From 74dfa801942067474be877df28971d1248556339 Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Fri, 26 Mar 2021 17:55:51 +0000 Subject: [PATCH] Fix errors in Orchard due to cut-and-paste from Sapling. Signed-off-by: Daira Hopwood --- protocol/protocol.tex | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/protocol/protocol.tex b/protocol/protocol.tex index 0fd2fb15..dfc0dc4d 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -7361,7 +7361,7 @@ from $\TransmitPlaintext{}$ compressed encodings of \jubjubCurve points. Therefore, an implementation \MUST use the original $\ephemeralKey$ field as encoded in the \transaction as input to $\PRFock{}{}$ and $\KDF{Sapling}$, and in the comparison against - $\reprJ\big(\KADerivePublic{Sapling}(\EphemeralPrivate, \DiversifiedTransmitBase)\kern-0.12em\big)$.\!\!\nufive{\; For + $\reprG{}\big(\KADerivePublic{Sapling}(\EphemeralPrivate, \DiversifiedTransmitBase)\kern-0.12em\big)$.\!\!\nufive{\; For consistency this is also what is specified for \Orchard.}\vspace{-0.5ex} \prenufiveitem{$\DiversifiedTransmitPublicRepr$ can also be \nonCanonicalPoint. Since $\bot$ is returned if $\DiversifiedTransmitBase \not\in \SubgroupJ$, the only accepted \nonCanonicalPoint encoding for @@ -10465,7 +10465,7 @@ Define $\reprG{} \typecolon \GroupG{} \rightarrow \ReprG{}$ such that \vspace{1ex} \introlist Define $\abstG{} \typecolon \ReprG{} \rightarrow \maybe{\GroupG{}}$ such that -$\abstJ\Of{P\Repr}$ is computed as follows: +$\abstG{}\Of{P\Repr}$ is computed as follows: \begin{formulae} \item let ${x\Repr} \typecolon \bitseq{255}$ be the first $255$ bits of $P\Repr$ and let $\tilde{y} \typecolon \bit$ be the last bit. @@ -12458,9 +12458,9 @@ $32$ & $\rkField$ & \type{byte[32]} & The randomized \validatingKey for $\spendA $\LEBStoOSP{256}\big(\reprP\Of{\AuthSignRandomizedPublic}\kern-0.1em\big)$. \\ \hline $32$ & $\cmxField$ & \type{byte[32]} & The $x$-coordinate of the \noteCommitment for the output \note, -$\LEBStoOSPOf{256}{\cmX}$ where $\cmU = \ExtractJ(\cm)$. \\ \hline +$\LEBStoOSPOf{256}{\cmX}$ where $\cmX = \ExtractP(\cm)$. \\ \hline -$32$ & $\ephemeralKey$ & \type{byte[32]} & An encoding of an ephemeral \Jubjub \publicKey, +$32$ & $\ephemeralKey$ & \type{byte[32]} & An encoding of an ephemeral \Pallas \publicKey, $\LEBStoOSP{256}\big(\reprP\Of{\EphemeralPublic}\kern-0.1em\big)$. \\ \hline $580$ & $\encCiphertext$ & \type{byte[580]} & A ciphertext component for the @@ -14002,6 +14002,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}. \item Make the naming of $\enableSpends$ and $\enableOutputs$ consistent. \end{itemize} \item Update specification of $\Poseidon$. + \item Fix errors in \Orchard due to cut-and-paste from \Sapling. \item Add references to \cite{Zcash-halo2}. \item Correct the description of $\lengthField$ in \crossref{unifiedpaymentaddrencoding}. \item Correct the type signature of $\DiversifyHash{Orchard}$ in \crossref{abstracthashes}.