mirror of https://github.com/zcash/zips.git
Add question about collision-resistance of PRF^sn.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
fe003d4954
commit
74e6963e96
|
@ -187,10 +187,13 @@ different from the $\SHAOrig$ function, which hashes arbitrary-length strings.
|
|||
|
||||
$\PRF{x}{}$ is a pseudo-random function seeded by $x$. Three \emph{independent}
|
||||
$\PRF{x}{}$ are needed in our scheme: $\PRFaddr{x}$, $\PRFsn{x}$, and
|
||||
$\PRFpk{x}{i}$. It is required that $\PRFsn{x}$ be collision-resistant. In \Zcash,
|
||||
the $\SHAName$ function is used to construct all three of these functions. The bits
|
||||
$\mathtt{00}$, $\mathtt{01}$ and $\mathtt{10}$ are included (respectively) within
|
||||
the blocks that are hashed, ensuring that the functions are independent.
|
||||
$\PRFpk{x}{i}$. It is required that $\PRFsn{x}$ be collision-resistant.
|
||||
\daira{For any given $x$, or across all $x$?}
|
||||
|
||||
In \Zcash, the $\SHAName$ function is used to construct all three of these
|
||||
functions. The bits $\mathtt{00}$, $\mathtt{01}$ and $\mathtt{10}$ are included
|
||||
(respectively) within the blocks that are hashed, ensuring that the functions are
|
||||
independent.
|
||||
|
||||
\begin{equation*}
|
||||
\SpendAuthorityPublic = \PRFaddr{\SpendAuthorityPrivate}(0) = \CRH\left(
|
||||
|
|
Loading…
Reference in New Issue