zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix errors in Orchard due to cut-and-paste from Sapling. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2021-03-26 17:55:51 +00:00
parent 4d3204b8e1
commit 74dfa80194
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
protocol/protocol.tex
View File

@ -7361,7 +7361,7 @@ from $\TransmitPlaintext{}$
compressed encodings of \jubjubCurve points. Therefore, an implementation \MUST use the original compressed encodings of \jubjubCurve points. Therefore, an implementation \MUST use the original
$\ephemeralKey$ field as encoded in the \transaction as input to $\PRFock{}{}$ and $\KDF{Sapling}$, $\ephemeralKey$ field as encoded in the \transaction as input to $\PRFock{}{}$ and $\KDF{Sapling}$,
and in the comparison against and in the comparison against
$\reprJ\big(\KADerivePublic{Sapling}(\EphemeralPrivate, \DiversifiedTransmitBase)\kern-0.12em\big)$.\!\!\nufive{\; For $\reprG{}\big(\KADerivePublic{Sapling}(\EphemeralPrivate, \DiversifiedTransmitBase)\kern-0.12em\big)$.\!\!\nufive{\; For
consistency this is also what is specified for \Orchard.}\vspace{-0.5ex} consistency this is also what is specified for \Orchard.}\vspace{-0.5ex}
\prenufiveitem{$\DiversifiedTransmitPublicRepr$ can also be \nonCanonicalPoint. Since $\bot$ is returned \prenufiveitem{$\DiversifiedTransmitPublicRepr$ can also be \nonCanonicalPoint. Since $\bot$ is returned
if $\DiversifiedTransmitBase \not\in \SubgroupJ$, the only accepted \nonCanonicalPoint encoding for if $\DiversifiedTransmitBase \not\in \SubgroupJ$, the only accepted \nonCanonicalPoint encoding for
@ -10465,7 +10465,7 @@ Define $\reprG{} \typecolon \GroupG{} \rightarrow \ReprG{}$ such that
\vspace{1ex} \vspace{1ex}
\introlist \introlist
Define $\abstG{} \typecolon \ReprG{} \rightarrow \maybe{\GroupG{}}$ such that Define $\abstG{} \typecolon \ReprG{} \rightarrow \maybe{\GroupG{}}$ such that
$\abstJ\Of{P\Repr}$ is computed as follows: $\abstG{}\Of{P\Repr}$ is computed as follows:
\begin{formulae} \begin{formulae}
\item let ${x\Repr} \typecolon \bitseq{255}$ be the first $255$ bits of $P\Repr$ and \item let ${x\Repr} \typecolon \bitseq{255}$ be the first $255$ bits of $P\Repr$ and
let $\tilde{y} \typecolon \bit$ be the last bit. let $\tilde{y} \typecolon \bit$ be the last bit.
@ -12458,9 +12458,9 @@ $32$ & $\rkField$ & \type{byte[32]} & The randomized \validatingKey for $\spendA
$\LEBStoOSP{256}\big(\reprP\Of{\AuthSignRandomizedPublic}\kern-0.1em\big)$. \\ \hline $\LEBStoOSP{256}\big(\reprP\Of{\AuthSignRandomizedPublic}\kern-0.1em\big)$. \\ \hline
$32$ & $\cmxField$ & \type{byte[32]} & The $x$-coordinate of the \noteCommitment for the output \note, $32$ & $\cmxField$ & \type{byte[32]} & The $x$-coordinate of the \noteCommitment for the output \note,
$\LEBStoOSPOf{256}{\cmX}$ where $\cmU = \ExtractJ(\cm)$. \\ \hline $\LEBStoOSPOf{256}{\cmX}$ where $\cmX = \ExtractP(\cm)$. \\ \hline
$32$ & $\ephemeralKey$ & \type{byte[32]} & An encoding of an ephemeral \Jubjub \publicKey, $32$ & $\ephemeralKey$ & \type{byte[32]} & An encoding of an ephemeral \Pallas \publicKey,
$\LEBStoOSP{256}\big(\reprP\Of{\EphemeralPublic}\kern-0.1em\big)$. \\ \hline $\LEBStoOSP{256}\big(\reprP\Of{\EphemeralPublic}\kern-0.1em\big)$. \\ \hline
$580$ & $\encCiphertext$ & \type{byte[580]} & A ciphertext component for the $580$ & $\encCiphertext$ & \type{byte[580]} & A ciphertext component for the
@ -14002,6 +14002,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
\item Make the naming of $\enableSpends$ and $\enableOutputs$ consistent. \item Make the naming of $\enableSpends$ and $\enableOutputs$ consistent.
\end{itemize} \end{itemize}
\item Update specification of $\Poseidon$. \item Update specification of $\Poseidon$.
\item Fix errors in \Orchard due to cut-and-paste from \Sapling.
\item Add references to \cite{Zcash-halo2}. \item Add references to \cite{Zcash-halo2}.
\item Correct the description of $\lengthField$ in \crossref{unifiedpaymentaddrencoding}. \item Correct the description of $\lengthField$ in \crossref{unifiedpaymentaddrencoding}.
\item Correct the type signature of $\DiversifyHash{Orchard}$ in \crossref{abstracthashes}. \item Correct the type signature of $\DiversifyHash{Orchard}$ in \crossref{abstracthashes}.