zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Specify a check on the order of pi_B in a zk-proof. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2016-12-19 20:28:14 +00:00
parent 667947088b
commit 60b787eed4
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
protocol/protocol.tex
View File

@ -2719,7 +2719,9 @@ verifier \MUST check, for the encoding of each element, that:
\item the lead byte is of the required form;
\item the remaining bytes encode a big-endian representation of an integer
in $\range{0}{q\!-\!1}$ or (in the case of $\Proof_B$) $\range{0}{q^2\!-\!1}$;
\item the encoding represents a point on the relevant curve.
\item the encoding represents a point on the relevant curve;
\item in the case of $\Proof_B$, that the point is of order $r$ (and hence in
the subgroup $\GroupG{2}$).
\end{itemize}
\nsubsection{\JoinSplitParameters} \label{jsparameters}
@ -3679,6 +3681,12 @@ The errors in the proof of Ledger Indistinguishability mentioned in
\nsection{Change history}
\subparagraph{2016.0-beta-1.11}
\begin{itemize}
\item Specify a check on the order of $\Proof_B$ in a \zeroKnowledgeProof.
\end{itemize}
\subparagraph{2016.0-beta-1.10}
\begin{itemize}