zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Specify (as a note in \crossref{actionstatement}) the encoding of primary inputs to the action circuit. 

This uses new helper functions $\Selectx$ and $\Selecty$ defined in \crossref{concreteextractorpallas}.
The specification of Extract_P has also been refactored to use $\Selectx$ (this does not change the Orchard protocol).

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2021-06-04 20:55:23 +01:00
parent 6a0c15df29
commit 5fa8a60b08
1 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
protocol/protocol.tex
View File

@ -2077,6 +2077,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\Generator}{\mathcal{P}} \newcommand{\Generator}{\mathcal{P}}
\newcommand{\Selectu}{\scalebox{1.53}{$u$}} \newcommand{\Selectu}{\scalebox{1.53}{$u$}}
\newcommand{\Selectv}{\scalebox{1.53}{$\varv$}} \newcommand{\Selectv}{\scalebox{1.53}{$\varv$}}
\newcommand{\Selectx}{\scalebox{1.53}{$x$}}
\newcommand{\Selecty}{\scalebox{1.53}{$y$}}
\newcommand{\subgroupr}{(\kern-0.075emr\kern-0.075em)} \newcommand{\subgroupr}{(\kern-0.075emr\kern-0.075em)}
\newcommand{\Extract}{\mathsf{Extract}} \newcommand{\Extract}{\mathsf{Extract}}
\newcommand{\GroupHash}{\mathsf{GroupHash}} \newcommand{\GroupHash}{\mathsf{GroupHash}}
@ -6957,10 +6959,10 @@ Let $\ValueCommitAlg{Orchard}$, $\NoteCommitAlg{Orchard}$, and $\CommitIvkAlg$ b
Let $\SpendAuthSig{Orchard}$ be as defined in \crossref{concretespendauthsig}. Let $\SpendAuthSig{Orchard}$ be as defined in \crossref{concretespendauthsig}.
\vspace{-0.25ex} \vspace{-0.25ex}
Let $\GroupP$, $\GroupPstar$, $\GroupPx$, $\reprP$, $\ParamP{q}$, and $\ParamP{r}$ be as defined in \crossref{pallasandvesta}. Let $\GroupP$, $\GroupPstar$, $\reprP$, $\ParamP{q}$, and $\ParamP{r}$ be as defined in \crossref{pallasandvesta}.
\vspace{-0.25ex} \vspace{-0.25ex}
Let $\ExtractP$ and $\ExtractPbot$ be as defined in \crossref{concreteextractorpallas}. Let $\Selectx$, $\Selecty$, $\GroupPx$, $\ExtractP$, and $\ExtractPbot$ be as defined in \crossref{concreteextractorpallas}.
\vspace{-0.25ex} \vspace{-0.25ex}
Let $\DeriveNullifierAlg$ be as defined in \crossref{commitmentsandnullifiers}. Let $\DeriveNullifierAlg$ be as defined in \crossref{commitmentsandnullifiers}.
@ -7055,6 +7057,13 @@ $\vNew{} = 0$ or $\enableOutputs = 1$.
For details of the form and encoding of \actionStatement proofs, see \crossref{halo2}. For details of the form and encoding of \actionStatement proofs, see \crossref{halo2}.
\begin{pnotes} \begin{pnotes}
\item The \primaryInputs are encoded as the following sequence of type $\typeexp{\GF{\ParamP{q}}}{8}$: \\
$\big[\,\rt{Orchard} \pmod{\ParamP{q}}, \Selectx\Of{\cvNet{}}, \Selecty\Of{\cvNet{}},
\nfOld{} \pmod{\ParamP{q}}, \Selectx\Of{\AuthSignRandomizedPublic}, \Selecty\Of{\AuthSignRandomizedPublic},
\cmX \!\pmod{\ParamP{q}}, \mathsf{flagsOrchard} \pmod{\ParamP{q}} \,\big]$, \\[0.5ex]
where $\mathsf{flagsOrchard} = 2 \mult \enableOutputs + \enableSpends$. \\[1ex]
(Recall from \crossref{notation} that ``$\!\!\pmod{\ParamP{q}}$'' converts an integer into a $\GF{\ParamP{q}}$
element in the obvious way.)
\item \xPrimary and \auxiliaryInputs \MUST be constrained to have the types specified. \item \xPrimary and \auxiliaryInputs \MUST be constrained to have the types specified.
In particular, $\DiversifiedTransmitBaseOld$ cannot be $\ZeroP$. In particular, $\DiversifiedTransmitBaseOld$ cannot be $\ZeroP$.
The $\ValueCommitOutput{Orchard}$ and $\SpendAuthSigPublic{Orchard}$ types represent The $\ValueCommitOutput{Orchard}$ and $\SpendAuthSigPublic{Orchard}$ types represent
@ -10795,6 +10804,16 @@ $\abstG{}\Of{P\Repr}$ is computed as follows:
\vspace{-1ex} \vspace{-1ex}
Let $\GroupP$, $\ZeroP$, $\ParamP{q}$, and $\ParamP{b}$ be as defined in \crossref{pallasandvesta}. Let $\GroupP$, $\ZeroP$, $\ParamP{q}$, and $\ParamP{b}$ be as defined in \crossref{pallasandvesta}.
Define $\Selectx \typecolon \GroupP \rightarrow \GF{\ParamP{q}}$ and $\Selecty \typecolon \GroupP \rightarrow \GF{\ParamP{q}}$ such that:
\vspace{-1ex}
\begin{formulae}
\item $\Selectx\big(\ZeroP\big) = 0$
\item $\Selectx\big((x, y)\big) = x$
\item $\Selecty\big(\ZeroP\big) = 0$
\item $\Selecty\big((x, y)\big) = y$.
\end{formulae}
Define $\GroupPstarx$ as the set of $x$-coordinates (as integers) of points on the \pallasCurve, i.e. Define $\GroupPstarx$ as the set of $x$-coordinates (as integers) of points on the \pallasCurve, i.e.
\vspace{-1ex} \vspace{-1ex}
@ -10810,8 +10829,7 @@ Define $\ExtractP \typecolon \GroupP \rightarrow \GroupPx$ such that
\vspace{-1ex} \vspace{-1ex}
\begin{formulae} \begin{formulae}
\item $\ExtractP\big(\ZeroP\big) = 0$ \item $\ExtractP(P) = \Selectx(P) \bmod \ParamP{q}$.
\item $\ExtractP\big((x, y)\big) = x \bmod \ParamP{q}$.
\end{formulae} \end{formulae}
\vspace{-1ex} \vspace{-1ex}
@ -14337,6 +14355,12 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
\historyentry{2021.2.3}{} \historyentry{2021.2.3}{}
\begin{itemize} \begin{itemize}
\nufive{
\item Specify (as a note in \crossref{actionstatement}) the encoding of \primaryInputs
to the \actionCircuit. This uses new helper functions $\Selectx$ and $\Selecty$ defined
in \crossref{concreteextractorpallas}. The specification of $\ExtractP$ has also been
refactored to use $\Selectx$ (this does not change the \Orchard protocol).
} %nufive
\item Move the section on abstraction (previously section 5.1) to \crossref{abstractprotocol}. \item Move the section on abstraction (previously section 5.1) to \crossref{abstractprotocol}.
Section 5.2 has been split into two (\crossref{endian} and \crossref{bitlayout}) to Section 5.2 has been split into two (\crossref{endian} and \crossref{bitlayout}) to
avoid renumbering later subsections. avoid renumbering later subsections.