||||
\newcommand{\Selectu}{\scalebox{1.53}{$u$}}
|
||||
\newcommand{\Selectv}{\scalebox{1.53}{$\varv$}}
|
||||
\newcommand{\Selectx}{\scalebox{1.53}{$x$}}
|
||||
\newcommand{\Selecty}{\scalebox{1.53}{$y$}}
|
||||
\newcommand{\subgroupr}{(\kern-0.075emr\kern-0.075em)}
|
||||
\newcommand{\Extract}{\mathsf{Extract}}
|
||||
\newcommand{\GroupHash}{\mathsf{GroupHash}}
|
||||
|
|
@ -6957,10 +6959,10 @@ Let $\ValueCommitAlg{Orchard}$, $\NoteCommitAlg{Orchard}$, and $\CommitIvkAlg$ b
|
|||
Let $\SpendAuthSig{Orchard}$ be as defined in \crossref{concretespendauthsig}.
|
||||
|
||||
\vspace{-0.25ex}
|
||||
Let $\GroupP$, $\GroupPstar$, $\GroupPx$, $\reprP$, $\ParamP{q}$, and $\ParamP{r}$ be as defined in \crossref{pallasandvesta}.
|
||||
Let $\GroupP$, $\GroupPstar$, $\reprP$, $\ParamP{q}$, and $\ParamP{r}$ be as defined in \crossref{pallasandvesta}.
|
||||
|
||||
\vspace{-0.25ex}
|
||||
Let $\ExtractP$ and $\ExtractPbot$ be as defined in \crossref{concreteextractorpallas}.
|
||||
Let $\Selectx$, $\Selecty$, $\GroupPx$, $\ExtractP$, and $\ExtractPbot$ be as defined in \crossref{concreteextractorpallas}.
|
||||
|
||||
\vspace{-0.25ex}
|
||||
Let $\DeriveNullifierAlg$ be as defined in \crossref{commitmentsandnullifiers}.
|
||||
|
|
@ -7055,6 +7057,13 @@ $\vNew{} = 0$ or $\enableOutputs = 1$.
|
|||
For details of the form and encoding of \actionStatement proofs, see \crossref{halo2}.
|
||||
|
||||
\begin{pnotes}
|
||||
\item The \primaryInputs are encoded as the following sequence of type $\typeexp{\GF{\ParamP{q}}}{8}$: \\
|
||||
$\big[\,\rt{Orchard} \pmod{\ParamP{q}}, \Selectx\Of{\cvNet{}}, \Selecty\Of{\cvNet{}},
|
||||
\nfOld{} \pmod{\ParamP{q}}, \Selectx\Of{\AuthSignRandomizedPublic}, \Selecty\Of{\AuthSignRandomizedPublic},
|
||||
\cmX \!\pmod{\ParamP{q}}, \mathsf{flagsOrchard} \pmod{\ParamP{q}} \,\big]$, \\[0.5ex]
|
||||
where $\mathsf{flagsOrchard} = 2 \mult \enableOutputs + \enableSpends$. \\[1ex]
|
||||
(Recall from \crossref{notation} that ``$\!\!\pmod{\ParamP{q}}$'' converts an integer into a $\GF{\ParamP{q}}$
|
||||
element in the obvious way.)
|
||||
\item \xPrimary and \auxiliaryInputs \MUST be constrained to have the types specified.
|
||||
In particular, $\DiversifiedTransmitBaseOld$ cannot be $\ZeroP$.
|
||||
The $\ValueCommitOutput{Orchard}$ and $\SpendAuthSigPublic{Orchard}$ types represent
|
||||
|
|
@ -10795,6 +10804,16 @@ $\abstG{}\Of{P\Repr}$ is computed as follows:
|
|||
\vspace{-1ex}
|
||||
Let $\GroupP$, $\ZeroP$, $\ParamP{q}$, and $\ParamP{b}$ be as defined in \crossref{pallasandvesta}.
|
||||
|
||||
Define $\Selectx \typecolon \GroupP \rightarrow \GF{\ParamP{q}}$ and $\Selecty \typecolon \GroupP \rightarrow \GF{\ParamP{q}}$ such that:
|
||||
|
||||
\vspace{-1ex}
|
||||
\begin{formulae}
|
||||
\item $\Selectx\big(\ZeroP\big) = 0$
|
||||
\item $\Selectx\big((x, y)\big) = x$
|
||||
\item $\Selecty\big(\ZeroP\big) = 0$
|
||||
\item $\Selecty\big((x, y)\big) = y$.
|
||||
\end{formulae}
|
||||
|
||||
Define $\GroupPstarx$ as the set of $x$-coordinates (as integers) of points on the \pallasCurve, i.e.
|
||||
|
||||
\vspace{-1ex}
|
||||
|
|
@ -10810,8 +10829,7 @@ Define $\ExtractP \typecolon \GroupP \rightarrow \GroupPx$ such that
|
|||
|
||||
\vspace{-1ex}
|
||||
\begin{formulae}
|
||||
\item $\ExtractP\big(\ZeroP\big) = 0$
|
||||
\item $\ExtractP\big((x, y)\big) = x \bmod \ParamP{q}$.
|
||||
\item $\ExtractP(P) = \Selectx(P) \bmod \ParamP{q}$.
|
||||
\end{formulae}
|
||||
|
||||
\vspace{-1ex}
|
||||
|
|
@ -14337,6 +14355,12 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
|||
|
||||
\historyentry{2021.2.3}{}
|
||||
\begin{itemize}
|
||||
\nufive{
|
||||
\item Specify (as a note in \crossref{actionstatement}) the encoding of \primaryInputs
|
||||
to the \actionCircuit. This uses new helper functions $\Selectx$ and $\Selecty$ defined
|
||||
in \crossref{concreteextractorpallas}. The specification of $\ExtractP$ has also been
|
||||
refactored to use $\Selectx$ (this does not change the \Orchard protocol).
|
||||
} %nufive
|
||||
\item Move the section on abstraction (previously section 5.1) to \crossref{abstractprotocol}.
|
||||
Section 5.2 has been split into two (\crossref{endian} and \crossref{bitlayout}) to
|
||||
avoid renumbering later subsections.
|
||||
|
|
|
|||
Loading…
Reference in New Issue