zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add a note to \crossref{merklepath} clarifying the encoding of rt^Sapling as a primary input to 

the Sapling spend circuit, and that non-canonical encodings are allowed as input to MerkleCRH^Sapling.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2021-05-18 20:39:42 +01:00
parent c5589648c1
commit 67cea8589a
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
protocol/protocol.tex
View File

@ -738,6 +738,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\randomOracleAdjective}{\termandindex{random-oracle}{random oracle}}
\newcommand{\nonCanonicalPoint}{\termandindex{non\hyp canonical}{non-canonical (compressed encoding of a point)}}
\newcommand{\nonCanonicalFieldElement}{\termandindex{non\hyp canonical}{non-canonical (encoding of a field element)}}
\newcommand{\nonCanonicallyFieldElement}{\termandindex{non\hyp canonically}{non-canonical (encoding of a field element)}}
\newcommand{\xDiscreteLogarithmProblem}{\term{Discrete Logarithm Problem}}
\newcommand{\xDiscreteLogarithm}{\termandindex{Discrete Logarithm}{Discrete Logarithm Problem}}
\newcommand{\xDecisionalDiffieHellmanProblem}{\term{Decisional Diffie--Hellman Problem}}
@ -5849,6 +5850,16 @@ where
Given such a \merklePath, it is possible to verify that \merkleLeafNode
$\MerkleNode{\MerkleDepth{}}{i}$ is in a tree with a given \merkleRoot $\rt{} = \MerkleNode{0}{0}$.
\sapling{
\pnote{
For \Sapling, Merkle \merkleHashes are specified to be encoded as bit sequences, but the
\merkleRoot $\rt{Sapling}$ is encoded for the \primaryInput of a \spendProof as an element
of $\GF{\ParamJ{q}}$, as specified in \crossref{cctsaplingspend}. The \spendCircuit allows
inputs to $\MerkleCRH{Sapling}$ at each \merkleNode to be \nonCanonicallyFieldElement encoded,
as specified in \crossref{cctmerklepath}.
} %pnote
} %sapling
\lsubsection{SIGHASH Transaction Hashing}{sighash}
@ -14300,9 +14311,11 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
\nufive{
\item Correct the size of \vActionsOrchard{} in \crossref{txnencodingandconsensus}.
} %nufive
\notnufive{
\item No changes before \NUFive.
} %notnufive
\sapling{
\item Add a note to \crossref{merklepath} clarifying the encoding of $\rt{Sapling}$
as a \primaryInput to the \Sapling \spendCircuit, and that \nonCanonicalFieldElement
encodings are allowed as input to $\MerkleCRH{Sapling}$.
} %sapling
\end{itemize}