zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Refine magenta highlighting. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2016-09-26 21:32:08 +01:00
parent ccd8cdb5b1
commit 6f2526bddf
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
protocol/protocol.tex
View File

@ -944,8 +944,8 @@ to $\AuthPublic$, as described in the previous section.
defined in \crossref{abstractcomm}.
\end{itemize}
Let $\NoteType$ be the type of a \note, i.e.
$\PRFOutput \times \range{0}{\MAXMONEY} \times \PRFOutput \times \bitseq{\NoteCommitRandLength}$.
Let $\NoteType$ be the type of a \note, i.e. \changed{
$\PRFOutput \times \range{0}{\MAXMONEY} \times \PRFOutput \times \bitseq{\NoteCommitRandLength}$}.
Creation of new \notes is described in \crossref{send}. When \notes are sent,
only a commitment (see \crossref{abstractcomm}) to the above values is disclosed
@ -1453,11 +1453,11 @@ where
The $\ephemeralKey$ and $\encCiphertexts$ fields together form the \notesCiphertext.
The value $\hSig$ is also computed from $\RandomSeed$, $\nfOld{\allOld}$, and the
The value $\hSig$ is also computed from \changed{$\RandomSeed$, $\nfOld{\allOld}$, and} the
$\joinSplitPubKey$ of the containing \transaction:
\begin{itemize}
\item[] $\hSig := \hSigCRH(\RandomSeed, \nfOld{\allOld}, \joinSplitPubKey)$.
\item[] $\hSig := \hSigCRH(\changed{\RandomSeed, \nfOld{\allOld},\,} \joinSplitPubKey)$.
\end{itemize}
$\hSigCRH$ is instantiated in \crossref{hsigcrh}.
@ -1483,12 +1483,14 @@ a new $\JoinSplitSig$ key pair:
For each \joinSplitDescription, the sender chooses $\RandomSeed$ uniformly at
random on $\bitseq{\RandomSeedLength}$, and selects
the input \notes. At this point there is sufficient information to compute $\hSig$,
as described in the previous section. The sender also chooses $\NoteAddressPreRand$
uniformly at random on $\bitseq{\NoteAddressPreRandLength}$.
as described in the previous section. \changed{The sender also chooses $\NoteAddressPreRand$
uniformly at random on $\bitseq{\NoteAddressPreRandLength}$.}
Then it creates each output \note with index $i \typecolon \setofNew$ as follows:
\begin{itemize}
\item Choose $\NoteCommitRandNew{i}$ uniformly at random on $\bitseq{\NoteCommitRandLength}$.
\changed{
\item Compute $\NoteAddressRandNew{i} := \PRFrho{\NoteAddressPreRand}(i, \hSig)$.
}
\item Encrypt the \note to the recipient \transmissionKey $\TransmitPublicNew{i}$,
as described in \crossref{inband}, giving the ciphertext component
$\TransmitCiphertext{i}$.
@ -1514,6 +1516,7 @@ The fields in a \joinSplitDescription allow for $\NOld$ input \notes, and
$\NNew$ output \notes. In practice, we may wish to encode a \joinSplitTransfer
with fewer input or output \notes. This is achieved using \dummyNotes.
\changed{
A \dummy input \note, with index $i$ in the \joinSplitDescription, is constructed
as follows:
\begin{itemize}
@ -1527,6 +1530,7 @@ as follows:
\auxiliaryInput to the \joinSplitStatement (this will not be checked).
\item When generating the \joinSplitProof\!\!, set $\EnforceCommit{i}$ to 0.
\end{itemize}
}
A \dummy output \note is constructed as normal but with zero value, and
sent to a random \paymentAddress.
@ -1692,9 +1696,11 @@ $\treepath{i}$ must be a valid \merklePath of depth $\MerkleDepth$, as defined i
\textbf{Note:} Merkle path validity covers both conditions 1. (a) and 1. (d) of the NP statement
given in \cite[section 4.2]{BCG+2014}.
\changed{
\subparagraph{Commitment Enforcement}
for each $i \in \setofOld$, if $\vOld{i} \neq 0$ then $\EnforceCommit{i} = 1$.
}
\subparagraph{Balance}