mirror of https://github.com/zcash/zips.git
Cosmetics.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
dc81e21c2b
commit
691922ebd1
|
@ -1113,7 +1113,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
||||||
\newcommand{\TransmitCiphertext}[1]{\Ctext^\enc_{#1}}
|
\newcommand{\TransmitCiphertext}[1]{\Ctext^\enc_{#1}}
|
||||||
\newcommand{\TransmitKey}[1]{\Key^\enc_{#1}}
|
\newcommand{\TransmitKey}[1]{\Key^\enc_{#1}}
|
||||||
\newcommand{\OutCiphertext}{\Ctext^\mathsf{out}}
|
\newcommand{\OutCiphertext}{\Ctext^\mathsf{out}}
|
||||||
\newcommand{\Extractor}[1]{\mathcal{E}_{#1}}
|
\newcommand{\Extractor}[1]{\mathcal{E}_{\kern-0.05em{#1}}}
|
||||||
\newcommand{\Adversary}{\mathcal{A}}
|
\newcommand{\Adversary}{\mathcal{A}}
|
||||||
\newcommand{\Oracle}{\mathsf{O}}
|
\newcommand{\Oracle}{\mathsf{O}}
|
||||||
\newcommand{\CryptoBoxSeal}{\mathsf{crypto\_box\_seal}}
|
\newcommand{\CryptoBoxSeal}{\mathsf{crypto\_box\_seal}}
|
||||||
|
@ -6724,7 +6724,7 @@ Define $\RedDSAVerify{} \typecolon (\vk \typecolon \RedDSAPublic) \times (M \typ
|
||||||
let $\RedDSAReprS{}$ be the remaining $\ceiling{\bitlength(\ParamG{r})/8}$ bytes.
|
let $\RedDSAReprS{}$ be the remaining $\ceiling{\bitlength(\ParamG{r})/8}$ bytes.
|
||||||
\item Let $\RedDSASigR{} = \abstG{}\big(\LEOStoBSP{\ellG{}}(\RedDSAReprR{})\kern-0.15em\big)$, and
|
\item Let $\RedDSASigR{} = \abstG{}\big(\LEOStoBSP{\ellG{}}(\RedDSAReprR{})\kern-0.15em\big)$, and
|
||||||
let $\RedDSASigS{} = \LEOStoIP{8 \mult \length(\RedDSAReprS{})}(\RedDSAReprS{})$.
|
let $\RedDSASigS{} = \LEOStoIP{8 \mult \length(\RedDSAReprS{})}(\RedDSAReprS{})$.
|
||||||
\item Let $\vkBytes{} = \LEBStoOSPOf{\ellG{}}{\reprG{}\Of{\vk}}$.
|
\item Let $\vkBytes{} = \LEBStoOSPOf{\ellG{}}{\reprG{}\Of{\vk}\kern 0.03em}$.
|
||||||
\vspace{-0.5ex}
|
\vspace{-0.5ex}
|
||||||
\item Let $\RedDSASigc{} = \RedDSAHashToScalar(\RedDSAReprR{} \bconcat \vkBytes{} \bconcat M)$.
|
\item Let $\RedDSASigc{} = \RedDSAHashToScalar(\RedDSAReprR{} \bconcat \vkBytes{} \bconcat M)$.
|
||||||
\vspace{0.5ex}
|
\vspace{0.5ex}
|
||||||
|
@ -9779,9 +9779,9 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
||||||
\item Correct some uses of $\ParamJ{r}$ that should have been $\ParamS{r}$ or $q$.
|
\item Correct some uses of $\ParamJ{r}$ that should have been $\ParamS{r}$ or $q$.
|
||||||
\item Correct uses of $\LEOStoIP{\ell}$ in $\RedDSAVerify{}$ and $\RedDSABatchVerify{}$
|
\item Correct uses of $\LEOStoIP{\ell}$ in $\RedDSAVerify{}$ and $\RedDSABatchVerify{}$
|
||||||
to ensure that $\ell$ is a multiple of $8$ as required.
|
to ensure that $\ell$ is a multiple of $8$ as required.
|
||||||
\item Minor changes to avoid clashing notation, affecting extractors
|
\item Minor changes to avoid clashing notation for
|
||||||
$\Extractor{\Adversary}$, Edwards curves $\Edwards{a,d}$, and Montgomery curves
|
Edwards curves $\Edwards{a,d}$, Montgomery curves $\Montgomery{A,B}$, and
|
||||||
$\Montgomery{A,B}$.
|
extractors $\Extractor{\Adversary}$.
|
||||||
} %sapling
|
} %sapling
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
||||||
|
@ -9793,7 +9793,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
||||||
\item No changes to \Sprout.
|
\item No changes to \Sprout.
|
||||||
\sapling{
|
\sapling{
|
||||||
\item Give an informal security argument for Unlinkability of \diversifiedPaymentAddresses
|
\item Give an informal security argument for Unlinkability of \diversifiedPaymentAddresses
|
||||||
based on to reduction to \keyPrivacy of ElGamal encryption, for which a security proof
|
based on reduction to \keyPrivacy of ElGamal encryption, for which a security proof
|
||||||
is given in \cite{BBDP2001}. (This argument has gaps which will be addressed in a future
|
is given in \cite{BBDP2001}. (This argument has gaps which will be addressed in a future
|
||||||
version.)
|
version.)
|
||||||
\item Add a reference to \cite{BGM2018} for the \Sapling \zkSNARK parameters.
|
\item Add a reference to \cite{BGM2018} for the \Sapling \zkSNARK parameters.
|
||||||
|
@ -11316,7 +11316,7 @@ implement the affine-Montgomery addition $P_1 + P_2 = (x_3, y_3)$ for all such $
|
||||||
|
|
||||||
\begin{proof}
|
\begin{proof}
|
||||||
The given constraints are equivalent to the Montgomery addition formulae
|
The given constraints are equivalent to the Montgomery addition formulae
|
||||||
under the side condition $x_1 \neq x_2$. (Note that neither $P_i$ can be
|
under the side condition that $x_1 \neq x_2$. (Note that neither $P_i$ can be
|
||||||
the zero point since $k_\barerange{1}{2} \neq 0 \pmod s$.)
|
the zero point since $k_\barerange{1}{2} \neq 0 \pmod s$.)
|
||||||
Assume for a contradiction that $x_1 = x_2$. For any
|
Assume for a contradiction that $x_1 = x_2$. For any
|
||||||
$P_1 = \scalarmult{k_1}{Q}$, there can be only one other point $-P_1$ with
|
$P_1 = \scalarmult{k_1}{Q}$, there can be only one other point $-P_1$ with
|
||||||
|
@ -11993,7 +11993,7 @@ Check & Implements & \heading{Cost} & Reference \\
|
||||||
& \textbf{Diversified address integrity} & 392 & \shortcrossref{ccteddecompressvalidate} \\ \hline
|
& \textbf{Diversified address integrity} & 392 & \shortcrossref{ccteddecompressvalidate} \\ \hline
|
||||||
$\AuthProvePublicRepr = \reprJ(\AuthProvePublic)$
|
$\AuthProvePublicRepr = \reprJ(\AuthProvePublic)$
|
||||||
& \textbf{Nullifier integrity} & 392 & \shortcrossref{ccteddecompressvalidate} \\ \hline
|
& \textbf{Nullifier integrity} & 392 & \shortcrossref{ccteddecompressvalidate} \\ \hline
|
||||||
$\InViewingKeyRepr = \ItoLEBSP{251}\big(\CRHivk(\AuthSignPublic, \AuthProvePublic)\big)\;\dagger$
|
$\InViewingKeyRepr = \ItoLEBSP{251}\big(\CRHivk(\AuthSignPublic, \AuthProvePublic)\kern-0.08em\big)\;\dagger$
|
||||||
& \textbf{Diversified address integrity} & 21262 & \shortcrossref{cctblake2s} \\ \hline
|
& \textbf{Diversified address integrity} & 21262 & \shortcrossref{cctblake2s} \\ \hline
|
||||||
$\DiversifiedTransmitBase$ is on the curve
|
$\DiversifiedTransmitBase$ is on the curve
|
||||||
& $\DiversifiedTransmitBase \typecolon \GroupJ$ & 4 & \shortcrossref{cctedvalidate} \\ \hline
|
& $\DiversifiedTransmitBase \typecolon \GroupJ$ & 4 & \shortcrossref{cctedvalidate} \\ \hline
|
||||||
|
@ -12014,7 +12014,7 @@ Check & Implements & \heading{Cost} & Reference \\
|
||||||
& \textbf{Note commitment integrity} & ? & \shortcrossref{cctwindowedcommit} ($\ell = 576$) \\ \hline
|
& \textbf{Note commitment integrity} & ? & \shortcrossref{cctwindowedcommit} ($\ell = 576$) \\ \hline
|
||||||
$\cmURepr = \ExtractJ(\cm)$
|
$\cmURepr = \ExtractJ(\cm)$
|
||||||
& \textbf{Merkle path validity} & 0 & \\ \cline{1-1}\cline{3-4}
|
& \textbf{Merkle path validity} & 0 & \\ \cline{1-1}\cline{3-4}
|
||||||
$\rt'$ is the root of a Merkle tree with leaf $\cmU$ and authentication path $(\TreePath{}, \NotePositionRepr)$
|
\raggedright $\rt'$ is the root of a Merkle tree with leaf $\cmU$, and authentication path $(\TreePath{}, \NotePositionRepr)$
|
||||||
& & 32 \mult 1369 & \shortcrossref{cctmerklepath} \\ \cline{1-1}\cline{3-4}
|
& & 32 \mult 1369 & \shortcrossref{cctmerklepath} \\ \cline{1-1}\cline{3-4}
|
||||||
$\NotePositionRepr = \ItoLEBSPOf{\MerkleDepthSapling}{\NotePosition}$
|
$\NotePositionRepr = \ItoLEBSPOf{\MerkleDepthSapling}{\NotePosition}$
|
||||||
& & 1 & \shortcrossref{cctmodpack} \\ \cline{1-1}\cline{3-4}
|
& & 1 & \shortcrossref{cctmodpack} \\ \cline{1-1}\cline{3-4}
|
||||||
|
|
Loading…
Reference in New Issue