zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cosmetics. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2022-01-19 18:01:49 +00:00
parent dcc5532d61
commit 6c32c7c7ea
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
protocol/protocol.tex
View File

@ -5978,6 +5978,7 @@ $\MerkleNode{\MerkleDepth{}}{i}$ is in a tree with a given \merkleRoot $\rt{} =
} %sapling } %sapling
\introsection
\lsubsection{SIGHASH Transaction Hashing}{sighash} \lsubsection{SIGHASH Transaction Hashing}{sighash}
\Bitcoin and \Zcash use signatures and/or non-interactive proofs associated \Bitcoin and \Zcash use signatures and/or non-interactive proofs associated
@ -6063,6 +6064,7 @@ undefined bits of a \sighashType encoding were ignored.)}
} %nufive } %nufive
\introsection
\lsubsection{Non-malleability (\SproutText)}{sproutnonmalleability} \lsubsection{Non-malleability (\SproutText)}{sproutnonmalleability}
Let $\dataToBeSigned$ be the hash of the \transaction{}, not associated with an input, Let $\dataToBeSigned$ be the hash of the \transaction{}, not associated with an input,
@ -14108,6 +14110,7 @@ A side benefit is that this reduces the cost of computing the
evaluations needed to compute each \noteCommitment from three to two, evaluations needed to compute each \noteCommitment from three to two,
saving a total of four \shaCompress evaluations in the \joinSplitStatement. saving a total of four \shaCompress evaluations in the \joinSplitStatement.
\vspace{-1ex}
\sproutspecificpnote{ \sproutspecificpnote{
The full \shaHash algorithm is used for $\NoteCommitAlg{Sprout}$, with randomness The full \shaHash algorithm is used for $\NoteCommitAlg{Sprout}$, with randomness
appended after the commitment input. The commitment input can be split into two appended after the commitment input. The commitment input can be split into two
@ -14128,6 +14131,7 @@ about the Merkle--Damgård structure \cite{Damgard1989} of \shaHash causing any
security problem for $\NoteCommitAlg{Sprout}$. security problem for $\NoteCommitAlg{Sprout}$.
} %sproutspecificpnote } %sproutspecificpnote
\vspace{-1ex}
\sproutspecificpnote{ \sproutspecificpnote{
\Sprout \noteCommitments are not statistically \hiding, so for \Sprout notes, \Sprout \noteCommitments are not statistically \hiding, so for \Sprout notes,
\Zcash does not support the ``everlasting anonymity'' property described in \Zcash does not support the ``everlasting anonymity'' property described in
@ -14136,8 +14140,9 @@ While it is possible to define a statistically \hiding, computationally \binding
\commitmentScheme for this use at a 128-bit security level, the overhead of \commitmentScheme for this use at a 128-bit security level, the overhead of
doing so within the \joinSplitStatement was not considered to justify the doing so within the \joinSplitStatement was not considered to justify the
benefits. benefits.
} } %sproutspecificpnote
\vspace{1ex}
\saplingonward{ \saplingonward{
In \Sapling, \xPedersenOrSinsemillaCommitments are used instead of \shaCompress. In \Sapling, \xPedersenOrSinsemillaCommitments are used instead of \shaCompress.
These commitments are statistically \hiding, and so ``everlasting anonymity'' These commitments are statistically \hiding, and so ``everlasting anonymity''
@ -14145,7 +14150,7 @@ is supported for \SaplingAndOrchard notes under the same conditions as in \Zeroc
(by the protocol, not necessarily by \zcashd). Note that (by the protocol, not necessarily by \zcashd). Note that
\diversifiedPaymentAddresses can be linked if the \xDecisionalDiffieHellmanProblem \diversifiedPaymentAddresses can be linked if the \xDecisionalDiffieHellmanProblem
on the \jubjubCurve\nufive{ or the \pallasCurve} can be broken. on the \jubjubCurve\nufive{ or the \pallasCurve} can be broken.
} } %saplingonward
\lsubsection{Changes to PRF inputs and truncation}{truncation} \lsubsection{Changes to PRF inputs and truncation}{truncation}