zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Protocol spec: Initial index support. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2019-07-08 22:42:16 +01:00
parent a5e5f3e307
commit 6e2b8f0ebf
5 changed files with 317 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
protocol/Makefile
View File

@ -93,6 +93,7 @@ nolatexmk-sprout:
biber sprout biber sprout
$(LATEX) -jobname=sprout protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=sprout protocol.tex || { touch incremental_merkle.png; exit 1; }
$(LATEX) -jobname=sprout protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=sprout protocol.tex || { touch incremental_merkle.png; exit 1; }
sh mymakeindex.sh -o sprout.ind sprout.idx
$(LATEX) -jobname=sprout protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=sprout protocol.tex || { touch incremental_merkle.png; exit 1; }
.PHONY: nolatexmk-sapling .PHONY: nolatexmk-sapling
@ -104,6 +105,7 @@ nolatexmk-sapling:
biber sapling biber sapling
$(LATEX) -jobname=sapling protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=sapling protocol.tex || { touch incremental_merkle.png; exit 1; }
$(LATEX) -jobname=sapling protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=sapling protocol.tex || { touch incremental_merkle.png; exit 1; }
sh mymakeindex.sh -o sapling.ind sapling.idx
$(LATEX) -jobname=sapling protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=sapling protocol.tex || { touch incremental_merkle.png; exit 1; }
.PHONY: nolatexmk-blossom .PHONY: nolatexmk-blossom
@ -115,6 +117,7 @@ nolatexmk-blossom:
biber blossom biber blossom
$(LATEX) -jobname=blossom protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=blossom protocol.tex || { touch incremental_merkle.png; exit 1; }
$(LATEX) -jobname=blossom protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=blossom protocol.tex || { touch incremental_merkle.png; exit 1; }
sh mymakeindex.sh -o blossom.ind blossom.idx
$(LATEX) -jobname=blossom protocol.tex || { touch incremental_merkle.png; exit 1; } $(LATEX) -jobname=blossom protocol.tex || { touch incremental_merkle.png; exit 1; }
.PHONY: html .PHONY: html
@ -129,10 +132,13 @@ clean:
rm -f aux/* html/* protocol.ver \ rm -f aux/* html/* protocol.ver \
sprout.dvi sprout.pdf sprout.bbl sprout.blg sprout.brf sprout.toc \ sprout.dvi sprout.pdf sprout.bbl sprout.blg sprout.brf sprout.toc \
sprout.aux sprout.out sprout.log sprout.bcf sprout.run.xml sprout.fls sprout.fdb_latexmk \ sprout.aux sprout.out sprout.log sprout.bcf sprout.run.xml sprout.fls sprout.fdb_latexmk \
sprout.idx sprout.ilg sprout.ind sprout.ind.original \
sapling.dvi sapling.pdf sapling.bbl sapling.blg sapling.brf sapling.toc \ sapling.dvi sapling.pdf sapling.bbl sapling.blg sapling.brf sapling.toc \
sapling.aux sapling.out sapling.log sapling.bcf sapling.run.xml sapling.fls sapling.fdb_latexmk \ sapling.aux sapling.out sapling.log sapling.bcf sapling.run.xml sapling.fls sapling.fdb_latexmk \
sapling.idx sapling.ilg sapling.ind sapling.ind.original \
blossom.dvi blossom.pdf blossom.bbl blossom.blg blossom.brf blossom.toc \ blossom.dvi blossom.pdf blossom.bbl blossom.blg blossom.brf blossom.toc \
blossom.aux blossom.out blossom.log blossom.bcf blossom.run.xml blossom.fls blossom.fdb_latexmk blossom.aux blossom.out blossom.log blossom.bcf blossom.run.xml blossom.fls blossom.fdb_latexmk \
blossom.idx blossom.ilg blossom.ind blossom.ind.original
.PHONY: optsprout .PHONY: optsprout
optsprout: optsprout:

2
protocol/README.rst
View File

@ -7,7 +7,7 @@ Build dependencies on Debian-based systems include, at least:
.. code:: .. code::
apt-get install texlive texlive-science texlive-fonts-extra \ apt-get install texlive texlive-science texlive-fonts-extra \
texlive-generic-recommended texlive-bibtex-extra biber latexmk texlive-generic-recommended texlive-bibtex-extra biber latexmk perl
To use the targets described under "Optimizing PDF size", you will also To use the targets described under "Optimizing PDF size", you will also
need the `ghostscript`, `extractpdfmark`, and `awk` packages. need the `ghostscript`, `extractpdfmark`, and `awk` packages.

1
protocol/latexmkrc Normal file
View File

@ -0,0 +1 @@
$makeindex = 'sh mymakeindex.sh -o %D %O %S';

29
protocol/mymakeindex.sh Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
set -e
makeindex $*
# We want to change things like:
# \hyperindexformat{\definingstyle}{17},
# \hyperindexformat{\normalstyle}{17},
# to just
# \hyperindexformat{\definingstyle}{17},
#
# and change:
# \hyperindexformat{\definingstyle}{17},
# \hyperindexformat{\normalstyle}{17, 18},
# to
# \hyperindexformat{\definingstyle}{17},
# \hyperindexformat{\normalstyle}{18},
#
# and change:
# \hyperindexformat{\definingstyle}{17},
# \hyperindexformat{\normalstyle}{17--19},
# to
# \hyperindexformat{\definingstyle}{17},
# \hyperindexformat{\normalstyle}{\increment{17}--19},
echo Postprocessing index file "$2"...
perl -i.original -p0e 's/(?s)(\\hyperindexformat[{]\\definingstyle[}][{])(\d+)[}],\s*.\s*\\hyperindexformat[{]\\normalstyle[}][{]\2[}]/\1\2}/sg' "$2"
perl -i -p0e 's/(?s)(\\hyperindexformat[{]\\definingstyle[}][{])(\d+)([}],\s*.\s*\\hyperindexformat[{]\\normalstyle[}][{])\2,\s*([\d,-\s]+[}])/\1\2\3\4/sg' "$2"
perl -i -p0e 's/(?s)(\\hyperindexformat[{]\\definingstyle[}][{])(\d+)([}],\s*.\s*\\hyperindexformat[{]\\normalstyle[}][{])\2--([\d,-\s]+[}])/\1\2\3\\increment{\2}--\4/sg' "$2"
#diff --context=3 "$2.original" "$2"

496
protocol/protocol.tex
View File

@ -40,6 +40,15 @@
\usepackage{xstring} \usepackage{xstring}
\usepackage[usenames,dvipsnames]{xcolor} \usepackage[usenames,dvipsnames]{xcolor}
% Must be loaded before hyperref. <https://tex.stackexchange.com/a/22014/78411>
% noautomatic is used because either latexmk or the Makefile will take care of running
% mymakeindex.sh (which runs makeindex and then fixes duplicate page numbers).
\usepackage{imakeidx}
\makeindex[noautomatic,columnsep=2.5em]
% This is used by mymakeindex.sh in some cases. <https://stackoverflow.com/a/49406814/393146>
\newcommand{\increment}[1]{\the\numexpr #1+1\relax}
% The pdfa option has the side effect of preserving hyperlinks when the PDF is % The pdfa option has the side effect of preserving hyperlinks when the PDF is
% processed by Ghostscript (an alternative way of doing that would be to use % processed by Ghostscript (an alternative way of doing that would be to use
% -dPrinted=false on the Ghostscript command line). The resulting document will % -dPrinted=false on the Ghostscript command line). The resulting document will
@ -98,6 +107,12 @@
%\newcommand{\textbnx}[1]{{\fontseries{b}\selectfont #1}} %\newcommand{\textbnx}[1]{{\fontseries{b}\selectfont #1}}
\newcommand{\textbnx}[1]{\textbf{#1}} \newcommand{\textbnx}[1]{\textbf{#1}}
% <https://tex.stackexchange.com/a/236822/78411>
\makeatletter
\def\@idxitem{\par\vspace{0.75ex plus 0.1ex minus 0.1ex}\hangindent 4em}
\def\subitem{\par\hangindent 6.5em \hspace*{2.5em}}
\def\subsubitem{\par\hangindent 9em \hspace*{5em}}
\makeatother
\crefformat{footnote}{#2\footnotemark[#1]#3} \crefformat{footnote}{#2\footnotemark[#1]#3}
@ -479,28 +494,67 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
% Terminology % Terminology
\newcommand{\term}[1]{\textsl{#1}\kern 0.05em\xspace} \newcommand{\indextype}{normalstyle}
\newcommand{\titleterm}[1]{#1} \newcommand{\normalstyle}[1]{#1}
\newcommand{\termbf}[1]{\textbf{#1}\xspace} \newcommand{\definingstyle}[1]{\textit{\textbf{#1}}\kern 0.05em}
\newcommand{\quotedterm}[1]{``~\!\!\term{#1}''} \newcommand{\defining}[1]{{\renewcommand{\indextype}{definingstyle}#1}}
\newcommand{\conformance}[1]{\textbnx{#1}\xspace}
\newcommand{\Zcash}{\termbf{Zcash}} % The arguments are: {link_as_formatted}{index_sort_key}{index_as_formatted}.
%
% \index goes after the term so that the page reference is correct if at the start of a page (see
% <https://tex.stackexchange.com/questions/476644/how-can-i-define-an-new-index-command-that-works-better-for-paragraphs>,
% although our solution is different).
% The method of linking to the index is inspired by <https://tex.stackexchange.com/a/399776/78411>.
% \texorpdfstring doesn't actually work here other than to cause an error if we would end up with a
% link in a heading, rather than a hang.
\newcommand{\indexlink}[3]{\texorpdfstring{\hypersetup{pdfborderstyle=/W 0}\hyperlink{index:#2}{#1}%
\hypersetup{pdfborderstyle={/S/U/W 0.7}}\index{#2@{\protect\hypertarget{index:#2}{}\linkstrut\smash{#3}}|\indextype}}{}\xspace}
\newcommand{\rawterm}[1]{\textsl{#1}\kern 0.05em}
\newcommand{\termnoindex}[1]{\rawterm{#1}\xspace}
\newcommand{\termandindex}[2]{\indexlink{\rawterm{#1}}{#2}{#2}}
\newcommand{\term}[1]{\termandindex{#1}{#1}}
\newcommand{\terms}[1]{\termandindex{#1s}{#1}}
\newcommand{\termes}[1]{\termandindex{#1es}{#1}}
\newcommand{\termx}[1]{\termandindex{\MakeUppercase #1}{#1}}
\newcommand{\termxs}[1]{\termandindex{\MakeUppercase #1s}{#1}}
\newcommand{\termxes}[1]{\termandindex{\MakeUppercase #1es}{#1}}
\newcommand{\titleterm}[1]{#1}
\newcommand{\titleterms}[1]{#1s}
\newcommand{\titletermes}[1]{#1es}
\newcommand{\termbfnoindex}[1]{\textbf{#1}\xspace}
\newcommand{\termbf}[1]{\indexlink{\textbf{#1}}{#1}{\textbf{#1}}}
\newcommand{\termsf}[1]{\indexlink{\textsf{#1}}{#1}{\textsf{#1}}}
\newcommand{\conformance}[1]{\indexlink{\textbnx{#1}}{#1}{\textbnx{#1}}}
\newcommand{\quotedtermnoindex}[1]{``~\!\!\termnoindex{#1}''}
\newcommand{\quotedtermandindex}[2]{``~\!\!\termandindex{#1}{#2}''}
\newcommand{\quotedterm}[1]{``~\!\!\term{#1}''}
\newcommand{\definingquotedterm}[1]{\defining{\quotedterm{#1}}}
\newcommand{\Zcash}{\termbfnoindex{Zcash}}
\newcommand{\Zerocash}{\termbf{Zerocash}} \newcommand{\Zerocash}{\termbf{Zerocash}}
\newcommand{\ZerocashText}{\textbf{Zerocash}}
\newcommand{\Sprout}{\termbf{Sprout}} \newcommand{\Sprout}{\termbf{Sprout}}
\newcommand{\SproutText}{\textbf{Sprout}}
\newcommand{\SproutOrZcash}{\notsprout{\Sprout}\sprout{\Zcash}} \newcommand{\SproutOrZcash}{\notsprout{\Sprout}\sprout{\Zcash}}
\newcommand{\SproutOrNothing}{\notsprout{\Sprout}} \newcommand{\SproutOrNothing}{\notsprout{\Sprout}}
\newcommand{\SproutOrNothingText}{\notsprout{\SproutText}}
\newcommand{\pSproutOrNothing}{\notsprout{ (\Sprout)}} \newcommand{\pSproutOrNothing}{\notsprout{ (\Sprout)}}
\newcommand{\pSproutOrNothingText}{\notsprout{ (\SproutText)}}
\newcommand{\Overwinter}{\termbf{Overwinter}} \newcommand{\Overwinter}{\termbf{Overwinter}}
\newcommand{\OverwinterText}{\textbf{Overwinter}}
\newcommand{\Sapling}{\termbf{Sapling}} \newcommand{\Sapling}{\termbf{Sapling}}
\newcommand{\SaplingText}{\textbf{Sapling}}
\newcommand{\Blossom}{\termbf{Blossom}} \newcommand{\Blossom}{\termbf{Blossom}}
\newcommand{\BlossomText}{\textbf{Blossom}}
\newcommand{\Bitcoin}{\termbf{Bitcoin}} \newcommand{\Bitcoin}{\termbf{Bitcoin}}
\newcommand{\BitcoinText}{\textbf{Bitcoin}}
\newcommand{\CryptoNote}{\termbf{CryptoNote}} \newcommand{\CryptoNote}{\termbf{CryptoNote}}
\newcommand{\Mimblewimble}{\termbf{Mimblewimble}} \newcommand{\Mimblewimble}{\termbf{Mimblewimble}}
\newcommand{\Bulletproofs}{\termbf{Bulletproofs}} \newcommand{\Bulletproofs}{\termbf{Bulletproofs}}
\newcommand{\ZEC}{\termbf{ZEC}} \newcommand{\ZEC}{\termbf{ZEC}}
\newcommand{\zatoshi}{\term{zatoshi}} \newcommand{\zatoshi}{\term{zatoshi}}
\newcommand{\zcashd}{\textsf{zcashd}\,} \newcommand{\zcashd}{\termsf{zcashd}}
\newcommand{\MUST}{\conformance{MUST}} \newcommand{\MUST}{\conformance{MUST}}
\newcommand{\MUSTNOT}{\conformance{MUST NOT}} \newcommand{\MUSTNOT}{\conformance{MUST NOT}}
@ -514,80 +568,80 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\collisionResistance}{collision resistance } \newcommand{\collisionResistance}{collision resistance }
\newcommand{\keyPrivacy}{\term{key privacy}} \newcommand{\keyPrivacy}{\term{key privacy}}
\newcommand{\xKeyPrivacy}{\term{Key privacy}} \newcommand{\xKeyPrivacy}{\termx{key privacy}}
\newcommand{\keyPrivate}{\term{key\hyp private}} \newcommand{\keyPrivate}{\termandindex{key\hyp private}{key privacy}}
\newcommand{\xKeyPrivate}{\term{Key\hyp private}} \newcommand{\xKeyPrivate}{\termandindex{Key\hyp private}{key privacy}}
\newcommand{\note}{\term{note}} \newcommand{\note}{\term{note}}
\newcommand{\notes}{\term{notes}} \newcommand{\notes}{\terms{note}}
\newcommand{\Note}{\titleterm{Note}} \newcommand{\Note}{\titleterm{Note}}
\newcommand{\Notes}{\titleterm{Notes}} \newcommand{\Notes}{\titleterms{Note}}
\newcommand{\dummy}{\term{dummy}} \newcommand{\dummy}{\term{dummy}}
\newcommand{\dummyNotes}{\term{dummy notes}} \newcommand{\dummyNotes}{\term{dummy notes}}
\newcommand{\DummyNotes}{\titleterm{Dummy Notes}} \newcommand{\DummyNotes}{\titleterms{Dummy Note}}
\newcommand{\commitmentScheme}{\term{commitment scheme}} \newcommand{\commitmentScheme}{\term{commitment scheme}}
\newcommand{\commitmentSchemes}{\term{commitment schemes}} \newcommand{\commitmentSchemes}{\terms{commitment scheme}}
\newcommand{\commitmentTrapdoor}{\term{commitment trapdoor}} \newcommand{\commitmentTrapdoor}{\term{commitment trapdoor}}
\newcommand{\commitmentTrapdoors}{\term{commitment trapdoors}}
\newcommand{\trapdoor}{\term{trapdoor}}
\newcommand{\xCommitment}{\term{commitment}} \newcommand{\xCommitment}{\term{commitment}}
\newcommand{\commitmentTrapdoors}{\terms{commitment trapdoor}}
\newcommand{\trapdoor}{\termandindex{trapdoor}{trapdoor (of a commitment)}}
\newcommand{\noteCommitment}{\term{note commitment}} \newcommand{\noteCommitment}{\term{note commitment}}
\newcommand{\noteCommitments}{\term{note commitments}} \newcommand{\noteCommitments}{\terms{note commitment}}
\newcommand{\xNoteCommitments}{\term{Note commitments}} \newcommand{\xNoteCommitments}{\termxs{note commitment}}
\newcommand{\NoteCommitment}{\titleterm{Note Commitment}} \newcommand{\NoteCommitment}{\titleterm{Note Commitment}}
\newcommand{\NoteCommitments}{\titleterm{Note Commitments}} \newcommand{\NoteCommitments}{\titleterms{Note Commitment}}
\newcommand{\noteCommitmentTree}{\term{note commitment tree}} \newcommand{\noteCommitmentTree}{\term{note commitment tree}}
\newcommand{\noteCommitmentTrees}{\term{note commitment trees}} \newcommand{\noteCommitmentTrees}{\terms{note commitment tree}}
\newcommand{\NoteCommitmentTrees}{\titleterm{Note Commitment Trees}} \newcommand{\NoteCommitmentTrees}{\titleterms{Note Commitment Tree}}
\newcommand{\notePosition}{\term{note position}} \newcommand{\notePosition}{\term{note position}}
\newcommand{\notePositions}{\term{note positions}} \newcommand{\notePositions}{\terms{note position}}
\newcommand{\positionedNote}{\term{positioned note}} \newcommand{\positionedNote}{\term{positioned note}}
\newcommand{\positionedNotes}{\term{positioned notes}} \newcommand{\positionedNotes}{\terms{positioned note}}
\newcommand{\noteTraceabilitySet}{\term{note traceability set}} \newcommand{\noteTraceabilitySet}{\term{note traceability set}}
\newcommand{\noteTraceabilitySets}{\term{note traceability sets}} \newcommand{\noteTraceabilitySets}{\terms{note traceability set}}
\newcommand{\KeyComponents}{\titleterm{Key Components}} \newcommand{\KeyComponents}{\titleterms{Key Component}}
\newcommand{\valueCommitment}{\term{value commitment}} \newcommand{\valueCommitment}{\term{value commitment}}
\newcommand{\valueCommitments}{\term{value commitments}} \newcommand{\valueCommitments}{\terms{value commitment}}
\newcommand{\valueCommitmentScheme}{\term{value commitment scheme}} \newcommand{\valueCommitmentScheme}{\term{value commitment scheme}}
\newcommand{\joinSplitDescription}{\term{JoinSplit description}} \newcommand{\joinSplitDescription}{\term{JoinSplit description}}
\newcommand{\joinSplitDescriptions}{\term{JoinSplit descriptions}} \newcommand{\joinSplitDescriptions}{\terms{JoinSplit description}}
\newcommand{\JoinSplitDescriptions}{\titleterm{JoinSplit Descriptions}} \newcommand{\JoinSplitDescriptions}{\titleterms{JoinSplit Description}}
\newcommand{\sequenceOfJoinSplitDescriptions}{\changed{sequence of} \joinSplitDescription{}\kern -0.05em\changed{\term{s}}} \newcommand{\sequenceOfJoinSplitDescriptions}{\changed{sequence of} \joinSplitDescription{}\kern -0.05em\changed{\textsl{s}}}
\newcommand{\joinSplitTransfer}{\term{JoinSplit transfer}} \newcommand{\joinSplitTransfer}{\term{JoinSplit transfer}}
\newcommand{\joinSplitTransfers}{\term{JoinSplit transfers}} \newcommand{\joinSplitTransfers}{\terms{JoinSplit transfer}}
\newcommand{\JoinSplitTransfer}{\titleterm{JoinSplit Transfer}} \newcommand{\JoinSplitTransfer}{\titleterm{JoinSplit Transfer}}
\newcommand{\JoinSplitTransfers}{\titleterm{JoinSplit Transfers}} \newcommand{\JoinSplitTransfers}{\titleterms{JoinSplit Transfer}}
\newcommand{\joinSplitSignature}{\term{JoinSplit signature}} \newcommand{\joinSplitSignature}{\term{JoinSplit signature}}
\newcommand{\joinSplitSignatures}{\term{JoinSplit signatures}} \newcommand{\joinSplitSignatures}{\terms{JoinSplit signature}}
\newcommand{\JoinSplitSignature}{\titleterm{JoinSplit Signature}} \newcommand{\JoinSplitSignature}{\titleterm{JoinSplit Signature}}
\newcommand{\joinSplitSigningKey}{\term{JoinSplit signing key}} \newcommand{\joinSplitSigningKey}{\term{JoinSplit signing key}}
\newcommand{\joinSplitVerifyingKey}{\term{JoinSplit verifying key}} \newcommand{\joinSplitVerifyingKey}{\term{JoinSplit verifying key}}
\newcommand{\joinSplitCircuit}{\term{JoinSplit circuit}} \newcommand{\joinSplitCircuit}{\term{JoinSplit circuit}}
\newcommand{\joinSplitStatement}{\term{JoinSplit statement}} \newcommand{\joinSplitStatement}{\term{JoinSplit statement}}
\newcommand{\joinSplitStatements}{\term{JoinSplit statements}} \newcommand{\joinSplitStatements}{\terms{JoinSplit statement}}
\newcommand{\JoinSplitStatement}{\titleterm{JoinSplit Statement}} \newcommand{\JoinSplitStatement}{\titleterm{JoinSplit Statement}}
\newcommand{\joinSplitProof}{\term{JoinSplit proof}} \newcommand{\joinSplitProof}{\term{JoinSplit proof}}
\newcommand{\shieldedTransfer}{\term{shielded transfer}} \newcommand{\shieldedTransfer}{\term{shielded transfer}}
\newcommand{\shieldedTransfers}{\term{shielded transfers}} \newcommand{\shieldedTransfers}{\terms{shielded transfer}}
\newcommand{\shieldedSpend}{\term{shielded spend}} \newcommand{\shieldedSpend}{\term{shielded spend}}
\newcommand{\shieldedSpends}{\term{shielded spends}} \newcommand{\shieldedSpends}{\terms{shielded spend}}
\newcommand{\shieldedInput}{\term{shielded input}} \newcommand{\shieldedInput}{\term{shielded input}}
\newcommand{\shieldedInputs}{\term{shielded inputs}} \newcommand{\shieldedInputs}{\terms{shielded input}}
\newcommand{\spendDescription}{\term{Spend description}} \newcommand{\spendDescription}{\term{Spend description}}
\newcommand{\spendDescriptions}{\term{Spend descriptions}} \newcommand{\spendDescriptions}{\terms{Spend description}}
\newcommand{\SpendDescriptions}{\titleterm{Spend Descriptions}} \newcommand{\SpendDescriptions}{\titleterms{Spend Description}}
\newcommand{\spendTransfer}{\term{Spend transfer}} \newcommand{\spendTransfer}{\term{Spend transfer}}
\newcommand{\spendTransfers}{\term{Spend transfers}} \newcommand{\spendTransfers}{\terms{Spend transfer}}
\newcommand{\SpendTransfers}{\titleterm{Spend Transfers}} \newcommand{\SpendTransfers}{\titleterms{Spend Transfer}}
\newcommand{\spendCircuit}{\term{Spend circuit}} \newcommand{\spendCircuit}{\term{Spend circuit}}
\newcommand{\spendStatement}{\term{Spend statement}} \newcommand{\spendStatement}{\term{Spend statement}}
\newcommand{\spendStatements}{\term{Spend statements}} \newcommand{\spendStatements}{\terms{Spend statement}}
\newcommand{\SpendStatement}{\titleterm{Spend Statement}} \newcommand{\SpendStatement}{\titleterm{Spend Statement}}
\newcommand{\spendProof}{\term{Spend proof}} \newcommand{\spendProof}{\term{Spend proof}}
\newcommand{\spendAuthSignature}{\term{spend authorization signature}} \newcommand{\spendAuthSignature}{\term{spend authorization signature}}
\newcommand{\spendAuthSignatures}{\term{spend authorization signatures}} \newcommand{\spendAuthSignatures}{\terms{spend authorization signature}}
\newcommand{\spendAuthRandomizer}{\term{spend authorization randomizer}} \newcommand{\spendAuthRandomizer}{\term{spend authorization randomizer}}
\newcommand{\spendAuthRandomizers}{\term{spend authorization randomizers}} \newcommand{\spendAuthRandomizers}{\terms{spend authorization randomizer}}
\newcommand{\spendAuthAddressKey}{\term{spend authorization address key}} \newcommand{\spendAuthAddressKey}{\term{spend authorization address key}}
\newcommand{\spendAuthAddressKeys}{\term{spend authorization address key}} \newcommand{\spendAuthAddressKeys}{\term{spend authorization address key}}
\newcommand{\spendAuthPrivateKey}{\term{spend authorization private key}} \newcommand{\spendAuthPrivateKey}{\term{spend authorization private key}}
@ -595,54 +649,54 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\SpendAuthSignature}{\titleterm{Spend Authorization Signature}} \newcommand{\SpendAuthSignature}{\titleterm{Spend Authorization Signature}}
\newcommand{\spendAuthSignatureScheme}{\term{spend authorization signature scheme}} \newcommand{\spendAuthSignatureScheme}{\term{spend authorization signature scheme}}
\newcommand{\outputDescription}{\term{Output description}} \newcommand{\outputDescription}{\term{Output description}}
\newcommand{\outputDescriptions}{\term{Output descriptions}} \newcommand{\outputDescriptions}{\terms{Output description}}
\newcommand{\OutputDescriptions}{\titleterm{Output Descriptions}} \newcommand{\OutputDescriptions}{\titleterms{Output Description}}
\newcommand{\outputTransfer}{\term{Output transfer}} \newcommand{\outputTransfer}{\term{Output transfer}}
\newcommand{\outputTransfers}{\term{Output transfers}} \newcommand{\outputTransfers}{\terms{Output transfer}}
\newcommand{\OutputTransfers}{\titleterm{Output Transfers}} \newcommand{\OutputTransfers}{\titleterms{Output Transfer}}
\newcommand{\outputCircuit}{\term{Output circuit}} \newcommand{\outputCircuit}{\term{Output circuit}}
\newcommand{\outputStatement}{\term{Output statement}} \newcommand{\outputStatement}{\term{Output statement}}
\newcommand{\outputStatements}{\term{Output statements}} \newcommand{\outputStatements}{\terms{Output statement}}
\newcommand{\OutputStatement}{\titleterm{Output Statement}} \newcommand{\OutputStatement}{\titleterm{Output Statement}}
\newcommand{\outputProof}{\term{Output proof}} \newcommand{\outputProof}{\term{Output proof}}
\newcommand{\bindingSignature}{\term{binding signature}} \newcommand{\bindingSignature}{\term{binding signature}}
\newcommand{\bindingSignatures}{\term{binding signatures}} \newcommand{\bindingSignatures}{\terms{binding signature}}
\newcommand{\BindingSignature}{\titleterm{Binding Signature}} \newcommand{\BindingSignature}{\titleterm{Binding Signature}}
\newcommand{\bindingSignatureScheme}{\term{binding signature scheme}} \newcommand{\bindingSignatureScheme}{\term{binding signature scheme}}
\newcommand{\txBindingVerificationKey}{\term{transaction binding verification key}} \newcommand{\txBindingVerificationKey}{\term{transaction binding verification key}}
\newcommand{\balancingValue}{\term{balancing value}} \newcommand{\balancingValue}{\term{balancing value}}
\newcommand{\shieldedOutput}{\term{shielded output}} \newcommand{\shieldedOutput}{\term{shielded output}}
\newcommand{\shieldedOutputs}{\term{shielded outputs}} \newcommand{\shieldedOutputs}{\terms{shielded output}}
\newcommand{\statement}{\term{statement}} \newcommand{\statement}{\term{statement}}
\newcommand{\statements}{\term{statements}} \newcommand{\statements}{\terms{statement}}
\newcommand{\ZkSNARKStatements}{\titleterm{Zk-SNARK Statement\notsprout{s}}} \newcommand{\ZkSNARKStatements}{\titleterm{Zk-SNARK Statement}\notsprout{s}}
\newcommand{\zkProof}{\term{zk proof}} \newcommand{\zkProof}{\term{zk proof}}
\newcommand{\zeroKnowledgeProof}{\term{zero-knowledge proof}} \newcommand{\zeroKnowledgeProof}{\term{zero-knowledge proof}}
\newcommand{\zeroKnowledgeProofs}{\term{zero-knowledge proofs}} \newcommand{\zeroKnowledgeProofs}{\terms{zero-knowledge proof}}
\newcommand{\provingSystem}{\term{proving system}} \newcommand{\provingSystem}{\term{proving system}}
\newcommand{\provingSystems}{\term{proving systems}} \newcommand{\provingSystems}{\terms{proving system}}
\newcommand{\zeroKnowledgeProvingSystem}{\term{zero-knowledge proving system}} \newcommand{\zeroKnowledgeProvingSystem}{\term{zero-knowledge proving system}}
\newcommand{\ZeroKnowledgeProvingSystem}{\titleterm{Zero-Knowledge Proving System}} \newcommand{\ZeroKnowledgeProvingSystem}{\titleterm{Zero-Knowledge Proving System}}
\newcommand{\ZeroKnowledgeProvingSystems}{\titleterm{Zero-Knowledge Proving Systems}} \newcommand{\ZeroKnowledgeProvingSystems}{\titleterms{Zero-Knowledge Proving System}}
\newcommand{\quadraticConstraintProgram}{\term{quadratic constraint program}} \newcommand{\quadraticConstraintProgram}{\term{quadratic constraint program}}
\newcommand{\quadraticConstraintPrograms}{\term{quadratic constraint programs}} \newcommand{\quadraticConstraintPrograms}{\terms{quadratic constraint program}}
\newcommand{\QuadraticConstraintPrograms}{\titleterm{Quadratic Constraint Programs}} \newcommand{\QuadraticConstraintPrograms}{\titleterms{Quadratic Constraint Program}}
\newcommand{\quadraticArithmeticProgram}{\term{Quadratic Arithmetic Program}} \newcommand{\quadraticArithmeticProgram}{\term{Quadratic Arithmetic Program}}
\newcommand{\quadraticArithmeticPrograms}{\term{Quadratic Arithmetic Programs}} \newcommand{\quadraticArithmeticPrograms}{\terms{Quadratic Arithmetic Program}}
\newcommand{\linearCombination}{\term{linear combination}} \newcommand{\linearCombination}{\term{linear combination}}
\newcommand{\linearCombinations}{\term{linear combinations}} \newcommand{\linearCombinations}{\terms{linear combination}}
\newcommand{\representedGroup}{\term{represented group}} \newcommand{\representedGroup}{\term{represented group}}
\newcommand{\representedGroups}{\term{represented groups}} \newcommand{\representedGroups}{\terms{represented group}}
\newcommand{\RepresentedGroup}{\titleterm{Represented Group}} \newcommand{\RepresentedGroup}{\titleterm{Represented Group}}
\newcommand{\representedSubgroup}{\term{represented subgroup}} \newcommand{\representedSubgroup}{\term{represented subgroup}}
\newcommand{\representedSubgroups}{\term{represented subgroups}} \newcommand{\representedSubgroups}{\terms{represented subgroup}}
\newcommand{\hashExtractor}{\term{hash extractor}} \newcommand{\hashExtractor}{\term{hash extractor}}
\newcommand{\HashExtractor}{\titleterm{Hash Extractor}} \newcommand{\HashExtractor}{\titleterm{Hash Extractor}}
\newcommand{\groupHash}{\term{group hash}} \newcommand{\groupHash}{\term{group hash}}
\newcommand{\groupHashes}{\term{group hashes}} \newcommand{\groupHashes}{\termes{group hash}}
\newcommand{\representedPairing}{\term{represented pairing}} \newcommand{\representedPairing}{\term{represented pairing}}
\newcommand{\RepresentedPairing}{\titleterm{Represented Pairing}} \newcommand{\RepresentedPairing}{\titleterm{Represented Pairing}}
\newcommand{\RepresentedGroupsAndPairings}{\titleterm{Represented Groups and Pairings}} \newcommand{\RepresentedGroupsAndPairings}{\titleterms{Represented Groups and Pairing}}
\newcommand{\BCTV}{\mathsf{BCTV14}} \newcommand{\BCTV}{\mathsf{BCTV14}}
\newcommand{\Groth}{\mathsf{Groth16}} \newcommand{\Groth}{\mathsf{Groth16}}
\newcommand{\GrothText}{\texorpdfstring{$\Groth$}{Groth16}} \newcommand{\GrothText}{\texorpdfstring{$\Groth$}{Groth16}}
@ -656,224 +710,224 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\jubjubCurve}{\term{Jubjub curve}} \newcommand{\jubjubCurve}{\term{Jubjub curve}}
\newcommand{\Jubjub}{\titleterm{Jubjub}} \newcommand{\Jubjub}{\titleterm{Jubjub}}
\newcommand{\completeTwistedEdwardsEllipticCurve}{\term{complete twisted Edwards elliptic curve}} \newcommand{\completeTwistedEdwardsEllipticCurve}{\term{complete twisted Edwards elliptic curve}}
\newcommand{\completeTwistedEdwardsEllipticCurves}{\term{complete twisted Edwards elliptic curves}} \newcommand{\completeTwistedEdwardsEllipticCurves}{\terms{complete twisted Edwards elliptic curve}}
\newcommand{\MontgomeryEllipticCurve}{\term{Montgomery elliptic curve}} \newcommand{\MontgomeryEllipticCurve}{\term{Montgomery elliptic curve}}
\newcommand{\MontgomeryEllipticCurves}{\term{Montgomery elliptic curves}} \newcommand{\MontgomeryEllipticCurves}{\terms{Montgomery elliptic curve}}
\newcommand{\uniformRandomString}{\term{Uniform Random String}} \newcommand{\uniformRandomString}{\term{Uniform Random String}}
\newcommand{\uniformRandomStrings}{\term{Uniform Random Strings}} \newcommand{\uniformRandomStrings}{\terms{Uniform Random String}}
\newcommand{\BNRepresentedPairing}{\titleterm{BN-254}} \newcommand{\BNRepresentedPairing}{\titleterm{BN-254}}
\newcommand{\BLSRepresentedPairing}{\titleterm{BLS12-381}} \newcommand{\BLSRepresentedPairing}{\titleterm{BLS12-381}}
\newcommand{\ppzkSNARK}{\term{preprocessing zk-SNARK}} \newcommand{\ppzkSNARK}{\term{preprocessing zk-SNARK}}
\newcommand{\provingKey}{\term{proving key}} \newcommand{\provingKey}{\term{proving key}}
\newcommand{\provingKeys}{\term{proving keys}} \newcommand{\provingKeys}{\terms{proving key}}
\newcommand{\zkProvingKeys}{\term{zero-knowledge proving keys}} \newcommand{\zkProvingKeys}{\terms{zero-knowledge proving key}}
\newcommand{\verifyingKey}{\term{verifying key}} \newcommand{\verifyingKey}{\term{verifying key}}
\newcommand{\verifyingKeys}{\term{verifying keys}} \newcommand{\verifyingKeys}{\terms{verifying key}}
\newcommand{\zkVerifyingKeys}{\term{zero-knowledge verifying keys}} \newcommand{\zkVerifyingKeys}{\terms{zero-knowledge verifying key}}
\newcommand{\joinSplitParameters}{\term{JoinSplit parameters}} \newcommand{\joinSplitParameters}{\term{JoinSplit parameters}}
\newcommand{\BCTVZKParameters}{\titleterm{BCTV14 zk-SNARK Parameters}} \newcommand{\BCTVZKParameters}{\titleterm{BCTV14 zk-SNARK Parameters}}
\newcommand{\GrothZKParameters}{\titleterm{Groth16 zk-SNARK Parameters}} \newcommand{\GrothZKParameters}{\titleterm{Groth16 zk-SNARK Parameters}}
\newcommand{\rankOneConstraintSystem}{\term{Rank 1 Constraint System}} \newcommand{\rankOneConstraintSystem}{\term{Rank 1 Constraint System}}
\newcommand{\primary}{\term{primary}} \newcommand{\primary}{\termandindex{primary}{primary input}}
\newcommand{\primaryInput}{\term{primary input}} \newcommand{\primaryInput}{\term{primary input}}
\newcommand{\primaryInputs}{\term{primary inputs}} \newcommand{\primaryInputs}{\terms{primary input}}
\newcommand{\auxiliaryInput}{\term{auxiliary input}} \newcommand{\auxiliaryInput}{\term{auxiliary input}}
\newcommand{\auxiliaryInputs}{\term{auxiliary inputs}} \newcommand{\auxiliaryInputs}{\terms{auxiliary input}}
\newcommand{\fullValidator}{\term{full validator}} \newcommand{\fullValidator}{\term{full validator}}
\newcommand{\fullValidators}{\term{full validators}} \newcommand{\fullValidators}{\terms{full validator}}
\newcommand{\consensusRuleChange}{\term{consensus rule change}} \newcommand{\consensusRuleChange}{\term{consensus rule change}}
\newcommand{\anchor}{\term{anchor}} \newcommand{\anchor}{\term{anchor}}
\newcommand{\anchors}{\term{anchors}} \newcommand{\anchors}{\terms{anchor}}
\newcommand{\block}{\term{block}} \newcommand{\block}{\term{block}}
\newcommand{\blocks}{\term{blocks}} \newcommand{\blocks}{\terms{block}}
\newcommand{\header}{\term{header}} \newcommand{\header}{\term{header}}
\newcommand{\headers}{\term{headers}} \newcommand{\headers}{\terms{header}}
\newcommand{\blockHeader}{\term{block header}} \newcommand{\blockHeader}{\term{block header}}
\newcommand{\blockHeaders}{\term{block headers}} \newcommand{\blockHeaders}{\terms{block header}}
\newcommand{\Blockheader}{\term{Block header}} \newcommand{\Blockheader}{\termx{block header}}
\newcommand{\BlockHeader}{\titleterm{Block Header}} \newcommand{\BlockHeader}{\titleterm{Block Header}}
\newcommand{\blockVersionNumber}{\term{block version number}} \newcommand{\blockVersionNumber}{\term{block version number}}
\newcommand{\blockVersionNumbers}{\term{block version numbers}} \newcommand{\blockVersionNumbers}{\terms{block version number}}
\newcommand{\Blockversions}{\term{Block versions}} \newcommand{\Blockversions}{\termandindex{Block versions}{block version number}}
\newcommand{\blockTime}{\term{block time}} \newcommand{\blockTime}{\term{block time}}
\newcommand{\blockHeight}{\term{block height}} \newcommand{\blockHeight}{\term{block height}}
\newcommand{\blockHeights}{\term{block heights}} \newcommand{\blockHeights}{\terms{block height}}
\newcommand{\activationHeight}{\term{activation block height}} \newcommand{\activationHeight}{\term{activation block height}}
\newcommand{\activationHeights}{\term{activation block heights}} \newcommand{\activationHeights}{\terms{activation block height}}
\newcommand{\genesisBlock}{\term{genesis block}} \newcommand{\genesisBlock}{\term{genesis block}}
\newcommand{\transaction}{\term{transaction}} \newcommand{\transaction}{\term{transaction}}
\newcommand{\transactions}{\term{transactions}} \newcommand{\transactions}{\terms{transaction}}
\newcommand{\Transactions}{\titleterm{Transactions}} \newcommand{\Transactions}{\titleterms{Transaction}}
\newcommand{\transactionFee}{\term{transaction fee}} \newcommand{\transactionFee}{\term{transaction fee}}
\newcommand{\transactionFees}{\term{transaction fees}} \newcommand{\transactionFees}{\terms{transaction fee}}
\newcommand{\transactionVersion}{\term{transaction version}} \newcommand{\transactionVersion}{\termandindex{transaction version}{transaction version number}}
\newcommand{\transactionVersionNumber}{\term{transaction version number}} \newcommand{\transactionVersionNumber}{\term{transaction version number}}
\newcommand{\transactionVersionNumbers}{\term{transaction version numbers}} \newcommand{\transactionVersionNumbers}{\terms{transaction version number}}
\newcommand{\Transactionversion}{\term{Transaction version}} \newcommand{\Transactionversion}{\termandindex{Transaction version}{transaction version number}}
\newcommand{\versionGroupID}{\term{version group ID}} \newcommand{\versionGroupID}{\term{version group ID}}
\newcommand{\coinbaseTransaction}{\term{coinbase transaction}} \newcommand{\coinbaseTransaction}{\term{coinbase transaction}}
\newcommand{\coinbaseTransactions}{\term{coinbase transactions}} \newcommand{\coinbaseTransactions}{\terms{coinbase transaction}}
\newcommand{\CoinbaseTransactions}{\titleterm{Coinbase Transactions}} \newcommand{\CoinbaseTransactions}{\titleterms{Coinbase Transaction}}
\newcommand{\transparent}{\term{transparent}} \newcommand{\transparent}{\term{transparent}}
\newcommand{\xTransparent}{\term{Transparent}} \newcommand{\xTransparent}{\termx{transparent}}
\newcommand{\Transparent}{\titleterm{Transparent}} \newcommand{\Transparent}{\titleterm{Transparent}}
\newcommand{\transparentValuePool}{\term{transparent value pool}} \newcommand{\transparentValuePool}{\term{transparent value pool}}
\newcommand{\transparentAddress}{\term{transparent address}} \newcommand{\transparentAddress}{\term{transparent address}}
\newcommand{\transparentAddresses}{\term{transparent addresses}} \newcommand{\transparentAddresses}{\termes{transparent address}}
\newcommand{\xTransparentAddresses}{\term{Transparent addresses}} \newcommand{\xTransparentAddresses}{\termxes{transparent address}}
\newcommand{\TransparentAddresses}{\titleterm{Transparent Addresses}} \newcommand{\TransparentAddresses}{\titletermes{Transparent Address}}
\newcommand{\transparentTransfers}{\term{transparent transfers}} \newcommand{\transparentTransfers}{\terms{transparent transfer}}
\newcommand{\transparentInput}{\term{transparent input}} \newcommand{\transparentInput}{\term{transparent input}}
\newcommand{\transparentInputs}{\term{transparent inputs}} \newcommand{\transparentInputs}{\terms{transparent input}}
\newcommand{\xTransparentInputs}{\term{Transparent inputs}} \newcommand{\xTransparentInputs}{\termxs{transparent input}}
\newcommand{\transparentOutput}{\term{transparent output}} \newcommand{\transparentOutput}{\term{transparent output}}
\newcommand{\transparentOutputs}{\term{transparent outputs}} \newcommand{\transparentOutputs}{\terms{transparent output}}
\newcommand{\xTransparentOutputs}{\term{Transparent outputs}} \newcommand{\xTransparentOutputs}{\termxs{transparent output}}
\newcommand{\saplingValuePool}{\term{\Sapling value pool}} \newcommand{\saplingValuePool}{\termandindex{\Sapling value pool}{value pool (Sapling)}}
\newcommand{\shielded}{\term{shielded}} \newcommand{\shielded}{\term{shielded}}
\newcommand{\shieldedNote}{\term{shielded note}} \newcommand{\shieldedNote}{\term{shielded note}}
\newcommand{\shieldedNotes}{\term{shielded notes}} \newcommand{\shieldedNotes}{\terms{shielded note}}
\newcommand{\xShielded}{\term{Shielded}} \newcommand{\xShielded}{\termx{shielded}}
\newcommand{\Shielded}{\titleterm{Shielded}} \newcommand{\Shielded}{\titleterm{Shielded}}
\newcommand{\blockchain}{\term{block chain}} \newcommand{\blockchain}{\term{block chain}}
\newcommand{\blockchains}{\term{block chains}} \newcommand{\blockchains}{\terms{block chain}}
\newcommand{\Blockchain}{\titleterm{Block Chain}} \newcommand{\Blockchain}{\titleterm{Block Chain}}
\newcommand{\validBlockchain}{\term{valid block chain}} \newcommand{\validBlockchain}{\term{valid block chain}}
\newcommand{\bestValidBlockchain}{\term{best valid block chain}} \newcommand{\bestValidBlockchain}{\term{best valid block chain}}
\newcommand{\branch}{\term{branch}} \newcommand{\branch}{\term{branch}}
\newcommand{\branches}{\term{branches}} \newcommand{\branches}{\termes{branch}}
\newcommand{\mempool}{\term{mempool}} \newcommand{\mempool}{\term{mempool}}
\newcommand{\treestate}{\term{treestate}} \newcommand{\treestate}{\term{treestate}}
\newcommand{\treestates}{\term{treestates}} \newcommand{\treestates}{\terms{treestate}}
\newcommand{\nullifier}{\term{nullifier}} \newcommand{\nullifier}{\term{nullifier}}
\newcommand{\nullifiers}{\term{nullifiers}} \newcommand{\nullifiers}{\terms{nullifier}}
\newcommand{\xNullifier}{\term{Nullifier}} \newcommand{\xNullifier}{\termx{nullifier}}
\newcommand{\xNullifiers}{\term{Nullifiers}} \newcommand{\xNullifiers}{\termxs{nullifier}}
\newcommand{\Nullifier}{\titleterm{Nullifier}} \newcommand{\Nullifier}{\titleterm{Nullifier}}
\newcommand{\Nullifiers}{\titleterm{Nullifiers}} \newcommand{\Nullifiers}{\titleterms{Nullifier}}
\newcommand{\nullifierSet}{\term{nullifier set}} \newcommand{\nullifierSet}{\term{nullifier set}}
\newcommand{\nullifierSets}{\term{nullifier sets}} \newcommand{\nullifierSets}{\terms{nullifier set}}
\newcommand{\NullifierSets}{\titleterm{Nullifier Sets}} \newcommand{\NullifierSets}{\titleterms{Nullifier Set}}
\newcommand{\paymentAddress}{\term{shielded payment address}} \newcommand{\paymentAddress}{\term{shielded payment address}}
\newcommand{\paymentAddresses}{\term{shielded payment addresses}} \newcommand{\paymentAddresses}{\termes{shielded payment address}}
\newcommand{\PaymentAddresses}{\titleterm{Shielded Payment Addresses}} \newcommand{\PaymentAddresses}{\titletermes{Shielded Payment Address}}
\newcommand{\diversifiedPaymentAddress}{\term{diversified payment address}} \newcommand{\diversifiedPaymentAddress}{\term{diversified payment address}}
\newcommand{\diversifiedPaymentAddresses}{\term{diversified payment addresses}} \newcommand{\diversifiedPaymentAddresses}{\termes{diversified payment address}}
\newcommand{\defaultDiversifiedPaymentAddress}{\term{default diversified payment address}} \newcommand{\defaultDiversifiedPaymentAddress}{\term{default diversified payment address}}
\newcommand{\diversifiedBase}{\term{diversified base}} \newcommand{\diversifiedBase}{\term{diversified base}}
\newcommand{\diversifiedBases}{\term{diversified bases}} \newcommand{\diversifiedBases}{\terms{diversified base}}
\newcommand{\diversifier}{\term{diversifier}} \newcommand{\diversifier}{\term{diversifier}}
\newcommand{\diversifiers}{\term{diversifiers}} \newcommand{\diversifiers}{\terms{diversifier}}
\newcommand{\incomingViewingKey}{\term{incoming viewing key}} \newcommand{\incomingViewingKey}{\term{incoming viewing key}}
\newcommand{\incomingViewingKeys}{\term{incoming viewing keys}} \newcommand{\incomingViewingKeys}{\terms{incoming viewing key}}
\newcommand{\IncomingViewingKeys}{\titleterm{Incoming Viewing Keys}} \newcommand{\IncomingViewingKeys}{\titleterms{Incoming Viewing Key}}
\newcommand{\outgoingViewingKey}{\term{outgoing viewing key}} \newcommand{\outgoingViewingKey}{\term{outgoing viewing key}}
\newcommand{\outgoingViewingKeys}{\term{outgoing viewing keys}} \newcommand{\outgoingViewingKeys}{\terms{outgoing viewing key}}
\newcommand{\outgoingCipherKey}{\term{outgoing cipher key}} \newcommand{\outgoingCipherKey}{\term{outgoing cipher key}}
\newcommand{\outgoingCipherKeys}{\term{outgoing cipher keys}} \newcommand{\outgoingCipherKeys}{\terms{outgoing cipher key}}
\newcommand{\fullViewingKey}{\term{full viewing key}} \newcommand{\fullViewingKey}{\term{full viewing key}}
\newcommand{\fullViewingKeys}{\term{full viewing keys}} \newcommand{\fullViewingKeys}{\terms{full viewing key}}
\newcommand{\FullViewingKeys}{\titleterm{Full Viewing Keys}} \newcommand{\FullViewingKeys}{\titleterms{Full Viewing Key}}
\newcommand{\receivingKey}{\term{receiving key}} \newcommand{\receivingKey}{\term{receiving key}}
\newcommand{\receivingKeys}{\term{receiving keys}} \newcommand{\receivingKeys}{\terms{receiving key}}
\newcommand{\spendingKey}{\term{spending key}} \newcommand{\spendingKey}{\term{spending key}}
\newcommand{\spendingKeys}{\term{spending keys}} \newcommand{\spendingKeys}{\terms{spending key}}
\newcommand{\SpendingKeys}{\titleterm{Spending Keys}} \newcommand{\SpendingKeys}{\titleterms{Spending Key}}
\newcommand{\payingKey}{\term{paying key}} \newcommand{\payingKey}{\term{paying key}}
\newcommand{\transmissionKey}{\term{transmission key}} \newcommand{\transmissionKey}{\term{transmission key}}
\newcommand{\transmissionKeys}{\term{transmission keys}} \newcommand{\transmissionKeys}{\terms{transmission key}}
\newcommand{\diversifiedTransmissionKey}{\term{diversified transmission key}} \newcommand{\diversifiedTransmissionKey}{\term{diversified transmission key}}
\newcommand{\diversifiedTransmissionKeys}{\term{diversified transmission keys}} \newcommand{\diversifiedTransmissionKeys}{\terms{diversified transmission key}}
\newcommand{\diversifiedTransmissionBase}{\term{diversified transmission base}} \newcommand{\diversifiedTransmissionBase}{\term{diversified transmission base}}
\newcommand{\diversifiedTransmissionBases}{\term{diversified transmission bases}} \newcommand{\diversifiedTransmissionBases}{\terms{diversified transmission base}}
\newcommand{\authSigningKey}{\term{spend authorizing key}} \newcommand{\authSigningKey}{\term{spend authorizing key}}
\newcommand{\authSigningKeys}{\term{spend authorizing keys}} \newcommand{\authSigningKeys}{\terms{spend authorizing key}}
\newcommand{\authRandomizedVerifyingKey}{\term{randomized spend verifying key}} \newcommand{\authRandomizedVerifyingKey}{\term{randomized spend verifying key}}
\newcommand{\authRandomizedVerifyingKeys}{\term{randomized spend verifying keys}} \newcommand{\authRandomizedVerifyingKeys}{\terms{randomized spend verifying key}}
\newcommand{\authProvingKey}{\term{proof authorizing key}} \newcommand{\authProvingKey}{\term{proof authorizing key}}
\newcommand{\authProvingKeys}{\term{proof authorizing keys}} \newcommand{\authProvingKeys}{\terms{proof authorizing key}}
\newcommand{\nullifierKey}{\term{nullifier deriving key}} \newcommand{\nullifierKey}{\term{nullifier deriving key}}
\newcommand{\nullifierKeys}{\term{nullifier deriving keys}} \newcommand{\nullifierKeys}{\terms{nullifier deriving key}}
\newcommand{\humanReadablePart}{\term{Human-Readable Part}} \newcommand{\humanReadablePart}{\term{Human-Readable Part}}
\newcommand{\notePlaintext}{\term{note plaintext}} \newcommand{\notePlaintext}{\term{note plaintext}}
\newcommand{\notePlaintexts}{\term{note plaintexts}} \newcommand{\notePlaintexts}{\terms{note plaintext}}
\newcommand{\NotePlaintexts}{\titleterm{Note Plaintexts}} \newcommand{\NotePlaintexts}{\titleterms{Note Plaintext}}
\newcommand{\noteCiphertext}{\term{transmitted note ciphertext}} \newcommand{\noteCiphertext}{\termandindex{transmitted note ciphertext}{transmitted note(s) ciphertext}}
\newcommand{\noteCiphertexts}{\term{transmitted note ciphertexts}} \newcommand{\noteCiphertexts}{\termandindex{transmitted note ciphertexts}{transmitted note(s) ciphertext}}
\newcommand{\notesCiphertext}{\term{transmitted notes ciphertext}} \newcommand{\notesCiphertext}{\termandindex{transmitted notes ciphertext}{transmitted note(s) ciphertext}}
\newcommand{\noteOrNotesCiphertext}{\term{transmitted note(s) ciphertext}} \newcommand{\noteOrNotesCiphertext}{\term{transmitted note(s) ciphertext}}
\newcommand{\outputCiphertext}{\term{output ciphertext}} \newcommand{\outputCiphertext}{\term{output ciphertext}}
\newcommand{\outputCiphertexts}{\term{output ciphertexts}} \newcommand{\outputCiphertexts}{\terms{output ciphertext}}
\newcommand{\incrementalMerkleTree}{\term{incremental Merkle tree}} \newcommand{\incrementalMerkleTree}{\term{incremental Merkle tree}}
\newcommand{\MerkleTree}{\titleterm{Merkle Tree}} \newcommand{\MerkleTree}{\titleterm{Merkle Tree}}
\newcommand{\merkleRoot}{\term{root}} \newcommand{\merkleRoot}{\termandindex{root}{root (of a Merkle tree)}}
\newcommand{\merkleNode}{\term{node}} \newcommand{\merkleNode}{\termandindex{node}{node (of a Merkle tree)}}
\newcommand{\merkleNodes}{\term{nodes}} \newcommand{\merkleNodes}{\termandindex{nodes}{node (of a Merkle tree)}}
\newcommand{\merkleHash}{\term{hash value}} \newcommand{\merkleHash}{\termandindex{hash value}{hash value (of a Merkle tree node)}}
\newcommand{\merkleHashes}{\term{hash values}} \newcommand{\merkleHashes}{\termandindex{hash values}{hash value (of a Merkle tree node)}}
\newcommand{\merkleLeafNode}{\term{leaf node}} \newcommand{\merkleLeafNode}{\termandindex{leaf node}{leaf node (of a Merkle tree)}}
\newcommand{\merkleLeafNodes}{\term{leaf nodes}} \newcommand{\merkleLeafNodes}{\termandindex{leaf nodes}{leaf node (of a Merkle tree)}}
\newcommand{\merkleInternalNode}{\term{internal node}} \newcommand{\merkleInternalNode}{\termandindex{internal node}{internal node (of a Merkle tree)}}
\newcommand{\merkleInternalNodes}{\term{internal nodes}} \newcommand{\merkleInternalNodes}{\termandindex{internal nodes}{internal node (of a Merkle tree)}}
\newcommand{\MerkleInternalNodes}{\term{Internal nodes}} \newcommand{\MerkleInternalNodes}{\termandindex{Internal nodes}{internal node (of a Merkle tree)}}
\newcommand{\merklePath}{\term{Merkle path}} \newcommand{\merklePath}{\term{Merkle path}}
\newcommand{\merkleLayer}{\term{layer}} \newcommand{\merkleLayer}{\termandindex{layer}{layer (of a Merkle tree)}}
\newcommand{\merkleLayers}{\term{layers}} \newcommand{\merkleLayers}{\termandindex{layers}{layer (of a Merkle tree)}}
\newcommand{\merkleIndex}{\term{index}} \newcommand{\merkleIndex}{\termandindex{index}{index (of a Merkle tree node)}}
\newcommand{\merkleIndices}{\term{indices}} \newcommand{\merkleIndices}{\termandindex{indices}{index (of a Merkle tree node)}}
\newcommand{\zkSNARK}{\term{zk-SNARK}} \newcommand{\zkSNARK}{\term{zk-SNARK}}
\newcommand{\zkSNARKs}{\term{zk-SNARKs}} \newcommand{\zkSNARKs}{\terms{zk-SNARK}}
\newcommand{\zkSNARKProof}{\term{zk-SNARK proof}} \newcommand{\zkSNARKProof}{\term{zk-SNARK proof}}
\newcommand{\zkSNARKProofs}{\term{zk-SNARK proofs}} \newcommand{\zkSNARKProofs}{\terms{zk-SNARK proof}}
\newcommand{\zkSNARKCircuit}{\term{zk-SNARK circuit}} \newcommand{\zkSNARKCircuit}{\term{zk-SNARK circuit}}
\newcommand{\zkSNARKCircuits}{\term{zk-SNARK circuits}} \newcommand{\zkSNARKCircuits}{\terms{zk-SNARK circuit}}
\newcommand{\libsnark}{\term{libsnark}} \newcommand{\libsnark}{\termandindex{libsnark}{libsnark (Zcash fork)}}
\newcommand{\bellman}{\term{bellman}} \newcommand{\bellman}{\term{bellman}}
\newcommand{\memo}{\term{memo field}} \newcommand{\memo}{\term{memo field}}
\newcommand{\memos}{\term{memo fields}} \newcommand{\memos}{\terms{memo field}}
\newcommand{\Memos}{\titleterm{Memo Fields}} \newcommand{\Memos}{\titleterms{Memo Field}}
\newcommand{\keyAgreementScheme}{\term{key agreement scheme}} \newcommand{\keyAgreementScheme}{\term{key agreement scheme}}
\newcommand{\keyAgreementSchemes}{\term{key agreement schemes}} \newcommand{\keyAgreementSchemes}{\terms{key agreement scheme}}
\newcommand{\keyDerivationFunction}{\term{Key Derivation Function}} \newcommand{\keyDerivationFunction}{\term{Key Derivation Function}}
\newcommand{\keyDerivationFunctions}{\term{Key Derivation Functions}} \newcommand{\keyDerivationFunctions}{\terms{Key Derivation Function}}
\newcommand{\KeyAgreement}{\titleterm{Key Agreement}} \newcommand{\KeyAgreement}{\titleterm{Key Agreement}}
\newcommand{\KeyDerivation}{\titleterm{Key Derivation}} \newcommand{\KeyDerivation}{\titleterm{Key Derivation}}
\newcommand{\KeyAgreementAndDerivation}{\titleterm{Key Agreement and Derivation}} \newcommand{\KeyAgreementAndDerivation}{\titleterm{Key Agreement and Derivation}}
\newcommand{\hashFunction}{\term{hash function}} \newcommand{\hashFunction}{\term{hash function}}
\newcommand{\hashFunctions}{\term{hash functions}} \newcommand{\hashFunctions}{\terms{hash function}}
\newcommand{\HashFunction}{\titleterm{Hash Function}} \newcommand{\HashFunction}{\titleterm{Hash Function}}
\newcommand{\HashFunctions}{\titleterm{Hash Functions}} \newcommand{\HashFunctions}{\titleterms{Hash Function}}
\newcommand{\encryptionScheme}{\term{encryption scheme}} \newcommand{\encryptionScheme}{\term{encryption scheme}}
\newcommand{\symmetricEncryptionScheme}{\term{authenticated one-time symmetric encryption scheme}} \newcommand{\symmetricEncryptionScheme}{\termandindex{authenticated one-time symmetric encryption scheme}{authenticated one-time symmetric encryption}}
\newcommand{\SymmetricEncryption}{\titleterm{Authenticated One-Time Symmetric Encryption}} \newcommand{\SymmetricEncryption}{\titleterm{Authenticated One-Time Symmetric Encryption}}
\newcommand{\signatureScheme}{\term{signature scheme}} \newcommand{\signatureScheme}{\term{signature scheme}}
\newcommand{\signatureSchemes}{\term{signature schemes}} \newcommand{\signatureSchemes}{\terms{signature scheme}}
\newcommand{\rerandomizableSignatureScheme}{\term{signature scheme with re\hyp randomizable keys}}
\newcommand{\rerandomizableSignatureSchemes}{\term{signature schemes with re\hyp randomizable keys}} \newcommand{\rerandomizableSignatureSchemes}{\term{signature schemes with re\hyp randomizable keys}}
\newcommand{\keyHomomorphicSignatureScheme}{\term{signature scheme with private key to public key homomorphism}}
\newcommand{\keyHomomorphicSignatureSchemes}{\term{signature schemes with private key to public key homomorphism}} \newcommand{\keyHomomorphicSignatureSchemes}{\term{signature schemes with private key to public key homomorphism}}
\newcommand{\rerandomizableSignatureScheme}{\termandindex{signature scheme with re\hyp randomizable keys}{signature scheme with re-randomizable keys}}
\newcommand{\keyHomomorphicSignatureScheme}{\term{signature scheme with key homomorphism}}
\newcommand{\pseudoRandomFunction}{\term{Pseudo Random Function}} \newcommand{\pseudoRandomFunction}{\term{Pseudo Random Function}}
\newcommand{\pseudoRandomFunctions}{\term{Pseudo Random Functions}} \newcommand{\pseudoRandomFunctions}{\terms{Pseudo Random Function}}
\newcommand{\PseudoRandomFunctions}{\titleterm{Pseudo Random Functions}} \newcommand{\PseudoRandomFunctions}{\titleterms{Pseudo Random Function}}
\newcommand{\pseudoRandomPermutation}{\term{Pseudo Random Permutation}} \newcommand{\pseudoRandomPermutation}{\term{Pseudo Random Permutation}}
\newcommand{\pseudoRandomGenerators}{\term{Pseudo Random Generators}} % only in history \newcommand{\pseudoRandomGenerators}{\termnoindex{Pseudo Random Generators}} % only in history
\newcommand{\expandedSeed}{\term{expanded seed}} \newcommand{\expandedSeed}{\term{expanded seed}}
\newcommand{\shaHashFunction}{\term{SHA-256 hash function}} \newcommand{\shaHashFunction}{\term{SHA-256 hash function}}
\newcommand{\shaCompress}{\term{SHA-256 compression}} \newcommand{\shaCompress}{\termandindex{SHA-256 compression}{SHA-256 compression function}}
\newcommand{\shaCompressFunction}{\term{SHA-256 compression function}} \newcommand{\shaCompressFunction}{\term{SHA-256 compression function}}
\newcommand{\BlakeTwo}{\titleterm{BLAKE2}} \newcommand{\BlakeTwo}{\titleterm{BLAKE2}}
\newcommand{\xPedersenHash}{\term{Pedersen hash}} \newcommand{\xPedersenHash}{\term{Pedersen hash}}
\newcommand{\xPedersenHashes}{\term{Pedersen hashes}} \newcommand{\xPedersenHashes}{\termes{Pedersen hash}}
\newcommand{\PedersenHashFunction}{\titleterm{Pedersen Hash Function}} \newcommand{\PedersenHashFunction}{\titleterm{Pedersen Hash Function}}
\newcommand{\xPedersenCommitment}{\term{Pedersen commitment}} \newcommand{\xPedersenCommitment}{\term{Pedersen commitment}}
\newcommand{\xPedersenCommitments}{\term{Pedersen commitments}} \newcommand{\xPedersenCommitments}{\terms{Pedersen commitment}}
\newcommand{\xPedersenValueCommitment}{\term{Pedersen value commitment}} \newcommand{\xPedersenValueCommitment}{\term{Pedersen value commitment}}
\newcommand{\xPedersenValueCommitments}{\term{Pedersen value commitments}} \newcommand{\xPedersenValueCommitments}{\terms{Pedersen value commitment}}
\newcommand{\windowedPedersenCommitment}{\term{windowed Pedersen commitment}} \newcommand{\windowedPedersenCommitment}{\term{windowed Pedersen commitment}}
\newcommand{\windowedPedersenCommitments}{\term{windowed Pedersen commitments}} \newcommand{\windowedPedersenCommitments}{\terms{windowed Pedersen commitment}}
\newcommand{\WindowedPedersenCommitment}{\titleterm{Windowed Pedersen Commitment}} \newcommand{\WindowedPedersenCommitment}{\titleterm{Windowed Pedersen Commitment}}
\newcommand{\homomorphicPedersenCommitment}{\term{homomorphic Pedersen commitment}} \newcommand{\homomorphicPedersenCommitment}{\term{homomorphic Pedersen commitment}}
\newcommand{\homomorphicPedersenCommitments}{\term{homomorphic Pedersen commitments}} \newcommand{\homomorphicPedersenCommitments}{\terms{homomorphic Pedersen commitment}}
\newcommand{\HomomorphicPedersenCommitment}{\titleterm{Homomorphic Pedersen Commitment}} \newcommand{\HomomorphicPedersenCommitment}{\titleterm{Homomorphic Pedersen Commitment}}
\newcommand{\distinctXCriterion}{\term{distinct-$x$ criterion}} \newcommand{\distinctXCriterion}{\term{distinct-$x$ criterion}}
\newcommand{\Nary}{\mbox{$N$-ary}} \newcommand{\Nary}{\mbox{$N$-ary}}
@ -1360,7 +1414,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\ThresholdBits}{\mathsf{ThresholdBits}} \newcommand{\ThresholdBits}{\mathsf{ThresholdBits}}
\newcommand{\targetThreshold}{\term{target threshold}} \newcommand{\targetThreshold}{\term{target threshold}}
\newcommand{\targetThresholds}{\term{target thresholds}} \newcommand{\targetThresholds}{\terms{target threshold}}
% Signatures % Signatures
@ -1542,9 +1596,9 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\SighashTxHashing}{\titleterm{SIGHASH Transaction Hashing}} \newcommand{\SighashTxHashing}{\titleterm{SIGHASH Transaction Hashing}}
\newcommand{\sighash}{\term{SIGHASH}} \newcommand{\sighash}{\term{SIGHASH}}
\newcommand{\sighashTxHash}{\term{SIGHASH transaction hash}} \newcommand{\sighashTxHash}{\term{SIGHASH transaction hash}}
\newcommand{\sighashTxHashes}{\term{SIGHASH transaction hashes}} \newcommand{\sighashTxHashes}{\termes{SIGHASH transaction hash}}
\newcommand{\sighashType}{\term{SIGHASH type}} \newcommand{\sighashType}{\term{SIGHASH type}}
\newcommand{\sighashTypes}{\term{SIGHASH types}} \newcommand{\sighashTypes}{\terms{SIGHASH type}}
\newcommand{\SIGHASHALL}{\mathsf{SIGHASH\_ALL}} \newcommand{\SIGHASHALL}{\mathsf{SIGHASH\_ALL}}
\newcommand{\SIGHASHSINGLE}{\mathsf{SIGHASH\_SINGLE}} \newcommand{\SIGHASHSINGLE}{\mathsf{SIGHASH\_SINGLE}}
\newcommand{\SigHash}{\mathsf{SigHash}} \newcommand{\SigHash}{\mathsf{SigHash}}
@ -3783,7 +3837,7 @@ them to be the relevant $\Groth$ \provingKeys and
\subsection{\KeyComponents} \label{keycomponents} \subsection{\KeyComponents} \label{keycomponents}
\notsprout{\subsubsection{\Sprout{} \KeyComponents}} \label{sproutkeycomponents} \notsprout{\subsubsection{\SproutText{} \KeyComponents}} \label{sproutkeycomponents}
Let $\AuthPrivateLength$ be as defined in \crossref{constants}. Let $\AuthPrivateLength$ be as defined in \crossref{constants}.
@ -3809,7 +3863,7 @@ as follows:}
\end{tabular} \end{tabular}
\sapling{ \sapling{
\subsubsection{\Sapling{} \KeyComponents} \label{saplingkeycomponents} \subsubsection{\SaplingText{} \KeyComponents} \label{saplingkeycomponents}
Let $\PRFOutputLengthExpand$, $\SpendingKeyLength$, $\OutViewingKeyLength$, and $\DiversifierLength$ Let $\PRFOutputLengthExpand$, $\SpendingKeyLength$, $\OutViewingKeyLength$, and $\DiversifierLength$
be as defined in \crossref{constants}. be as defined in \crossref{constants}.
@ -4153,7 +4207,7 @@ where
\vspace{-2ex} \vspace{-2ex}
\subsection{Sending \Notes} \label{send} \subsection{Sending \Notes} \label{send}
\notsprout{\subsubsection{Sending \Notes{} (\Sprout)}} \label{sproutsend} \notsprout{\subsubsection{Sending \Notes{} (\SproutText)}} \label{sproutsend}
In order to send \SproutOrNothing{} \shielded value, the sender constructs a In order to send \SproutOrNothing{} \shielded value, the sender constructs a
\transaction containing one or more \joinSplitDescriptions. This involves first \transaction containing one or more \joinSplitDescriptions. This involves first
@ -4208,7 +4262,7 @@ Then the encoded \transaction including $\joinSplitSig$ is submitted to the netw
\sapling{ \sapling{
\introlist \introlist
\subsubsection{Sending \Notes{} (\Sapling)} \label{saplingsend} \subsubsection{Sending \Notes{} (\SaplingText)} \label{saplingsend}
In order to send \Sapling{} \shielded value, the sender constructs a \transaction In order to send \Sapling{} \shielded value, the sender constructs a \transaction
containing one or more \outputDescriptions. containing one or more \outputDescriptions.
@ -4292,7 +4346,7 @@ scope of this specification. The encoded \transaction is submitted to the networ
\introsection \introsection
\subsection{\DummyNotes} \label{dummynotes} \subsection{\DummyNotes} \label{dummynotes}
\notsprout{\subsubsection{\DummyNotes\pSproutOrNothing}} \label{sproutdummynotes} \notsprout{\subsubsection{\DummyNotes\pSproutOrNothingText}} \label{sproutdummynotes}
The fields in a \joinSplitDescription allow for $\NOld$ input \notes, and The fields in a \joinSplitDescription allow for $\NOld$ input \notes, and
$\NNew$ output \notes. In practice, we may wish to encode a \joinSplitTransfer $\NNew$ output \notes. In practice, we may wish to encode a \joinSplitTransfer
@ -4330,7 +4384,7 @@ zero value, and sent to a random \paymentAddress.
\sapling{ \sapling{
\introsection \introsection
\subsubsection{\DummyNotes{} (\Sapling)} \label{saplingdummynotes} \subsubsection{\DummyNotes{} (\SaplingText)} \label{saplingdummynotes}
In \Sapling there is no need to use \dummyNotes simply in order to fill In \Sapling there is no need to use \dummyNotes simply in order to fill
otherwise unused inputs as in the case of a \joinSplitDescription; nevertheless otherwise unused inputs as in the case of a \joinSplitDescription; nevertheless
@ -4495,7 +4549,7 @@ activation, i.e.\ for version 3 \transactions, is defined in \cite{ZIP-143}.}
version 4 \transactions, is defined in \cite{ZIP-243}.} version 4 \transactions, is defined in \cite{ZIP-243}.}
\subsection{Non-malleability\pSproutOrNothing} \label{sproutnonmalleability} \subsection{Non-malleability\pSproutOrNothingText} \label{sproutnonmalleability}
Let $\dataToBeSigned$ be the hash of the \transaction{}, not associated with an input, Let $\dataToBeSigned$ be the hash of the \transaction{}, not associated with an input,
\changed{using the $\SIGHASHALL$ \sighashType}. \changed{using the $\SIGHASHALL$ \sighashType}.
@ -4532,7 +4586,7 @@ to $\joinSplitPubKey$ to sign this \transaction.
\introsection \introsection
\subsection{Balance\pSproutOrNothing} \label{joinsplitbalance} \subsection{Balance\pSproutOrNothingText} \label{joinsplitbalance}
In \Bitcoin, all inputs to and outputs from a \transaction are transparent. In \Bitcoin, all inputs to and outputs from a \transaction are transparent.
The total value of \transparentOutputs{} must not exceed the total value of The total value of \transparentOutputs{} must not exceed the total value of
@ -4568,7 +4622,7 @@ according to client implementation.
\sapling{ \sapling{
\introsection \introsection
\subsection{Balance and \BindingSignature{} (\Sapling)} \label{saplingbalance} \label{bindingsig} \subsection{Balance and \BindingSignature{} (\SaplingText)} \label{saplingbalance} \label{bindingsig}
\Sapling adds \spendTransfers and \outputTransfers to the transparent and \Sapling adds \spendTransfers and \outputTransfers to the transparent and
\joinSplitTransfers present in \Sprout. \joinSplitTransfers present in \Sprout.
@ -4858,7 +4912,7 @@ is a representation of the \nullifierKey associated with the \note and $\NoteAdd
\subsection{\ZkSNARKStatements} \label{snarkstatements} \subsection{\ZkSNARKStatements} \label{snarkstatements}
\vspace{-1ex} \vspace{-1ex}
\subsubsection{\JoinSplitStatement\pSproutOrNothing} \label{joinsplitstatement} \subsubsection{\JoinSplitStatement\pSproutOrNothingText} \label{joinsplitstatement}
\vspace{-2ex} \vspace{-2ex}
Let $\MerkleHashLengthSprout$, $\PRFOutputLengthSprout$, $\MerkleDepthSprout$, $\ValueLength$, Let $\MerkleHashLengthSprout$, $\PRFOutputLengthSprout$, $\MerkleDepthSprout$, $\ValueLength$,
@ -4960,7 +5014,7 @@ For details of the form and encoding of proofs, see \crossref{bctv}.
\sapling{ \sapling{
\subsubsection{\SpendStatement{} (\Sapling)} \label{spendstatement} \subsubsection{\SpendStatement{} (\SaplingText)} \label{spendstatement}
\vspace{-1ex} \vspace{-1ex}
Let $\MerkleHashLengthSapling$, $\PRFOutputLengthNfSapling$, and $\ScalarLength$ be Let $\MerkleHashLengthSapling$, $\PRFOutputLengthNfSapling$, and $\ScalarLength$ be
@ -5082,7 +5136,7 @@ For details of the form and encoding of \spendStatement proofs, see \crossref{gr
\sapling{ \sapling{
\introsection \introsection
\subsubsection{\OutputStatement{} (\Sapling)} \label{outputstatement} \subsubsection{\OutputStatement{} (\SaplingText)} \label{outputstatement}
Let $\MerkleHashLengthSapling$, $\PRFOutputLengthNfSapling$, and $\ScalarLength$ be Let $\MerkleHashLengthSapling$, $\PRFOutputLengthNfSapling$, and $\ScalarLength$ be
as defined in \crossref{constants}. as defined in \crossref{constants}.
@ -5152,7 +5206,7 @@ For details of the form and encoding of \outputStatement proofs, see \crossref{g
} %sapling } %sapling
\subsection{In-band secret distribution\pSproutOrNothing} \label{sproutinband} \subsection{In-band secret distribution\pSproutOrNothingText} \label{sproutinband}
\sprout{The}\notsprout{In \Sprout, the} secrets that need to be transmitted \sprout{The}\notsprout{In \Sprout, the} secrets that need to be transmitted
to a recipient of funds in order for them to later spend, are $\Value$, to a recipient of funds in order for them to later spend, are $\Value$,
@ -5181,7 +5235,7 @@ For both encryption and decryption,
\vspace{-2ex} \vspace{-2ex}
\subsubsection{Encryption\pSproutOrNothing} \label{sproutencrypt} \subsubsection{Encryption\pSproutOrNothingText} \label{sproutencrypt}
Let $\KASprout$ be the \keyAgreementScheme instantiated in \crossref{concretesproutkeyagreement}. Let $\KASprout$ be the \keyAgreementScheme instantiated in \crossref{concretesproutkeyagreement}.
@ -5227,7 +5281,7 @@ further security considerations, for example of how to validate a \SproutOrNothi
\note received out-of-band, which are not addressed in this document. \note received out-of-band, which are not addressed in this document.
} }
\subsubsection{Decryption\pSproutOrNothing} \label{sproutdecrypt} \subsubsection{Decryption\pSproutOrNothingText} \label{sproutdecrypt}
Let $\InViewingKey = (\AuthPublic, \TransmitPrivate)$ be the recipient's \incomingViewingKey, Let $\InViewingKey = (\AuthPublic, \TransmitPrivate)$ be the recipient's \incomingViewingKey,
and let $\TransmitPublic$ be the corresponding \transmissionKey derived from and let $\TransmitPublic$ be the corresponding \transmissionKey derived from
@ -5288,7 +5342,7 @@ engineering rationale behind this encryption scheme.
\sapling{ \sapling{
\subsection{In-band secret distribution (\Sapling)} \label{saplinginband} \subsection{In-band secret distribution (\SaplingText)} \label{saplinginband}
In \Sapling, the secrets that need to be transmitted to a recipient of funds In \Sapling, the secrets that need to be transmitted to a recipient of funds
in order for them to later spend, are $\Diversifier$, $\Value$, and $\NoteCommitRand$. in order for them to later spend, are $\Diversifier$, $\Value$, and $\NoteCommitRand$.
@ -5319,7 +5373,7 @@ For both encryption and decryption,
\sapling{ \sapling{
\subsubsection{Encryption (\Sapling)} \label{saplingencrypt} \subsubsection{Encryption (\SaplingText)} \label{saplingencrypt}
Let $\DiversifiedTransmitPublicNew \typecolon \KASaplingPublicPrimeOrder$ be the Let $\DiversifiedTransmitPublicNew \typecolon \KASaplingPublicPrimeOrder$ be the
\diversifiedTransmissionKey for the intended recipient address of a new \Sapling{} \note, \diversifiedTransmissionKey for the intended recipient address of a new \Sapling{} \note,
@ -5378,7 +5432,7 @@ received out-of-band, which are not addressed in this document.
\sapling{ \sapling{
\subsubsection{Decryption using an Incoming Viewing Key (\Sapling)} \label{saplingdecryptivk} \subsubsection{Decryption using an Incoming Viewing Key (\SaplingText)} \label{saplingdecryptivk}
Let $\InViewingKey \typecolon \InViewingKeyTypeSapling$ be the recipient's \incomingViewingKey, Let $\InViewingKey \typecolon \InViewingKeyTypeSapling$ be the recipient's \incomingViewingKey,
as specified in \crossref{saplingkeycomponents}. as specified in \crossref{saplingkeycomponents}.
@ -5428,7 +5482,7 @@ contain the \transaction in which a \note was output.
\sapling{ \sapling{
\subsubsection{Decryption using a Full Viewing Key (\Sapling)} \label{saplingdecryptovk} \subsubsection{Decryption using a Full Viewing Key (\SaplingText)} \label{saplingdecryptovk}
Let $\OutViewingKey \typecolon \OutViewingKeyType$ be the \outgoingViewingKey, as specified Let $\OutViewingKey \typecolon \OutViewingKeyType$ be the \outgoingViewingKey, as specified
in \crossref{saplingkeycomponents}, that is to be used for decryption. in \crossref{saplingkeycomponents}, that is to be used for decryption.
@ -5477,7 +5531,7 @@ The \outgoingViewingKey holder will attempt to decrypt the \noteCiphertext as fo
$\ephemeralKey = \LEBStoOSP{\ellJ}\big(\reprJ\Of{\EphemeralPublic}\kern-0.15em\big)$.} $\ephemeralKey = \LEBStoOSP{\ellJ}\big(\reprJ\Of{\EphemeralPublic}\kern-0.15em\big)$.}
\subsection{\Blockchain{} Scanning\pSproutOrNothing} \label{sproutscan} \subsection{\Blockchain{} Scanning\pSproutOrNothingText} \label{sproutscan}
The following algorithm can be used, given the \blockchain and a The following algorithm can be used, given the \blockchain and a
\SproutOrNothing{} \spendingKey $\AuthPrivate$, to obtain each \note sent \SproutOrNothing{} \spendingKey $\AuthPrivate$, to obtain each \note sent
@ -5528,7 +5582,7 @@ be the \incomingViewingKey corresponding to $\AuthPrivate$, and let $\TransmitPu
\sapling{ \sapling{
\subsection{\Blockchain{} Scanning (\Sapling)} \label{saplingscan} \subsection{\Blockchain{} Scanning (\SaplingText)} \label{saplingscan}
In \Sapling, \blockchain scanning requires only the $\AuthProvePublic$ and $\InViewingKey$ In \Sapling, \blockchain scanning requires only the $\AuthProvePublic$ and $\InViewingKey$
key components, rather than a \spendingKey as in \Sprout. key components, rather than a \spendingKey as in \Sprout.
@ -6583,7 +6637,7 @@ block count and $64$-bit nonce as in the original definition of $\SymCipher$.
\subsubsection{\KeyAgreementAndDerivation} \label{concretekaandkdf} \subsubsection{\KeyAgreementAndDerivation} \label{concretekaandkdf}
\subsubsubsection{\SproutOrNothing \KeyAgreement} \label{concretesproutkeyagreement} \subsubsubsection{\SproutOrNothingText{} \KeyAgreement} \label{concretesproutkeyagreement}
\changed{ \changed{
$\KASprout$ is a \keyAgreementScheme as specified in \crossref{abstractkeyagreement}. $\KASprout$ is a \keyAgreementScheme as specified in \crossref{abstractkeyagreement}.
@ -6618,7 +6672,7 @@ Define $\KASproutAgree(n, q) := \KASproutCurveMultiply(n, q)$.
} }
\introsection \introsection
\subsubsubsection{\SproutOrNothing \KeyDerivation} \label{concretesproutkdf} \subsubsubsection{\SproutOrNothingText{} \KeyDerivation} \label{concretesproutkdf}
\newsavebox{\kdftagbox} \newsavebox{\kdftagbox}
\begin{lrbox}{\kdftagbox} \begin{lrbox}{\kdftagbox}
@ -6662,7 +6716,7 @@ $\BlakeTwobOf{256}{p, x}$ is defined in \crossref{concreteblake2}.
\sapling{ \sapling{
\subsubsubsection{\Sapling \KeyAgreement} \label{concretesaplingkeyagreement} \subsubsubsection{\SaplingText{} \KeyAgreement} \label{concretesaplingkeyagreement}
$\KASapling$ is a \keyAgreementScheme as specified in \crossref{abstractkeyagreement}. $\KASapling$ is a \keyAgreementScheme as specified in \crossref{abstractkeyagreement}.
@ -6695,7 +6749,7 @@ Define $\KASaplingAgree(\sk, P) := \scalarmult{\ParamJ{h} \mult \sk}{P}$.
\end{lrbox} \end{lrbox}
\sapling{ \sapling{
\subsubsubsection{\Sapling \KeyDerivation} \label{concretesaplingkdf} \subsubsubsection{\SaplingText{} \KeyDerivation} \label{concretesaplingkdf}
$\KDFSapling$ is a \keyDerivationFunction as specified in \crossref{abstractkdf}. $\KDFSapling$ is a \keyDerivationFunction as specified in \crossref{abstractkdf}.
@ -6984,7 +7038,7 @@ the public key with respect to the base $\ValueCommitRandBase$.
\introlist \introlist
\subsubsection{Commitment schemes} \label{concretecommit} \subsubsection{Commitment schemes} \label{concretecommit}
\subsubsubsection{\SproutOrNothing{} \NoteCommitments} \label{concretesproutnotecommit} \subsubsubsection{\SproutOrNothingText{} \NoteCommitments} \label{concretesproutnotecommit}
\newsavebox{\cmbox} \newsavebox{\cmbox}
\begin{lrbox}{\cmbox} \begin{lrbox}{\cmbox}
@ -7996,7 +8050,7 @@ These are encoded in the same way as in \Bitcoin \cite{Bitcoin-Base58},
for both the production and test networks. for both the production and test networks.
\subsubsection{\SproutOrNothing \PaymentAddresses} \label{sproutpaymentaddrencoding} \subsubsection{\SproutOrNothingText{} \PaymentAddresses} \label{sproutpaymentaddrencoding}
A \SproutOrNothing \paymentAddress consists of $\AuthPublic \typecolon \PRFOutputSprout$ A \SproutOrNothing \paymentAddress consists of $\AuthPublic \typecolon \PRFOutputSprout$
and $\TransmitPublic \typecolon \KASproutPublic$. and $\TransmitPublic \typecolon \KASproutPublic$.
@ -8041,7 +8095,7 @@ cause the first two characters of the Base58Check encoding to be fixed as
\sapling{ \sapling{
\subsubsection{\Sapling \PaymentAddresses} \label{saplingpaymentaddrencoding} \subsubsection{\SaplingText{} \PaymentAddresses} \label{saplingpaymentaddrencoding}
A \Sapling \paymentAddress consists of $\Diversifier \typecolon \DiversifierType$ A \Sapling \paymentAddress consists of $\Diversifier \typecolon \DiversifierType$
and $\DiversifiedTransmitPublic \typecolon \KASaplingPublicPrimeOrder$. and $\DiversifiedTransmitPublic \typecolon \KASaplingPublicPrimeOrder$.
@ -8077,7 +8131,7 @@ For addresses on the test network, the \humanReadablePart is \ascii{ztestsapling
} }
\subsubsection{\SproutOrNothing \IncomingViewingKeys} \label{sproutinviewingkeyencoding} \subsubsection{\SproutOrNothingText{} \IncomingViewingKeys} \label{sproutinviewingkeyencoding}
\changed{ \changed{
An \incomingViewingKey consists of $\AuthPublic \typecolon \PRFOutputSprout$ and An \incomingViewingKey consists of $\AuthPublic \typecolon \PRFOutputSprout$ and
@ -8133,7 +8187,7 @@ cause the first four characters of the Base58Check encoding to be fixed as
\sapling{ \sapling{
\subsubsection{\Sapling \IncomingViewingKeys} \label{saplinginviewingkeyencoding} \subsubsection{\SaplingText{} \IncomingViewingKeys} \label{saplinginviewingkeyencoding}
Let $\InViewingKeyLength$ be as defined in \crossref{constants}. Let $\InViewingKeyLength$ be as defined in \crossref{constants}.
@ -8167,7 +8221,7 @@ For \incomingViewingKeys on the test network, the \humanReadablePart is \ascii{z
\sapling{ \sapling{
\subsubsection{\Sapling \FullViewingKeys} \label{saplingfullviewingkeyencoding} \subsubsection{\SaplingText{} \FullViewingKeys} \label{saplingfullviewingkeyencoding}
A \Sapling \fullViewingKey consists of $\AuthSignPublic \typecolon \SubgroupJstar$, A \Sapling \fullViewingKey consists of $\AuthSignPublic \typecolon \SubgroupJstar$,
$\AuthProvePublic \typecolon \SubgroupJ$, and $\OutViewingKey \typecolon \byteseq{\OutViewingKeyLength/8}$. $\AuthProvePublic \typecolon \SubgroupJ$, and $\OutViewingKey \typecolon \byteseq{\OutViewingKeyLength/8}$.
@ -8203,7 +8257,7 @@ For \incomingViewingKeys on the test network, the \humanReadablePart is \ascii{z
\introsection \introsection
\subsubsection{\SproutOrNothing \SpendingKeys} \label{sproutspendingkeyencoding} \subsubsection{\SproutOrNothingText{} \SpendingKeys} \label{sproutspendingkeyencoding}
A \SproutOrNothing \spendingKey consists of $\AuthPrivate$, which is a sequence of A \SproutOrNothing \spendingKey consists of $\AuthPrivate$, which is a sequence of
\changed{$252$} bits (see \crossref{sproutkeycomponents}). \changed{$252$} bits (see \crossref{sproutkeycomponents}).
@ -8252,7 +8306,7 @@ The zero padding occupies the most significant 4 bits of the third byte.
\sapling{ \sapling{
\subsubsection{\Sapling \SpendingKeys} \label{saplingspendingkeyencoding} \subsubsection{\SaplingText{} \SpendingKeys} \label{saplingspendingkeyencoding}
A \Sapling \spendingKey consists of $\SpendingKey \typecolon \SpendingKeyType$ A \Sapling \spendingKey consists of $\SpendingKey \typecolon \SpendingKeyType$
(see \crossref{saplingkeycomponents}). (see \crossref{saplingkeycomponents}).
@ -8403,7 +8457,7 @@ upgrade-supporting nodes \MUST allow for this.
\intropart \intropart
\section{Consensus Changes from \Bitcoin} \section{Consensus Changes from \BitcoinText} \label{consensusfrombitcoin}
\subsection{Encoding of \Transactions} \label{txnencoding} \subsection{Encoding of \Transactions} \label{txnencoding}
@ -9429,7 +9483,7 @@ and would require an RFC in order to do so.)
\introsection \introsection
\section{Differences from the Zerocash paper} \label{differences} \section{Differences from the \ZerocashText{} paper} \label{differences}
\subsection{Transaction Structure} \label{trstructure} \subsection{Transaction Structure} \label{trstructure}
@ -9884,7 +9938,7 @@ to resist parallel brute force in the multi-user setting: \notsprout{for \Sprout
$\AuthPrivate$ is $252$ bits, and $\TransmitPrivate$ is no shorter than $\AuthPrivate$. $\AuthPrivate$ is $252$ bits, and $\TransmitPrivate$ is no shorter than $\AuthPrivate$.
\subsection{Omission in \Zerocash security proof} \label{crprf} \subsection{Omission in \ZerocashText{} security proof} \label{crprf}
The abstract \Zerocash protocol requires $\PRFaddr{}$ only to be a PRF; The abstract \Zerocash protocol requires $\PRFaddr{}$ only to be a PRF;
it is not specified to be \collisionResistant\!. This reveals a flaw in it is not specified to be \collisionResistant\!. This reveals a flaw in
@ -10043,6 +10097,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
\begin{itemize} \begin{itemize}
\item Experimental support for building using Lua\TeX{} and Xe\TeX. \item Experimental support for building using Lua\TeX{} and Xe\TeX.
\item Add an \snarkref{Index}{index}.
\end{itemize} \end{itemize}
\introlist \introlist
@ -12507,7 +12562,7 @@ final $\xor$ operations), but not the message bits.
\vspace{20ex} \vspace{20ex}
\intropart \intropart
\subsection{The Sapling Spend circuit} \label{cctsaplingspend} \subsection{The \SaplingText{} Spend circuit} \label{cctsaplingspend}
The \Sapling Spend \statement is defined in \crossref{spendstatement}. The \Sapling Spend \statement is defined in \crossref{spendstatement}.
@ -12683,7 +12738,7 @@ $\NoteCommitRandRepr$, $\ValueCommitRandRepr$, and $\vOldRepr$ as bit sequences
\introsection \introsection
\subsection{The Sapling Output circuit} \label{cctsaplingoutput} \subsection{The \SaplingText{} Output circuit} \label{cctsaplingoutput}
The \Sapling Output \statement is defined in \crossref{outputstatement}. The \Sapling Output \statement is defined in \crossref{outputstatement}.
@ -12976,4 +13031,11 @@ the cost of batched verification is therefore
} %notsprout } %notsprout
\appendix
\phantomsection
\addcontentsline{toc}{section}{\larger{Index}} \label{index}
\begin{flushleft}
\printindex
\end{flushleft}
\end{document} \end{document}