From 5fa8a60b087b86a6e6663b55f422bb9ca65d647d Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Fri, 4 Jun 2021 20:55:23 +0100 Subject: [PATCH] Specify (as a note in \crossref{actionstatement}) the encoding of primary inputs to the action circuit. This uses new helper functions $\Selectx$ and $\Selecty$ defined in \crossref{concreteextractorpallas}. The specification of Extract_P has also been refactored to use $\Selectx$ (this does not change the Orchard protocol). Signed-off-by: Daira Hopwood --- protocol/protocol.tex | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/protocol/protocol.tex b/protocol/protocol.tex index fa73497a..abd7dc4b 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -2077,6 +2077,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\Generator}{\mathcal{P}} \newcommand{\Selectu}{\scalebox{1.53}{$u$}} \newcommand{\Selectv}{\scalebox{1.53}{$\varv$}} +\newcommand{\Selectx}{\scalebox{1.53}{$x$}} +\newcommand{\Selecty}{\scalebox{1.53}{$y$}} \newcommand{\subgroupr}{(\kern-0.075emr\kern-0.075em)} \newcommand{\Extract}{\mathsf{Extract}} \newcommand{\GroupHash}{\mathsf{GroupHash}} @@ -6957,10 +6959,10 @@ Let $\ValueCommitAlg{Orchard}$, $\NoteCommitAlg{Orchard}$, and $\CommitIvkAlg$ b Let $\SpendAuthSig{Orchard}$ be as defined in \crossref{concretespendauthsig}. \vspace{-0.25ex} -Let $\GroupP$, $\GroupPstar$, $\GroupPx$, $\reprP$, $\ParamP{q}$, and $\ParamP{r}$ be as defined in \crossref{pallasandvesta}. +Let $\GroupP$, $\GroupPstar$, $\reprP$, $\ParamP{q}$, and $\ParamP{r}$ be as defined in \crossref{pallasandvesta}. \vspace{-0.25ex} -Let $\ExtractP$ and $\ExtractPbot$ be as defined in \crossref{concreteextractorpallas}. +Let $\Selectx$, $\Selecty$, $\GroupPx$, $\ExtractP$, and $\ExtractPbot$ be as defined in \crossref{concreteextractorpallas}. \vspace{-0.25ex} Let $\DeriveNullifierAlg$ be as defined in \crossref{commitmentsandnullifiers}. @@ -7055,6 +7057,13 @@ $\vNew{} = 0$ or $\enableOutputs = 1$. For details of the form and encoding of \actionStatement proofs, see \crossref{halo2}. \begin{pnotes} + \item The \primaryInputs are encoded as the following sequence of type $\typeexp{\GF{\ParamP{q}}}{8}$: \\ + $\big[\,\rt{Orchard} \pmod{\ParamP{q}}, \Selectx\Of{\cvNet{}}, \Selecty\Of{\cvNet{}}, + \nfOld{} \pmod{\ParamP{q}}, \Selectx\Of{\AuthSignRandomizedPublic}, \Selecty\Of{\AuthSignRandomizedPublic}, + \cmX \!\pmod{\ParamP{q}}, \mathsf{flagsOrchard} \pmod{\ParamP{q}} \,\big]$, \\[0.5ex] + where $\mathsf{flagsOrchard} = 2 \mult \enableOutputs + \enableSpends$. \\[1ex] + (Recall from \crossref{notation} that ``$\!\!\pmod{\ParamP{q}}$'' converts an integer into a $\GF{\ParamP{q}}$ + element in the obvious way.) \item \xPrimary and \auxiliaryInputs \MUST be constrained to have the types specified. In particular, $\DiversifiedTransmitBaseOld$ cannot be $\ZeroP$. The $\ValueCommitOutput{Orchard}$ and $\SpendAuthSigPublic{Orchard}$ types represent @@ -10795,6 +10804,16 @@ $\abstG{}\Of{P\Repr}$ is computed as follows: \vspace{-1ex} Let $\GroupP$, $\ZeroP$, $\ParamP{q}$, and $\ParamP{b}$ be as defined in \crossref{pallasandvesta}. +Define $\Selectx \typecolon \GroupP \rightarrow \GF{\ParamP{q}}$ and $\Selecty \typecolon \GroupP \rightarrow \GF{\ParamP{q}}$ such that: + +\vspace{-1ex} +\begin{formulae} + \item $\Selectx\big(\ZeroP\big) = 0$ + \item $\Selectx\big((x, y)\big) = x$ + \item $\Selecty\big(\ZeroP\big) = 0$ + \item $\Selecty\big((x, y)\big) = y$. +\end{formulae} + Define $\GroupPstarx$ as the set of $x$-coordinates (as integers) of points on the \pallasCurve, i.e. \vspace{-1ex} @@ -10810,8 +10829,7 @@ Define $\ExtractP \typecolon \GroupP \rightarrow \GroupPx$ such that \vspace{-1ex} \begin{formulae} - \item $\ExtractP\big(\ZeroP\big) = 0$ - \item $\ExtractP\big((x, y)\big) = x \bmod \ParamP{q}$. + \item $\ExtractP(P) = \Selectx(P) \bmod \ParamP{q}$. \end{formulae} \vspace{-1ex} @@ -14337,6 +14355,12 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}. \historyentry{2021.2.3}{} \begin{itemize} +\nufive{ + \item Specify (as a note in \crossref{actionstatement}) the encoding of \primaryInputs + to the \actionCircuit. This uses new helper functions $\Selectx$ and $\Selecty$ defined + in \crossref{concreteextractorpallas}. The specification of $\ExtractP$ has also been + refactored to use $\Selectx$ (this does not change the \Orchard protocol). +} %nufive \item Move the section on abstraction (previously section 5.1) to \crossref{abstractprotocol}. Section 5.2 has been split into two (\crossref{endian} and \crossref{bitlayout}) to avoid renumbering later subsections.