mirror of https://github.com/zcash/zips.git
Add consensus rule that JoinSplit proofs must verify :-)
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
08ba32a4aa
commit
6f7bfbc59e
|
@ -1299,16 +1299,6 @@ where
|
|||
|
||||
The $\ephemeralKey$ and $\encCiphertexts$ fields together form the \notesCiphertext.
|
||||
|
||||
\consensusrule{
|
||||
$0 \leq \vpubOld \leq \MAXMONEY$, and $0 \leq \vpubNew \leq \MAXMONEY$.
|
||||
}
|
||||
|
||||
\consensusrule{
|
||||
Either $\vpubOld$ or $\vpubNew$ \MUST be zero.
|
||||
}
|
||||
|
||||
\todo{Describe case where there are fewer than $\NOld$ real input \notes.}
|
||||
|
||||
The value $\hSig$ is also computed from $\RandomSeed$, $\nfOld{\allOld}$, and the
|
||||
$\joinSplitPubKey$ of the containing \transaction:
|
||||
|
||||
|
@ -1318,6 +1308,15 @@ $\joinSplitPubKey$ of the containing \transaction:
|
|||
|
||||
$\hSigCRH$ is instantiated in \crossref{hsigcrh}.
|
||||
|
||||
\begin{consensusrules}
|
||||
\item Elements of a \joinSplitDescription{} \MUST have the types given
|
||||
above (for example: $0 \leq \vpubOld \leq \MAXMONEY$ and $0 \leq \vpubNew \leq \MAXMONEY$).
|
||||
\item Either $\vpubOld$ or $\vpubNew$ \MUST be zero.
|
||||
\item The proof $\Proof_{\JoinSplit}$ \MUST be valid given a \primaryInput formed
|
||||
from the other fields and $\hSig$.
|
||||
I.e. it must be the case that $\ZKJoinSplitVerify((\rt, \nfOld{\allOld}, \cmNew{\allNew},
|
||||
\vpubOld, \vpubNew, \hSig, \h{\allOld}), \Proof_{\JoinSplit}) = 1$.
|
||||
\end{consensusrules}
|
||||
|
||||
\nsubsection{Sending \Notes} \label{send}
|
||||
|
||||
|
|
Loading…
Reference in New Issue