diff --git a/protocol/Makefile b/protocol/Makefile index fd43392f..6da353d4 100644 --- a/protocol/Makefile +++ b/protocol/Makefile @@ -93,6 +93,7 @@ nolatexmk-sprout: biber sprout $(LATEX) -jobname=sprout protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=sprout protocol.tex || { touch incremental_merkle.png; exit 1; } + sh mymakeindex.sh -o sprout.ind sprout.idx $(LATEX) -jobname=sprout protocol.tex || { touch incremental_merkle.png; exit 1; } .PHONY: nolatexmk-sapling @@ -104,6 +105,7 @@ nolatexmk-sapling: biber sapling $(LATEX) -jobname=sapling protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=sapling protocol.tex || { touch incremental_merkle.png; exit 1; } + sh mymakeindex.sh -o sapling.ind sapling.idx $(LATEX) -jobname=sapling protocol.tex || { touch incremental_merkle.png; exit 1; } .PHONY: nolatexmk-blossom @@ -115,6 +117,7 @@ nolatexmk-blossom: biber blossom $(LATEX) -jobname=blossom protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=blossom protocol.tex || { touch incremental_merkle.png; exit 1; } + sh mymakeindex.sh -o blossom.ind blossom.idx $(LATEX) -jobname=blossom protocol.tex || { touch incremental_merkle.png; exit 1; } .PHONY: html @@ -129,10 +132,13 @@ clean: rm -f aux/* html/* protocol.ver \ sprout.dvi sprout.pdf sprout.bbl sprout.blg sprout.brf sprout.toc \ sprout.aux sprout.out sprout.log sprout.bcf sprout.run.xml sprout.fls sprout.fdb_latexmk \ + sprout.idx sprout.ilg sprout.ind sprout.ind.original \ sapling.dvi sapling.pdf sapling.bbl sapling.blg sapling.brf sapling.toc \ sapling.aux sapling.out sapling.log sapling.bcf sapling.run.xml sapling.fls sapling.fdb_latexmk \ + sapling.idx sapling.ilg sapling.ind sapling.ind.original \ blossom.dvi blossom.pdf blossom.bbl blossom.blg blossom.brf blossom.toc \ - blossom.aux blossom.out blossom.log blossom.bcf blossom.run.xml blossom.fls blossom.fdb_latexmk + blossom.aux blossom.out blossom.log blossom.bcf blossom.run.xml blossom.fls blossom.fdb_latexmk \ + blossom.idx blossom.ilg blossom.ind blossom.ind.original .PHONY: optsprout optsprout: diff --git a/protocol/README.rst b/protocol/README.rst index 97cc62e3..3f31c0d9 100644 --- a/protocol/README.rst +++ b/protocol/README.rst @@ -7,7 +7,7 @@ Build dependencies on Debian-based systems include, at least: .. code:: apt-get install texlive texlive-science texlive-fonts-extra \ - texlive-generic-recommended texlive-bibtex-extra biber latexmk + texlive-generic-recommended texlive-bibtex-extra biber latexmk perl To use the targets described under "Optimizing PDF size", you will also need the `ghostscript`, `extractpdfmark`, and `awk` packages. diff --git a/protocol/latexmkrc b/protocol/latexmkrc new file mode 100644 index 00000000..14e930b4 --- /dev/null +++ b/protocol/latexmkrc @@ -0,0 +1 @@ +$makeindex = 'sh mymakeindex.sh -o %D %O %S'; diff --git a/protocol/mymakeindex.sh b/protocol/mymakeindex.sh new file mode 100755 index 00000000..13f3b419 --- /dev/null +++ b/protocol/mymakeindex.sh @@ -0,0 +1,29 @@ +#!/bin/sh +set -e +makeindex $* + +# We want to change things like: +# \hyperindexformat{\definingstyle}{17}, +# \hyperindexformat{\normalstyle}{17}, +# to just +# \hyperindexformat{\definingstyle}{17}, +# +# and change: +# \hyperindexformat{\definingstyle}{17}, +# \hyperindexformat{\normalstyle}{17, 18}, +# to +# \hyperindexformat{\definingstyle}{17}, +# \hyperindexformat{\normalstyle}{18}, +# +# and change: +# \hyperindexformat{\definingstyle}{17}, +# \hyperindexformat{\normalstyle}{17--19}, +# to +# \hyperindexformat{\definingstyle}{17}, +# \hyperindexformat{\normalstyle}{\increment{17}--19}, + +echo Postprocessing index file "$2"... +perl -i.original -p0e 's/(?s)(\\hyperindexformat[{]\\definingstyle[}][{])(\d+)[}],\s*.\s*\\hyperindexformat[{]\\normalstyle[}][{]\2[}]/\1\2}/sg' "$2" +perl -i -p0e 's/(?s)(\\hyperindexformat[{]\\definingstyle[}][{])(\d+)([}],\s*.\s*\\hyperindexformat[{]\\normalstyle[}][{])\2,\s*([\d,-\s]+[}])/\1\2\3\4/sg' "$2" +perl -i -p0e 's/(?s)(\\hyperindexformat[{]\\definingstyle[}][{])(\d+)([}],\s*.\s*\\hyperindexformat[{]\\normalstyle[}][{])\2--([\d,-\s]+[}])/\1\2\3\\increment{\2}--\4/sg' "$2" +#diff --context=3 "$2.original" "$2" diff --git a/protocol/protocol.tex b/protocol/protocol.tex index bf5df48e..b6459153 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -40,6 +40,15 @@ \usepackage{xstring} \usepackage[usenames,dvipsnames]{xcolor} +% Must be loaded before hyperref. +% noautomatic is used because either latexmk or the Makefile will take care of running +% mymakeindex.sh (which runs makeindex and then fixes duplicate page numbers). +\usepackage{imakeidx} +\makeindex[noautomatic,columnsep=2.5em] + +% This is used by mymakeindex.sh in some cases. +\newcommand{\increment}[1]{\the\numexpr #1+1\relax} + % The pdfa option has the side effect of preserving hyperlinks when the PDF is % processed by Ghostscript (an alternative way of doing that would be to use % -dPrinted=false on the Ghostscript command line). The resulting document will @@ -98,6 +107,12 @@ %\newcommand{\textbnx}[1]{{\fontseries{b}\selectfont #1}} \newcommand{\textbnx}[1]{\textbf{#1}} +% +\makeatletter +\def\@idxitem{\par\vspace{0.75ex plus 0.1ex minus 0.1ex}\hangindent 4em} +\def\subitem{\par\hangindent 6.5em \hspace*{2.5em}} +\def\subsubitem{\par\hangindent 9em \hspace*{5em}} +\makeatother \crefformat{footnote}{#2\footnotemark[#1]#3} @@ -479,28 +494,67 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg % Terminology -\newcommand{\term}[1]{\textsl{#1}\kern 0.05em\xspace} -\newcommand{\titleterm}[1]{#1} -\newcommand{\termbf}[1]{\textbf{#1}\xspace} -\newcommand{\quotedterm}[1]{``~\!\!\term{#1}''} -\newcommand{\conformance}[1]{\textbnx{#1}\xspace} +\newcommand{\indextype}{normalstyle} +\newcommand{\normalstyle}[1]{#1} +\newcommand{\definingstyle}[1]{\textit{\textbf{#1}}\kern 0.05em} +\newcommand{\defining}[1]{{\renewcommand{\indextype}{definingstyle}#1}} -\newcommand{\Zcash}{\termbf{Zcash}} +% The arguments are: {link_as_formatted}{index_sort_key}{index_as_formatted}. +% +% \index goes after the term so that the page reference is correct if at the start of a page (see +% , +% although our solution is different). +% The method of linking to the index is inspired by . +% \texorpdfstring doesn't actually work here other than to cause an error if we would end up with a +% link in a heading, rather than a hang. +\newcommand{\indexlink}[3]{\texorpdfstring{\hypersetup{pdfborderstyle=/W 0}\hyperlink{index:#2}{#1}% +\hypersetup{pdfborderstyle={/S/U/W 0.7}}\index{#2@{\protect\hypertarget{index:#2}{}\linkstrut\smash{#3}}|\indextype}}{}\xspace} + +\newcommand{\rawterm}[1]{\textsl{#1}\kern 0.05em} +\newcommand{\termnoindex}[1]{\rawterm{#1}\xspace} +\newcommand{\termandindex}[2]{\indexlink{\rawterm{#1}}{#2}{#2}} +\newcommand{\term}[1]{\termandindex{#1}{#1}} +\newcommand{\terms}[1]{\termandindex{#1s}{#1}} +\newcommand{\termes}[1]{\termandindex{#1es}{#1}} +\newcommand{\termx}[1]{\termandindex{\MakeUppercase #1}{#1}} +\newcommand{\termxs}[1]{\termandindex{\MakeUppercase #1s}{#1}} +\newcommand{\termxes}[1]{\termandindex{\MakeUppercase #1es}{#1}} +\newcommand{\titleterm}[1]{#1} +\newcommand{\titleterms}[1]{#1s} +\newcommand{\titletermes}[1]{#1es} +\newcommand{\termbfnoindex}[1]{\textbf{#1}\xspace} +\newcommand{\termbf}[1]{\indexlink{\textbf{#1}}{#1}{\textbf{#1}}} +\newcommand{\termsf}[1]{\indexlink{\textsf{#1}}{#1}{\textsf{#1}}} +\newcommand{\conformance}[1]{\indexlink{\textbnx{#1}}{#1}{\textbnx{#1}}} +\newcommand{\quotedtermnoindex}[1]{``~\!\!\termnoindex{#1}''} +\newcommand{\quotedtermandindex}[2]{``~\!\!\termandindex{#1}{#2}''} +\newcommand{\quotedterm}[1]{``~\!\!\term{#1}''} +\newcommand{\definingquotedterm}[1]{\defining{\quotedterm{#1}}} + +\newcommand{\Zcash}{\termbfnoindex{Zcash}} \newcommand{\Zerocash}{\termbf{Zerocash}} +\newcommand{\ZerocashText}{\textbf{Zerocash}} \newcommand{\Sprout}{\termbf{Sprout}} +\newcommand{\SproutText}{\textbf{Sprout}} \newcommand{\SproutOrZcash}{\notsprout{\Sprout}\sprout{\Zcash}} \newcommand{\SproutOrNothing}{\notsprout{\Sprout}} +\newcommand{\SproutOrNothingText}{\notsprout{\SproutText}} \newcommand{\pSproutOrNothing}{\notsprout{ (\Sprout)}} +\newcommand{\pSproutOrNothingText}{\notsprout{ (\SproutText)}} \newcommand{\Overwinter}{\termbf{Overwinter}} +\newcommand{\OverwinterText}{\textbf{Overwinter}} \newcommand{\Sapling}{\termbf{Sapling}} +\newcommand{\SaplingText}{\textbf{Sapling}} \newcommand{\Blossom}{\termbf{Blossom}} +\newcommand{\BlossomText}{\textbf{Blossom}} \newcommand{\Bitcoin}{\termbf{Bitcoin}} +\newcommand{\BitcoinText}{\textbf{Bitcoin}} \newcommand{\CryptoNote}{\termbf{CryptoNote}} \newcommand{\Mimblewimble}{\termbf{Mimblewimble}} \newcommand{\Bulletproofs}{\termbf{Bulletproofs}} \newcommand{\ZEC}{\termbf{ZEC}} \newcommand{\zatoshi}{\term{zatoshi}} -\newcommand{\zcashd}{\textsf{zcashd}\,} +\newcommand{\zcashd}{\termsf{zcashd}} \newcommand{\MUST}{\conformance{MUST}} \newcommand{\MUSTNOT}{\conformance{MUST NOT}} @@ -514,80 +568,80 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\collisionResistance}{collision resistance } \newcommand{\keyPrivacy}{\term{key privacy}} -\newcommand{\xKeyPrivacy}{\term{Key privacy}} -\newcommand{\keyPrivate}{\term{key\hyp private}} -\newcommand{\xKeyPrivate}{\term{Key\hyp private}} +\newcommand{\xKeyPrivacy}{\termx{key privacy}} +\newcommand{\keyPrivate}{\termandindex{key\hyp private}{key privacy}} +\newcommand{\xKeyPrivate}{\termandindex{Key\hyp private}{key privacy}} \newcommand{\note}{\term{note}} -\newcommand{\notes}{\term{notes}} +\newcommand{\notes}{\terms{note}} \newcommand{\Note}{\titleterm{Note}} -\newcommand{\Notes}{\titleterm{Notes}} +\newcommand{\Notes}{\titleterms{Note}} \newcommand{\dummy}{\term{dummy}} \newcommand{\dummyNotes}{\term{dummy notes}} -\newcommand{\DummyNotes}{\titleterm{Dummy Notes}} +\newcommand{\DummyNotes}{\titleterms{Dummy Note}} \newcommand{\commitmentScheme}{\term{commitment scheme}} -\newcommand{\commitmentSchemes}{\term{commitment schemes}} +\newcommand{\commitmentSchemes}{\terms{commitment scheme}} \newcommand{\commitmentTrapdoor}{\term{commitment trapdoor}} -\newcommand{\commitmentTrapdoors}{\term{commitment trapdoors}} -\newcommand{\trapdoor}{\term{trapdoor}} \newcommand{\xCommitment}{\term{commitment}} +\newcommand{\commitmentTrapdoors}{\terms{commitment trapdoor}} +\newcommand{\trapdoor}{\termandindex{trapdoor}{trapdoor (of a commitment)}} \newcommand{\noteCommitment}{\term{note commitment}} -\newcommand{\noteCommitments}{\term{note commitments}} -\newcommand{\xNoteCommitments}{\term{Note commitments}} +\newcommand{\noteCommitments}{\terms{note commitment}} +\newcommand{\xNoteCommitments}{\termxs{note commitment}} \newcommand{\NoteCommitment}{\titleterm{Note Commitment}} -\newcommand{\NoteCommitments}{\titleterm{Note Commitments}} +\newcommand{\NoteCommitments}{\titleterms{Note Commitment}} \newcommand{\noteCommitmentTree}{\term{note commitment tree}} -\newcommand{\noteCommitmentTrees}{\term{note commitment trees}} -\newcommand{\NoteCommitmentTrees}{\titleterm{Note Commitment Trees}} +\newcommand{\noteCommitmentTrees}{\terms{note commitment tree}} +\newcommand{\NoteCommitmentTrees}{\titleterms{Note Commitment Tree}} \newcommand{\notePosition}{\term{note position}} -\newcommand{\notePositions}{\term{note positions}} +\newcommand{\notePositions}{\terms{note position}} \newcommand{\positionedNote}{\term{positioned note}} -\newcommand{\positionedNotes}{\term{positioned notes}} +\newcommand{\positionedNotes}{\terms{positioned note}} \newcommand{\noteTraceabilitySet}{\term{note traceability set}} -\newcommand{\noteTraceabilitySets}{\term{note traceability sets}} -\newcommand{\KeyComponents}{\titleterm{Key Components}} +\newcommand{\noteTraceabilitySets}{\terms{note traceability set}} +\newcommand{\KeyComponents}{\titleterms{Key Component}} \newcommand{\valueCommitment}{\term{value commitment}} -\newcommand{\valueCommitments}{\term{value commitments}} +\newcommand{\valueCommitments}{\terms{value commitment}} \newcommand{\valueCommitmentScheme}{\term{value commitment scheme}} \newcommand{\joinSplitDescription}{\term{JoinSplit description}} -\newcommand{\joinSplitDescriptions}{\term{JoinSplit descriptions}} -\newcommand{\JoinSplitDescriptions}{\titleterm{JoinSplit Descriptions}} -\newcommand{\sequenceOfJoinSplitDescriptions}{\changed{sequence of} \joinSplitDescription{}\kern -0.05em\changed{\term{s}}} +\newcommand{\joinSplitDescriptions}{\terms{JoinSplit description}} +\newcommand{\JoinSplitDescriptions}{\titleterms{JoinSplit Description}} +\newcommand{\sequenceOfJoinSplitDescriptions}{\changed{sequence of} \joinSplitDescription{}\kern -0.05em\changed{\textsl{s}}} \newcommand{\joinSplitTransfer}{\term{JoinSplit transfer}} -\newcommand{\joinSplitTransfers}{\term{JoinSplit transfers}} +\newcommand{\joinSplitTransfers}{\terms{JoinSplit transfer}} \newcommand{\JoinSplitTransfer}{\titleterm{JoinSplit Transfer}} -\newcommand{\JoinSplitTransfers}{\titleterm{JoinSplit Transfers}} +\newcommand{\JoinSplitTransfers}{\titleterms{JoinSplit Transfer}} \newcommand{\joinSplitSignature}{\term{JoinSplit signature}} -\newcommand{\joinSplitSignatures}{\term{JoinSplit signatures}} +\newcommand{\joinSplitSignatures}{\terms{JoinSplit signature}} \newcommand{\JoinSplitSignature}{\titleterm{JoinSplit Signature}} \newcommand{\joinSplitSigningKey}{\term{JoinSplit signing key}} \newcommand{\joinSplitVerifyingKey}{\term{JoinSplit verifying key}} \newcommand{\joinSplitCircuit}{\term{JoinSplit circuit}} \newcommand{\joinSplitStatement}{\term{JoinSplit statement}} -\newcommand{\joinSplitStatements}{\term{JoinSplit statements}} +\newcommand{\joinSplitStatements}{\terms{JoinSplit statement}} \newcommand{\JoinSplitStatement}{\titleterm{JoinSplit Statement}} \newcommand{\joinSplitProof}{\term{JoinSplit proof}} \newcommand{\shieldedTransfer}{\term{shielded transfer}} -\newcommand{\shieldedTransfers}{\term{shielded transfers}} +\newcommand{\shieldedTransfers}{\terms{shielded transfer}} \newcommand{\shieldedSpend}{\term{shielded spend}} -\newcommand{\shieldedSpends}{\term{shielded spends}} +\newcommand{\shieldedSpends}{\terms{shielded spend}} \newcommand{\shieldedInput}{\term{shielded input}} -\newcommand{\shieldedInputs}{\term{shielded inputs}} +\newcommand{\shieldedInputs}{\terms{shielded input}} \newcommand{\spendDescription}{\term{Spend description}} -\newcommand{\spendDescriptions}{\term{Spend descriptions}} -\newcommand{\SpendDescriptions}{\titleterm{Spend Descriptions}} +\newcommand{\spendDescriptions}{\terms{Spend description}} +\newcommand{\SpendDescriptions}{\titleterms{Spend Description}} \newcommand{\spendTransfer}{\term{Spend transfer}} -\newcommand{\spendTransfers}{\term{Spend transfers}} -\newcommand{\SpendTransfers}{\titleterm{Spend Transfers}} +\newcommand{\spendTransfers}{\terms{Spend transfer}} +\newcommand{\SpendTransfers}{\titleterms{Spend Transfer}} \newcommand{\spendCircuit}{\term{Spend circuit}} \newcommand{\spendStatement}{\term{Spend statement}} -\newcommand{\spendStatements}{\term{Spend statements}} +\newcommand{\spendStatements}{\terms{Spend statement}} \newcommand{\SpendStatement}{\titleterm{Spend Statement}} \newcommand{\spendProof}{\term{Spend proof}} \newcommand{\spendAuthSignature}{\term{spend authorization signature}} -\newcommand{\spendAuthSignatures}{\term{spend authorization signatures}} +\newcommand{\spendAuthSignatures}{\terms{spend authorization signature}} \newcommand{\spendAuthRandomizer}{\term{spend authorization randomizer}} -\newcommand{\spendAuthRandomizers}{\term{spend authorization randomizers}} +\newcommand{\spendAuthRandomizers}{\terms{spend authorization randomizer}} \newcommand{\spendAuthAddressKey}{\term{spend authorization address key}} \newcommand{\spendAuthAddressKeys}{\term{spend authorization address key}} \newcommand{\spendAuthPrivateKey}{\term{spend authorization private key}} @@ -595,54 +649,54 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\SpendAuthSignature}{\titleterm{Spend Authorization Signature}} \newcommand{\spendAuthSignatureScheme}{\term{spend authorization signature scheme}} \newcommand{\outputDescription}{\term{Output description}} -\newcommand{\outputDescriptions}{\term{Output descriptions}} -\newcommand{\OutputDescriptions}{\titleterm{Output Descriptions}} +\newcommand{\outputDescriptions}{\terms{Output description}} +\newcommand{\OutputDescriptions}{\titleterms{Output Description}} \newcommand{\outputTransfer}{\term{Output transfer}} -\newcommand{\outputTransfers}{\term{Output transfers}} -\newcommand{\OutputTransfers}{\titleterm{Output Transfers}} +\newcommand{\outputTransfers}{\terms{Output transfer}} +\newcommand{\OutputTransfers}{\titleterms{Output Transfer}} \newcommand{\outputCircuit}{\term{Output circuit}} \newcommand{\outputStatement}{\term{Output statement}} -\newcommand{\outputStatements}{\term{Output statements}} +\newcommand{\outputStatements}{\terms{Output statement}} \newcommand{\OutputStatement}{\titleterm{Output Statement}} \newcommand{\outputProof}{\term{Output proof}} \newcommand{\bindingSignature}{\term{binding signature}} -\newcommand{\bindingSignatures}{\term{binding signatures}} +\newcommand{\bindingSignatures}{\terms{binding signature}} \newcommand{\BindingSignature}{\titleterm{Binding Signature}} \newcommand{\bindingSignatureScheme}{\term{binding signature scheme}} \newcommand{\txBindingVerificationKey}{\term{transaction binding verification key}} \newcommand{\balancingValue}{\term{balancing value}} \newcommand{\shieldedOutput}{\term{shielded output}} -\newcommand{\shieldedOutputs}{\term{shielded outputs}} +\newcommand{\shieldedOutputs}{\terms{shielded output}} \newcommand{\statement}{\term{statement}} -\newcommand{\statements}{\term{statements}} -\newcommand{\ZkSNARKStatements}{\titleterm{Zk-SNARK Statement\notsprout{s}}} +\newcommand{\statements}{\terms{statement}} +\newcommand{\ZkSNARKStatements}{\titleterm{Zk-SNARK Statement}\notsprout{s}} \newcommand{\zkProof}{\term{zk proof}} \newcommand{\zeroKnowledgeProof}{\term{zero-knowledge proof}} -\newcommand{\zeroKnowledgeProofs}{\term{zero-knowledge proofs}} +\newcommand{\zeroKnowledgeProofs}{\terms{zero-knowledge proof}} \newcommand{\provingSystem}{\term{proving system}} -\newcommand{\provingSystems}{\term{proving systems}} +\newcommand{\provingSystems}{\terms{proving system}} \newcommand{\zeroKnowledgeProvingSystem}{\term{zero-knowledge proving system}} \newcommand{\ZeroKnowledgeProvingSystem}{\titleterm{Zero-Knowledge Proving System}} -\newcommand{\ZeroKnowledgeProvingSystems}{\titleterm{Zero-Knowledge Proving Systems}} +\newcommand{\ZeroKnowledgeProvingSystems}{\titleterms{Zero-Knowledge Proving System}} \newcommand{\quadraticConstraintProgram}{\term{quadratic constraint program}} -\newcommand{\quadraticConstraintPrograms}{\term{quadratic constraint programs}} -\newcommand{\QuadraticConstraintPrograms}{\titleterm{Quadratic Constraint Programs}} +\newcommand{\quadraticConstraintPrograms}{\terms{quadratic constraint program}} +\newcommand{\QuadraticConstraintPrograms}{\titleterms{Quadratic Constraint Program}} \newcommand{\quadraticArithmeticProgram}{\term{Quadratic Arithmetic Program}} -\newcommand{\quadraticArithmeticPrograms}{\term{Quadratic Arithmetic Programs}} +\newcommand{\quadraticArithmeticPrograms}{\terms{Quadratic Arithmetic Program}} \newcommand{\linearCombination}{\term{linear combination}} -\newcommand{\linearCombinations}{\term{linear combinations}} +\newcommand{\linearCombinations}{\terms{linear combination}} \newcommand{\representedGroup}{\term{represented group}} -\newcommand{\representedGroups}{\term{represented groups}} +\newcommand{\representedGroups}{\terms{represented group}} \newcommand{\RepresentedGroup}{\titleterm{Represented Group}} \newcommand{\representedSubgroup}{\term{represented subgroup}} -\newcommand{\representedSubgroups}{\term{represented subgroups}} +\newcommand{\representedSubgroups}{\terms{represented subgroup}} \newcommand{\hashExtractor}{\term{hash extractor}} \newcommand{\HashExtractor}{\titleterm{Hash Extractor}} \newcommand{\groupHash}{\term{group hash}} -\newcommand{\groupHashes}{\term{group hashes}} +\newcommand{\groupHashes}{\termes{group hash}} \newcommand{\representedPairing}{\term{represented pairing}} \newcommand{\RepresentedPairing}{\titleterm{Represented Pairing}} -\newcommand{\RepresentedGroupsAndPairings}{\titleterm{Represented Groups and Pairings}} +\newcommand{\RepresentedGroupsAndPairings}{\titleterms{Represented Groups and Pairing}} \newcommand{\BCTV}{\mathsf{BCTV14}} \newcommand{\Groth}{\mathsf{Groth16}} \newcommand{\GrothText}{\texorpdfstring{$\Groth$}{Groth16}} @@ -656,224 +710,224 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\jubjubCurve}{\term{Jubjub curve}} \newcommand{\Jubjub}{\titleterm{Jubjub}} \newcommand{\completeTwistedEdwardsEllipticCurve}{\term{complete twisted Edwards elliptic curve}} -\newcommand{\completeTwistedEdwardsEllipticCurves}{\term{complete twisted Edwards elliptic curves}} +\newcommand{\completeTwistedEdwardsEllipticCurves}{\terms{complete twisted Edwards elliptic curve}} \newcommand{\MontgomeryEllipticCurve}{\term{Montgomery elliptic curve}} -\newcommand{\MontgomeryEllipticCurves}{\term{Montgomery elliptic curves}} +\newcommand{\MontgomeryEllipticCurves}{\terms{Montgomery elliptic curve}} \newcommand{\uniformRandomString}{\term{Uniform Random String}} -\newcommand{\uniformRandomStrings}{\term{Uniform Random Strings}} +\newcommand{\uniformRandomStrings}{\terms{Uniform Random String}} \newcommand{\BNRepresentedPairing}{\titleterm{BN-254}} \newcommand{\BLSRepresentedPairing}{\titleterm{BLS12-381}} \newcommand{\ppzkSNARK}{\term{preprocessing zk-SNARK}} \newcommand{\provingKey}{\term{proving key}} -\newcommand{\provingKeys}{\term{proving keys}} -\newcommand{\zkProvingKeys}{\term{zero-knowledge proving keys}} +\newcommand{\provingKeys}{\terms{proving key}} +\newcommand{\zkProvingKeys}{\terms{zero-knowledge proving key}} \newcommand{\verifyingKey}{\term{verifying key}} -\newcommand{\verifyingKeys}{\term{verifying keys}} -\newcommand{\zkVerifyingKeys}{\term{zero-knowledge verifying keys}} +\newcommand{\verifyingKeys}{\terms{verifying key}} +\newcommand{\zkVerifyingKeys}{\terms{zero-knowledge verifying key}} \newcommand{\joinSplitParameters}{\term{JoinSplit parameters}} \newcommand{\BCTVZKParameters}{\titleterm{BCTV14 zk-SNARK Parameters}} \newcommand{\GrothZKParameters}{\titleterm{Groth16 zk-SNARK Parameters}} \newcommand{\rankOneConstraintSystem}{\term{Rank 1 Constraint System}} -\newcommand{\primary}{\term{primary}} +\newcommand{\primary}{\termandindex{primary}{primary input}} \newcommand{\primaryInput}{\term{primary input}} -\newcommand{\primaryInputs}{\term{primary inputs}} +\newcommand{\primaryInputs}{\terms{primary input}} \newcommand{\auxiliaryInput}{\term{auxiliary input}} -\newcommand{\auxiliaryInputs}{\term{auxiliary inputs}} +\newcommand{\auxiliaryInputs}{\terms{auxiliary input}} \newcommand{\fullValidator}{\term{full validator}} -\newcommand{\fullValidators}{\term{full validators}} +\newcommand{\fullValidators}{\terms{full validator}} \newcommand{\consensusRuleChange}{\term{consensus rule change}} \newcommand{\anchor}{\term{anchor}} -\newcommand{\anchors}{\term{anchors}} +\newcommand{\anchors}{\terms{anchor}} \newcommand{\block}{\term{block}} -\newcommand{\blocks}{\term{blocks}} +\newcommand{\blocks}{\terms{block}} \newcommand{\header}{\term{header}} -\newcommand{\headers}{\term{headers}} +\newcommand{\headers}{\terms{header}} \newcommand{\blockHeader}{\term{block header}} -\newcommand{\blockHeaders}{\term{block headers}} -\newcommand{\Blockheader}{\term{Block header}} +\newcommand{\blockHeaders}{\terms{block header}} +\newcommand{\Blockheader}{\termx{block header}} \newcommand{\BlockHeader}{\titleterm{Block Header}} \newcommand{\blockVersionNumber}{\term{block version number}} -\newcommand{\blockVersionNumbers}{\term{block version numbers}} -\newcommand{\Blockversions}{\term{Block versions}} +\newcommand{\blockVersionNumbers}{\terms{block version number}} +\newcommand{\Blockversions}{\termandindex{Block versions}{block version number}} \newcommand{\blockTime}{\term{block time}} \newcommand{\blockHeight}{\term{block height}} -\newcommand{\blockHeights}{\term{block heights}} +\newcommand{\blockHeights}{\terms{block height}} \newcommand{\activationHeight}{\term{activation block height}} -\newcommand{\activationHeights}{\term{activation block heights}} +\newcommand{\activationHeights}{\terms{activation block height}} \newcommand{\genesisBlock}{\term{genesis block}} \newcommand{\transaction}{\term{transaction}} -\newcommand{\transactions}{\term{transactions}} -\newcommand{\Transactions}{\titleterm{Transactions}} +\newcommand{\transactions}{\terms{transaction}} +\newcommand{\Transactions}{\titleterms{Transaction}} \newcommand{\transactionFee}{\term{transaction fee}} -\newcommand{\transactionFees}{\term{transaction fees}} -\newcommand{\transactionVersion}{\term{transaction version}} +\newcommand{\transactionFees}{\terms{transaction fee}} +\newcommand{\transactionVersion}{\termandindex{transaction version}{transaction version number}} \newcommand{\transactionVersionNumber}{\term{transaction version number}} -\newcommand{\transactionVersionNumbers}{\term{transaction version numbers}} -\newcommand{\Transactionversion}{\term{Transaction version}} +\newcommand{\transactionVersionNumbers}{\terms{transaction version number}} +\newcommand{\Transactionversion}{\termandindex{Transaction version}{transaction version number}} \newcommand{\versionGroupID}{\term{version group ID}} \newcommand{\coinbaseTransaction}{\term{coinbase transaction}} -\newcommand{\coinbaseTransactions}{\term{coinbase transactions}} -\newcommand{\CoinbaseTransactions}{\titleterm{Coinbase Transactions}} +\newcommand{\coinbaseTransactions}{\terms{coinbase transaction}} +\newcommand{\CoinbaseTransactions}{\titleterms{Coinbase Transaction}} \newcommand{\transparent}{\term{transparent}} -\newcommand{\xTransparent}{\term{Transparent}} +\newcommand{\xTransparent}{\termx{transparent}} \newcommand{\Transparent}{\titleterm{Transparent}} \newcommand{\transparentValuePool}{\term{transparent value pool}} \newcommand{\transparentAddress}{\term{transparent address}} -\newcommand{\transparentAddresses}{\term{transparent addresses}} -\newcommand{\xTransparentAddresses}{\term{Transparent addresses}} -\newcommand{\TransparentAddresses}{\titleterm{Transparent Addresses}} -\newcommand{\transparentTransfers}{\term{transparent transfers}} +\newcommand{\transparentAddresses}{\termes{transparent address}} +\newcommand{\xTransparentAddresses}{\termxes{transparent address}} +\newcommand{\TransparentAddresses}{\titletermes{Transparent Address}} +\newcommand{\transparentTransfers}{\terms{transparent transfer}} \newcommand{\transparentInput}{\term{transparent input}} -\newcommand{\transparentInputs}{\term{transparent inputs}} -\newcommand{\xTransparentInputs}{\term{Transparent inputs}} +\newcommand{\transparentInputs}{\terms{transparent input}} +\newcommand{\xTransparentInputs}{\termxs{transparent input}} \newcommand{\transparentOutput}{\term{transparent output}} -\newcommand{\transparentOutputs}{\term{transparent outputs}} -\newcommand{\xTransparentOutputs}{\term{Transparent outputs}} -\newcommand{\saplingValuePool}{\term{\Sapling value pool}} +\newcommand{\transparentOutputs}{\terms{transparent output}} +\newcommand{\xTransparentOutputs}{\termxs{transparent output}} +\newcommand{\saplingValuePool}{\termandindex{\Sapling value pool}{value pool (Sapling)}} \newcommand{\shielded}{\term{shielded}} \newcommand{\shieldedNote}{\term{shielded note}} -\newcommand{\shieldedNotes}{\term{shielded notes}} -\newcommand{\xShielded}{\term{Shielded}} +\newcommand{\shieldedNotes}{\terms{shielded note}} +\newcommand{\xShielded}{\termx{shielded}} \newcommand{\Shielded}{\titleterm{Shielded}} \newcommand{\blockchain}{\term{block chain}} -\newcommand{\blockchains}{\term{block chains}} +\newcommand{\blockchains}{\terms{block chain}} \newcommand{\Blockchain}{\titleterm{Block Chain}} \newcommand{\validBlockchain}{\term{valid block chain}} \newcommand{\bestValidBlockchain}{\term{best valid block chain}} \newcommand{\branch}{\term{branch}} -\newcommand{\branches}{\term{branches}} +\newcommand{\branches}{\termes{branch}} \newcommand{\mempool}{\term{mempool}} \newcommand{\treestate}{\term{treestate}} -\newcommand{\treestates}{\term{treestates}} +\newcommand{\treestates}{\terms{treestate}} \newcommand{\nullifier}{\term{nullifier}} -\newcommand{\nullifiers}{\term{nullifiers}} -\newcommand{\xNullifier}{\term{Nullifier}} -\newcommand{\xNullifiers}{\term{Nullifiers}} +\newcommand{\nullifiers}{\terms{nullifier}} +\newcommand{\xNullifier}{\termx{nullifier}} +\newcommand{\xNullifiers}{\termxs{nullifier}} \newcommand{\Nullifier}{\titleterm{Nullifier}} -\newcommand{\Nullifiers}{\titleterm{Nullifiers}} +\newcommand{\Nullifiers}{\titleterms{Nullifier}} \newcommand{\nullifierSet}{\term{nullifier set}} -\newcommand{\nullifierSets}{\term{nullifier sets}} -\newcommand{\NullifierSets}{\titleterm{Nullifier Sets}} +\newcommand{\nullifierSets}{\terms{nullifier set}} +\newcommand{\NullifierSets}{\titleterms{Nullifier Set}} \newcommand{\paymentAddress}{\term{shielded payment address}} -\newcommand{\paymentAddresses}{\term{shielded payment addresses}} -\newcommand{\PaymentAddresses}{\titleterm{Shielded Payment Addresses}} +\newcommand{\paymentAddresses}{\termes{shielded payment address}} +\newcommand{\PaymentAddresses}{\titletermes{Shielded Payment Address}} \newcommand{\diversifiedPaymentAddress}{\term{diversified payment address}} -\newcommand{\diversifiedPaymentAddresses}{\term{diversified payment addresses}} +\newcommand{\diversifiedPaymentAddresses}{\termes{diversified payment address}} \newcommand{\defaultDiversifiedPaymentAddress}{\term{default diversified payment address}} \newcommand{\diversifiedBase}{\term{diversified base}} -\newcommand{\diversifiedBases}{\term{diversified bases}} +\newcommand{\diversifiedBases}{\terms{diversified base}} \newcommand{\diversifier}{\term{diversifier}} -\newcommand{\diversifiers}{\term{diversifiers}} +\newcommand{\diversifiers}{\terms{diversifier}} \newcommand{\incomingViewingKey}{\term{incoming viewing key}} -\newcommand{\incomingViewingKeys}{\term{incoming viewing keys}} -\newcommand{\IncomingViewingKeys}{\titleterm{Incoming Viewing Keys}} +\newcommand{\incomingViewingKeys}{\terms{incoming viewing key}} +\newcommand{\IncomingViewingKeys}{\titleterms{Incoming Viewing Key}} \newcommand{\outgoingViewingKey}{\term{outgoing viewing key}} -\newcommand{\outgoingViewingKeys}{\term{outgoing viewing keys}} +\newcommand{\outgoingViewingKeys}{\terms{outgoing viewing key}} \newcommand{\outgoingCipherKey}{\term{outgoing cipher key}} -\newcommand{\outgoingCipherKeys}{\term{outgoing cipher keys}} +\newcommand{\outgoingCipherKeys}{\terms{outgoing cipher key}} \newcommand{\fullViewingKey}{\term{full viewing key}} -\newcommand{\fullViewingKeys}{\term{full viewing keys}} -\newcommand{\FullViewingKeys}{\titleterm{Full Viewing Keys}} +\newcommand{\fullViewingKeys}{\terms{full viewing key}} +\newcommand{\FullViewingKeys}{\titleterms{Full Viewing Key}} \newcommand{\receivingKey}{\term{receiving key}} -\newcommand{\receivingKeys}{\term{receiving keys}} +\newcommand{\receivingKeys}{\terms{receiving key}} \newcommand{\spendingKey}{\term{spending key}} -\newcommand{\spendingKeys}{\term{spending keys}} -\newcommand{\SpendingKeys}{\titleterm{Spending Keys}} +\newcommand{\spendingKeys}{\terms{spending key}} +\newcommand{\SpendingKeys}{\titleterms{Spending Key}} \newcommand{\payingKey}{\term{paying key}} \newcommand{\transmissionKey}{\term{transmission key}} -\newcommand{\transmissionKeys}{\term{transmission keys}} +\newcommand{\transmissionKeys}{\terms{transmission key}} \newcommand{\diversifiedTransmissionKey}{\term{diversified transmission key}} -\newcommand{\diversifiedTransmissionKeys}{\term{diversified transmission keys}} +\newcommand{\diversifiedTransmissionKeys}{\terms{diversified transmission key}} \newcommand{\diversifiedTransmissionBase}{\term{diversified transmission base}} -\newcommand{\diversifiedTransmissionBases}{\term{diversified transmission bases}} +\newcommand{\diversifiedTransmissionBases}{\terms{diversified transmission base}} \newcommand{\authSigningKey}{\term{spend authorizing key}} -\newcommand{\authSigningKeys}{\term{spend authorizing keys}} +\newcommand{\authSigningKeys}{\terms{spend authorizing key}} \newcommand{\authRandomizedVerifyingKey}{\term{randomized spend verifying key}} -\newcommand{\authRandomizedVerifyingKeys}{\term{randomized spend verifying keys}} +\newcommand{\authRandomizedVerifyingKeys}{\terms{randomized spend verifying key}} \newcommand{\authProvingKey}{\term{proof authorizing key}} -\newcommand{\authProvingKeys}{\term{proof authorizing keys}} +\newcommand{\authProvingKeys}{\terms{proof authorizing key}} \newcommand{\nullifierKey}{\term{nullifier deriving key}} -\newcommand{\nullifierKeys}{\term{nullifier deriving keys}} +\newcommand{\nullifierKeys}{\terms{nullifier deriving key}} \newcommand{\humanReadablePart}{\term{Human-Readable Part}} \newcommand{\notePlaintext}{\term{note plaintext}} -\newcommand{\notePlaintexts}{\term{note plaintexts}} -\newcommand{\NotePlaintexts}{\titleterm{Note Plaintexts}} -\newcommand{\noteCiphertext}{\term{transmitted note ciphertext}} -\newcommand{\noteCiphertexts}{\term{transmitted note ciphertexts}} -\newcommand{\notesCiphertext}{\term{transmitted notes ciphertext}} +\newcommand{\notePlaintexts}{\terms{note plaintext}} +\newcommand{\NotePlaintexts}{\titleterms{Note Plaintext}} +\newcommand{\noteCiphertext}{\termandindex{transmitted note ciphertext}{transmitted note(s) ciphertext}} +\newcommand{\noteCiphertexts}{\termandindex{transmitted note ciphertexts}{transmitted note(s) ciphertext}} +\newcommand{\notesCiphertext}{\termandindex{transmitted notes ciphertext}{transmitted note(s) ciphertext}} \newcommand{\noteOrNotesCiphertext}{\term{transmitted note(s) ciphertext}} \newcommand{\outputCiphertext}{\term{output ciphertext}} -\newcommand{\outputCiphertexts}{\term{output ciphertexts}} +\newcommand{\outputCiphertexts}{\terms{output ciphertext}} \newcommand{\incrementalMerkleTree}{\term{incremental Merkle tree}} \newcommand{\MerkleTree}{\titleterm{Merkle Tree}} -\newcommand{\merkleRoot}{\term{root}} -\newcommand{\merkleNode}{\term{node}} -\newcommand{\merkleNodes}{\term{nodes}} -\newcommand{\merkleHash}{\term{hash value}} -\newcommand{\merkleHashes}{\term{hash values}} -\newcommand{\merkleLeafNode}{\term{leaf node}} -\newcommand{\merkleLeafNodes}{\term{leaf nodes}} -\newcommand{\merkleInternalNode}{\term{internal node}} -\newcommand{\merkleInternalNodes}{\term{internal nodes}} -\newcommand{\MerkleInternalNodes}{\term{Internal nodes}} +\newcommand{\merkleRoot}{\termandindex{root}{root (of a Merkle tree)}} +\newcommand{\merkleNode}{\termandindex{node}{node (of a Merkle tree)}} +\newcommand{\merkleNodes}{\termandindex{nodes}{node (of a Merkle tree)}} +\newcommand{\merkleHash}{\termandindex{hash value}{hash value (of a Merkle tree node)}} +\newcommand{\merkleHashes}{\termandindex{hash values}{hash value (of a Merkle tree node)}} +\newcommand{\merkleLeafNode}{\termandindex{leaf node}{leaf node (of a Merkle tree)}} +\newcommand{\merkleLeafNodes}{\termandindex{leaf nodes}{leaf node (of a Merkle tree)}} +\newcommand{\merkleInternalNode}{\termandindex{internal node}{internal node (of a Merkle tree)}} +\newcommand{\merkleInternalNodes}{\termandindex{internal nodes}{internal node (of a Merkle tree)}} +\newcommand{\MerkleInternalNodes}{\termandindex{Internal nodes}{internal node (of a Merkle tree)}} \newcommand{\merklePath}{\term{Merkle path}} -\newcommand{\merkleLayer}{\term{layer}} -\newcommand{\merkleLayers}{\term{layers}} -\newcommand{\merkleIndex}{\term{index}} -\newcommand{\merkleIndices}{\term{indices}} +\newcommand{\merkleLayer}{\termandindex{layer}{layer (of a Merkle tree)}} +\newcommand{\merkleLayers}{\termandindex{layers}{layer (of a Merkle tree)}} +\newcommand{\merkleIndex}{\termandindex{index}{index (of a Merkle tree node)}} +\newcommand{\merkleIndices}{\termandindex{indices}{index (of a Merkle tree node)}} \newcommand{\zkSNARK}{\term{zk-SNARK}} -\newcommand{\zkSNARKs}{\term{zk-SNARKs}} +\newcommand{\zkSNARKs}{\terms{zk-SNARK}} \newcommand{\zkSNARKProof}{\term{zk-SNARK proof}} -\newcommand{\zkSNARKProofs}{\term{zk-SNARK proofs}} +\newcommand{\zkSNARKProofs}{\terms{zk-SNARK proof}} \newcommand{\zkSNARKCircuit}{\term{zk-SNARK circuit}} -\newcommand{\zkSNARKCircuits}{\term{zk-SNARK circuits}} -\newcommand{\libsnark}{\term{libsnark}} +\newcommand{\zkSNARKCircuits}{\terms{zk-SNARK circuit}} +\newcommand{\libsnark}{\termandindex{libsnark}{libsnark (Zcash fork)}} \newcommand{\bellman}{\term{bellman}} \newcommand{\memo}{\term{memo field}} -\newcommand{\memos}{\term{memo fields}} -\newcommand{\Memos}{\titleterm{Memo Fields}} +\newcommand{\memos}{\terms{memo field}} +\newcommand{\Memos}{\titleterms{Memo Field}} \newcommand{\keyAgreementScheme}{\term{key agreement scheme}} -\newcommand{\keyAgreementSchemes}{\term{key agreement schemes}} +\newcommand{\keyAgreementSchemes}{\terms{key agreement scheme}} \newcommand{\keyDerivationFunction}{\term{Key Derivation Function}} -\newcommand{\keyDerivationFunctions}{\term{Key Derivation Functions}} +\newcommand{\keyDerivationFunctions}{\terms{Key Derivation Function}} \newcommand{\KeyAgreement}{\titleterm{Key Agreement}} \newcommand{\KeyDerivation}{\titleterm{Key Derivation}} \newcommand{\KeyAgreementAndDerivation}{\titleterm{Key Agreement and Derivation}} \newcommand{\hashFunction}{\term{hash function}} -\newcommand{\hashFunctions}{\term{hash functions}} +\newcommand{\hashFunctions}{\terms{hash function}} \newcommand{\HashFunction}{\titleterm{Hash Function}} -\newcommand{\HashFunctions}{\titleterm{Hash Functions}} +\newcommand{\HashFunctions}{\titleterms{Hash Function}} \newcommand{\encryptionScheme}{\term{encryption scheme}} -\newcommand{\symmetricEncryptionScheme}{\term{authenticated one-time symmetric encryption scheme}} +\newcommand{\symmetricEncryptionScheme}{\termandindex{authenticated one-time symmetric encryption scheme}{authenticated one-time symmetric encryption}} \newcommand{\SymmetricEncryption}{\titleterm{Authenticated One-Time Symmetric Encryption}} \newcommand{\signatureScheme}{\term{signature scheme}} -\newcommand{\signatureSchemes}{\term{signature schemes}} -\newcommand{\rerandomizableSignatureScheme}{\term{signature scheme with re\hyp randomizable keys}} +\newcommand{\signatureSchemes}{\terms{signature scheme}} \newcommand{\rerandomizableSignatureSchemes}{\term{signature schemes with re\hyp randomizable keys}} -\newcommand{\keyHomomorphicSignatureScheme}{\term{signature scheme with private key to public key homomorphism}} \newcommand{\keyHomomorphicSignatureSchemes}{\term{signature schemes with private key to public key homomorphism}} +\newcommand{\rerandomizableSignatureScheme}{\termandindex{signature scheme with re\hyp randomizable keys}{signature scheme with re-randomizable keys}} +\newcommand{\keyHomomorphicSignatureScheme}{\term{signature scheme with key homomorphism}} \newcommand{\pseudoRandomFunction}{\term{Pseudo Random Function}} -\newcommand{\pseudoRandomFunctions}{\term{Pseudo Random Functions}} -\newcommand{\PseudoRandomFunctions}{\titleterm{Pseudo Random Functions}} +\newcommand{\pseudoRandomFunctions}{\terms{Pseudo Random Function}} +\newcommand{\PseudoRandomFunctions}{\titleterms{Pseudo Random Function}} \newcommand{\pseudoRandomPermutation}{\term{Pseudo Random Permutation}} -\newcommand{\pseudoRandomGenerators}{\term{Pseudo Random Generators}} % only in history +\newcommand{\pseudoRandomGenerators}{\termnoindex{Pseudo Random Generators}} % only in history \newcommand{\expandedSeed}{\term{expanded seed}} \newcommand{\shaHashFunction}{\term{SHA-256 hash function}} -\newcommand{\shaCompress}{\term{SHA-256 compression}} +\newcommand{\shaCompress}{\termandindex{SHA-256 compression}{SHA-256 compression function}} \newcommand{\shaCompressFunction}{\term{SHA-256 compression function}} \newcommand{\BlakeTwo}{\titleterm{BLAKE2}} \newcommand{\xPedersenHash}{\term{Pedersen hash}} -\newcommand{\xPedersenHashes}{\term{Pedersen hashes}} +\newcommand{\xPedersenHashes}{\termes{Pedersen hash}} \newcommand{\PedersenHashFunction}{\titleterm{Pedersen Hash Function}} \newcommand{\xPedersenCommitment}{\term{Pedersen commitment}} -\newcommand{\xPedersenCommitments}{\term{Pedersen commitments}} +\newcommand{\xPedersenCommitments}{\terms{Pedersen commitment}} \newcommand{\xPedersenValueCommitment}{\term{Pedersen value commitment}} -\newcommand{\xPedersenValueCommitments}{\term{Pedersen value commitments}} +\newcommand{\xPedersenValueCommitments}{\terms{Pedersen value commitment}} \newcommand{\windowedPedersenCommitment}{\term{windowed Pedersen commitment}} -\newcommand{\windowedPedersenCommitments}{\term{windowed Pedersen commitments}} +\newcommand{\windowedPedersenCommitments}{\terms{windowed Pedersen commitment}} \newcommand{\WindowedPedersenCommitment}{\titleterm{Windowed Pedersen Commitment}} \newcommand{\homomorphicPedersenCommitment}{\term{homomorphic Pedersen commitment}} -\newcommand{\homomorphicPedersenCommitments}{\term{homomorphic Pedersen commitments}} +\newcommand{\homomorphicPedersenCommitments}{\terms{homomorphic Pedersen commitment}} \newcommand{\HomomorphicPedersenCommitment}{\titleterm{Homomorphic Pedersen Commitment}} \newcommand{\distinctXCriterion}{\term{distinct-$x$ criterion}} \newcommand{\Nary}{\mbox{$N$-ary}} @@ -1360,7 +1414,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\ThresholdBits}{\mathsf{ThresholdBits}} \newcommand{\targetThreshold}{\term{target threshold}} -\newcommand{\targetThresholds}{\term{target thresholds}} +\newcommand{\targetThresholds}{\terms{target threshold}} % Signatures @@ -1542,9 +1596,9 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\SighashTxHashing}{\titleterm{SIGHASH Transaction Hashing}} \newcommand{\sighash}{\term{SIGHASH}} \newcommand{\sighashTxHash}{\term{SIGHASH transaction hash}} -\newcommand{\sighashTxHashes}{\term{SIGHASH transaction hashes}} +\newcommand{\sighashTxHashes}{\termes{SIGHASH transaction hash}} \newcommand{\sighashType}{\term{SIGHASH type}} -\newcommand{\sighashTypes}{\term{SIGHASH types}} +\newcommand{\sighashTypes}{\terms{SIGHASH type}} \newcommand{\SIGHASHALL}{\mathsf{SIGHASH\_ALL}} \newcommand{\SIGHASHSINGLE}{\mathsf{SIGHASH\_SINGLE}} \newcommand{\SigHash}{\mathsf{SigHash}} @@ -3783,7 +3837,7 @@ them to be the relevant $\Groth$ \provingKeys and \subsection{\KeyComponents} \label{keycomponents} -\notsprout{\subsubsection{\Sprout{} \KeyComponents}} \label{sproutkeycomponents} +\notsprout{\subsubsection{\SproutText{} \KeyComponents}} \label{sproutkeycomponents} Let $\AuthPrivateLength$ be as defined in \crossref{constants}. @@ -3809,7 +3863,7 @@ as follows:} \end{tabular} \sapling{ -\subsubsection{\Sapling{} \KeyComponents} \label{saplingkeycomponents} +\subsubsection{\SaplingText{} \KeyComponents} \label{saplingkeycomponents} Let $\PRFOutputLengthExpand$, $\SpendingKeyLength$, $\OutViewingKeyLength$, and $\DiversifierLength$ be as defined in \crossref{constants}. @@ -4153,7 +4207,7 @@ where \vspace{-2ex} \subsection{Sending \Notes} \label{send} -\notsprout{\subsubsection{Sending \Notes{} (\Sprout)}} \label{sproutsend} +\notsprout{\subsubsection{Sending \Notes{} (\SproutText)}} \label{sproutsend} In order to send \SproutOrNothing{} \shielded value, the sender constructs a \transaction containing one or more \joinSplitDescriptions. This involves first @@ -4208,7 +4262,7 @@ Then the encoded \transaction including $\joinSplitSig$ is submitted to the netw \sapling{ \introlist -\subsubsection{Sending \Notes{} (\Sapling)} \label{saplingsend} +\subsubsection{Sending \Notes{} (\SaplingText)} \label{saplingsend} In order to send \Sapling{} \shielded value, the sender constructs a \transaction containing one or more \outputDescriptions. @@ -4292,7 +4346,7 @@ scope of this specification. The encoded \transaction is submitted to the networ \introsection \subsection{\DummyNotes} \label{dummynotes} -\notsprout{\subsubsection{\DummyNotes\pSproutOrNothing}} \label{sproutdummynotes} +\notsprout{\subsubsection{\DummyNotes\pSproutOrNothingText}} \label{sproutdummynotes} The fields in a \joinSplitDescription allow for $\NOld$ input \notes, and $\NNew$ output \notes. In practice, we may wish to encode a \joinSplitTransfer @@ -4330,7 +4384,7 @@ zero value, and sent to a random \paymentAddress. \sapling{ \introsection -\subsubsection{\DummyNotes{} (\Sapling)} \label{saplingdummynotes} +\subsubsection{\DummyNotes{} (\SaplingText)} \label{saplingdummynotes} In \Sapling there is no need to use \dummyNotes simply in order to fill otherwise unused inputs as in the case of a \joinSplitDescription; nevertheless @@ -4495,7 +4549,7 @@ activation, i.e.\ for version 3 \transactions, is defined in \cite{ZIP-143}.} version 4 \transactions, is defined in \cite{ZIP-243}.} -\subsection{Non-malleability\pSproutOrNothing} \label{sproutnonmalleability} +\subsection{Non-malleability\pSproutOrNothingText} \label{sproutnonmalleability} Let $\dataToBeSigned$ be the hash of the \transaction{}, not associated with an input, \changed{using the $\SIGHASHALL$ \sighashType}. @@ -4532,7 +4586,7 @@ to $\joinSplitPubKey$ to sign this \transaction. \introsection -\subsection{Balance\pSproutOrNothing} \label{joinsplitbalance} +\subsection{Balance\pSproutOrNothingText} \label{joinsplitbalance} In \Bitcoin, all inputs to and outputs from a \transaction are transparent. The total value of \transparentOutputs{} must not exceed the total value of @@ -4568,7 +4622,7 @@ according to client implementation. \sapling{ \introsection -\subsection{Balance and \BindingSignature{} (\Sapling)} \label{saplingbalance} \label{bindingsig} +\subsection{Balance and \BindingSignature{} (\SaplingText)} \label{saplingbalance} \label{bindingsig} \Sapling adds \spendTransfers and \outputTransfers to the transparent and \joinSplitTransfers present in \Sprout. @@ -4858,7 +4912,7 @@ is a representation of the \nullifierKey associated with the \note and $\NoteAdd \subsection{\ZkSNARKStatements} \label{snarkstatements} \vspace{-1ex} -\subsubsection{\JoinSplitStatement\pSproutOrNothing} \label{joinsplitstatement} +\subsubsection{\JoinSplitStatement\pSproutOrNothingText} \label{joinsplitstatement} \vspace{-2ex} Let $\MerkleHashLengthSprout$, $\PRFOutputLengthSprout$, $\MerkleDepthSprout$, $\ValueLength$, @@ -4960,7 +5014,7 @@ For details of the form and encoding of proofs, see \crossref{bctv}. \sapling{ -\subsubsection{\SpendStatement{} (\Sapling)} \label{spendstatement} +\subsubsection{\SpendStatement{} (\SaplingText)} \label{spendstatement} \vspace{-1ex} Let $\MerkleHashLengthSapling$, $\PRFOutputLengthNfSapling$, and $\ScalarLength$ be @@ -5082,7 +5136,7 @@ For details of the form and encoding of \spendStatement proofs, see \crossref{gr \sapling{ \introsection -\subsubsection{\OutputStatement{} (\Sapling)} \label{outputstatement} +\subsubsection{\OutputStatement{} (\SaplingText)} \label{outputstatement} Let $\MerkleHashLengthSapling$, $\PRFOutputLengthNfSapling$, and $\ScalarLength$ be as defined in \crossref{constants}. @@ -5152,7 +5206,7 @@ For details of the form and encoding of \outputStatement proofs, see \crossref{g } %sapling -\subsection{In-band secret distribution\pSproutOrNothing} \label{sproutinband} +\subsection{In-band secret distribution\pSproutOrNothingText} \label{sproutinband} \sprout{The}\notsprout{In \Sprout, the} secrets that need to be transmitted to a recipient of funds in order for them to later spend, are $\Value$, @@ -5181,7 +5235,7 @@ For both encryption and decryption, \vspace{-2ex} -\subsubsection{Encryption\pSproutOrNothing} \label{sproutencrypt} +\subsubsection{Encryption\pSproutOrNothingText} \label{sproutencrypt} Let $\KASprout$ be the \keyAgreementScheme instantiated in \crossref{concretesproutkeyagreement}. @@ -5227,7 +5281,7 @@ further security considerations, for example of how to validate a \SproutOrNothi \note received out-of-band, which are not addressed in this document. } -\subsubsection{Decryption\pSproutOrNothing} \label{sproutdecrypt} +\subsubsection{Decryption\pSproutOrNothingText} \label{sproutdecrypt} Let $\InViewingKey = (\AuthPublic, \TransmitPrivate)$ be the recipient's \incomingViewingKey, and let $\TransmitPublic$ be the corresponding \transmissionKey derived from @@ -5288,7 +5342,7 @@ engineering rationale behind this encryption scheme. \sapling{ -\subsection{In-band secret distribution (\Sapling)} \label{saplinginband} +\subsection{In-band secret distribution (\SaplingText)} \label{saplinginband} In \Sapling, the secrets that need to be transmitted to a recipient of funds in order for them to later spend, are $\Diversifier$, $\Value$, and $\NoteCommitRand$. @@ -5319,7 +5373,7 @@ For both encryption and decryption, \sapling{ -\subsubsection{Encryption (\Sapling)} \label{saplingencrypt} +\subsubsection{Encryption (\SaplingText)} \label{saplingencrypt} Let $\DiversifiedTransmitPublicNew \typecolon \KASaplingPublicPrimeOrder$ be the \diversifiedTransmissionKey for the intended recipient address of a new \Sapling{} \note, @@ -5378,7 +5432,7 @@ received out-of-band, which are not addressed in this document. \sapling{ -\subsubsection{Decryption using an Incoming Viewing Key (\Sapling)} \label{saplingdecryptivk} +\subsubsection{Decryption using an Incoming Viewing Key (\SaplingText)} \label{saplingdecryptivk} Let $\InViewingKey \typecolon \InViewingKeyTypeSapling$ be the recipient's \incomingViewingKey, as specified in \crossref{saplingkeycomponents}. @@ -5428,7 +5482,7 @@ contain the \transaction in which a \note was output. \sapling{ -\subsubsection{Decryption using a Full Viewing Key (\Sapling)} \label{saplingdecryptovk} +\subsubsection{Decryption using a Full Viewing Key (\SaplingText)} \label{saplingdecryptovk} Let $\OutViewingKey \typecolon \OutViewingKeyType$ be the \outgoingViewingKey, as specified in \crossref{saplingkeycomponents}, that is to be used for decryption. @@ -5477,7 +5531,7 @@ The \outgoingViewingKey holder will attempt to decrypt the \noteCiphertext as fo $\ephemeralKey = \LEBStoOSP{\ellJ}\big(\reprJ\Of{\EphemeralPublic}\kern-0.15em\big)$.} -\subsection{\Blockchain{} Scanning\pSproutOrNothing} \label{sproutscan} +\subsection{\Blockchain{} Scanning\pSproutOrNothingText} \label{sproutscan} The following algorithm can be used, given the \blockchain and a \SproutOrNothing{} \spendingKey $\AuthPrivate$, to obtain each \note sent @@ -5528,7 +5582,7 @@ be the \incomingViewingKey corresponding to $\AuthPrivate$, and let $\TransmitPu \sapling{ -\subsection{\Blockchain{} Scanning (\Sapling)} \label{saplingscan} +\subsection{\Blockchain{} Scanning (\SaplingText)} \label{saplingscan} In \Sapling, \blockchain scanning requires only the $\AuthProvePublic$ and $\InViewingKey$ key components, rather than a \spendingKey as in \Sprout. @@ -6583,7 +6637,7 @@ block count and $64$-bit nonce as in the original definition of $\SymCipher$. \subsubsection{\KeyAgreementAndDerivation} \label{concretekaandkdf} -\subsubsubsection{\SproutOrNothing \KeyAgreement} \label{concretesproutkeyagreement} +\subsubsubsection{\SproutOrNothingText{} \KeyAgreement} \label{concretesproutkeyagreement} \changed{ $\KASprout$ is a \keyAgreementScheme as specified in \crossref{abstractkeyagreement}. @@ -6618,7 +6672,7 @@ Define $\KASproutAgree(n, q) := \KASproutCurveMultiply(n, q)$. } \introsection -\subsubsubsection{\SproutOrNothing \KeyDerivation} \label{concretesproutkdf} +\subsubsubsection{\SproutOrNothingText{} \KeyDerivation} \label{concretesproutkdf} \newsavebox{\kdftagbox} \begin{lrbox}{\kdftagbox} @@ -6662,7 +6716,7 @@ $\BlakeTwobOf{256}{p, x}$ is defined in \crossref{concreteblake2}. \sapling{ -\subsubsubsection{\Sapling \KeyAgreement} \label{concretesaplingkeyagreement} +\subsubsubsection{\SaplingText{} \KeyAgreement} \label{concretesaplingkeyagreement} $\KASapling$ is a \keyAgreementScheme as specified in \crossref{abstractkeyagreement}. @@ -6695,7 +6749,7 @@ Define $\KASaplingAgree(\sk, P) := \scalarmult{\ParamJ{h} \mult \sk}{P}$. \end{lrbox} \sapling{ -\subsubsubsection{\Sapling \KeyDerivation} \label{concretesaplingkdf} +\subsubsubsection{\SaplingText{} \KeyDerivation} \label{concretesaplingkdf} $\KDFSapling$ is a \keyDerivationFunction as specified in \crossref{abstractkdf}. @@ -6984,7 +7038,7 @@ the public key with respect to the base $\ValueCommitRandBase$. \introlist \subsubsection{Commitment schemes} \label{concretecommit} -\subsubsubsection{\SproutOrNothing{} \NoteCommitments} \label{concretesproutnotecommit} +\subsubsubsection{\SproutOrNothingText{} \NoteCommitments} \label{concretesproutnotecommit} \newsavebox{\cmbox} \begin{lrbox}{\cmbox} @@ -7996,7 +8050,7 @@ These are encoded in the same way as in \Bitcoin \cite{Bitcoin-Base58}, for both the production and test networks. -\subsubsection{\SproutOrNothing \PaymentAddresses} \label{sproutpaymentaddrencoding} +\subsubsection{\SproutOrNothingText{} \PaymentAddresses} \label{sproutpaymentaddrencoding} A \SproutOrNothing \paymentAddress consists of $\AuthPublic \typecolon \PRFOutputSprout$ and $\TransmitPublic \typecolon \KASproutPublic$. @@ -8041,7 +8095,7 @@ cause the first two characters of the Base58Check encoding to be fixed as \sapling{ -\subsubsection{\Sapling \PaymentAddresses} \label{saplingpaymentaddrencoding} +\subsubsection{\SaplingText{} \PaymentAddresses} \label{saplingpaymentaddrencoding} A \Sapling \paymentAddress consists of $\Diversifier \typecolon \DiversifierType$ and $\DiversifiedTransmitPublic \typecolon \KASaplingPublicPrimeOrder$. @@ -8077,7 +8131,7 @@ For addresses on the test network, the \humanReadablePart is \ascii{ztestsapling } -\subsubsection{\SproutOrNothing \IncomingViewingKeys} \label{sproutinviewingkeyencoding} +\subsubsection{\SproutOrNothingText{} \IncomingViewingKeys} \label{sproutinviewingkeyencoding} \changed{ An \incomingViewingKey consists of $\AuthPublic \typecolon \PRFOutputSprout$ and @@ -8133,7 +8187,7 @@ cause the first four characters of the Base58Check encoding to be fixed as \sapling{ -\subsubsection{\Sapling \IncomingViewingKeys} \label{saplinginviewingkeyencoding} +\subsubsection{\SaplingText{} \IncomingViewingKeys} \label{saplinginviewingkeyencoding} Let $\InViewingKeyLength$ be as defined in \crossref{constants}. @@ -8167,7 +8221,7 @@ For \incomingViewingKeys on the test network, the \humanReadablePart is \ascii{z \sapling{ -\subsubsection{\Sapling \FullViewingKeys} \label{saplingfullviewingkeyencoding} +\subsubsection{\SaplingText{} \FullViewingKeys} \label{saplingfullviewingkeyencoding} A \Sapling \fullViewingKey consists of $\AuthSignPublic \typecolon \SubgroupJstar$, $\AuthProvePublic \typecolon \SubgroupJ$, and $\OutViewingKey \typecolon \byteseq{\OutViewingKeyLength/8}$. @@ -8203,7 +8257,7 @@ For \incomingViewingKeys on the test network, the \humanReadablePart is \ascii{z \introsection -\subsubsection{\SproutOrNothing \SpendingKeys} \label{sproutspendingkeyencoding} +\subsubsection{\SproutOrNothingText{} \SpendingKeys} \label{sproutspendingkeyencoding} A \SproutOrNothing \spendingKey consists of $\AuthPrivate$, which is a sequence of \changed{$252$} bits (see \crossref{sproutkeycomponents}). @@ -8252,7 +8306,7 @@ The zero padding occupies the most significant 4 bits of the third byte. \sapling{ -\subsubsection{\Sapling \SpendingKeys} \label{saplingspendingkeyencoding} +\subsubsection{\SaplingText{} \SpendingKeys} \label{saplingspendingkeyencoding} A \Sapling \spendingKey consists of $\SpendingKey \typecolon \SpendingKeyType$ (see \crossref{saplingkeycomponents}). @@ -8403,7 +8457,7 @@ upgrade-supporting nodes \MUST allow for this. \intropart -\section{Consensus Changes from \Bitcoin} +\section{Consensus Changes from \BitcoinText} \label{consensusfrombitcoin} \subsection{Encoding of \Transactions} \label{txnencoding} @@ -9429,7 +9483,7 @@ and would require an RFC in order to do so.) \introsection -\section{Differences from the Zerocash paper} \label{differences} +\section{Differences from the \ZerocashText{} paper} \label{differences} \subsection{Transaction Structure} \label{trstructure} @@ -9884,7 +9938,7 @@ to resist parallel brute force in the multi-user setting: \notsprout{for \Sprout $\AuthPrivate$ is $252$ bits, and $\TransmitPrivate$ is no shorter than $\AuthPrivate$. -\subsection{Omission in \Zerocash security proof} \label{crprf} +\subsection{Omission in \ZerocashText{} security proof} \label{crprf} The abstract \Zerocash protocol requires $\PRFaddr{}$ only to be a PRF; it is not specified to be \collisionResistant\!. This reveals a flaw in @@ -10043,6 +10097,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}. \begin{itemize} \item Experimental support for building using Lua\TeX{} and Xe\TeX. + \item Add an \snarkref{Index}{index}. \end{itemize} \introlist @@ -12507,7 +12562,7 @@ final $\xor$ operations), but not the message bits. \vspace{20ex} \intropart -\subsection{The Sapling Spend circuit} \label{cctsaplingspend} +\subsection{The \SaplingText{} Spend circuit} \label{cctsaplingspend} The \Sapling Spend \statement is defined in \crossref{spendstatement}. @@ -12683,7 +12738,7 @@ $\NoteCommitRandRepr$, $\ValueCommitRandRepr$, and $\vOldRepr$ as bit sequences \introsection -\subsection{The Sapling Output circuit} \label{cctsaplingoutput} +\subsection{The \SaplingText{} Output circuit} \label{cctsaplingoutput} The \Sapling Output \statement is defined in \crossref{outputstatement}. @@ -12976,4 +13031,11 @@ the cost of batched verification is therefore } %notsprout +\appendix +\phantomsection +\addcontentsline{toc}{section}{\larger{Index}} \label{index} +\begin{flushleft} +\printindex +\end{flushleft} + \end{document}