mirror of https://github.com/zcash/zips.git
Add signature digest algorithm for TZEs.
This commit is contained in:
Kris Nuttycombe
parent
7fbe3780d9
commit
7558c6995d
21
zip-0244.rst
21
zip-0244.rst
|
|
@ -252,7 +252,7 @@ The personalization field of this hash is set to::
|
|||
|
||||
T.4a.i: ``sapling_spends_compact_digest``
|
||||
.......................................
|
||||
A BLAKE2b-256 hash of the field encoding of all nullifier field
|
||||
A BLAKE2b-256 hash of the field encoding of all ``nullifier`` field
|
||||
values of Sapling shielded spends belonging to the transaction.
|
||||
|
||||
The personalization field of this hash is set to::
|
||||
|
|
@ -330,12 +330,12 @@ The personalization field of this hash is set to::
|
|||
Signature Digest
|
||||
================
|
||||
|
||||
A new per-input transaction digest algorithm that constructs a hash that may be signed
|
||||
by a transaction creator to commit to the effects of the transaction. In the
|
||||
case that the transaction consumes no transparent inputs, it should be possible
|
||||
to just sign the transaction identifier produced by the ``TxId Digest`` algorithm.
|
||||
In the case that transparent inputs are present, this algorithm follows closely
|
||||
the ZIP 143 [#zip-0143]_ algorithm.
|
||||
A new per-input transaction digest algorithm is defined that constructs a hash that may be
|
||||
signed by a transaction creator to commit to the effects of the transaction. In the case
|
||||
that the transaction consumes no transparent inputs, it should be possible to just sign
|
||||
the transaction identifier produced by the ``TxId Digest`` algorithm. In the case that
|
||||
transparent inputs are present, this algorithm follows closely the ZIP 143 [#zip-0143]_
|
||||
algorithm.
|
||||
|
||||
The overall structure of the hash is as follows; each name referenced here will be
|
||||
described in detail below:
|
||||
|
|
@ -495,7 +495,7 @@ A BLAKE2b-256 hash of the following values ::
|
|||
|
||||
The personalization field of this hash is set to::
|
||||
|
||||
"ZTxAuth_____Hash" (5 underscore characters)
|
||||
"ZTxAuthHash_" || CONSENSUS_BRANCH_ID
|
||||
|
||||
1: ``transparent_scripts_digest``
|
||||
`````````````````````````````````
|
||||
|
|
@ -508,8 +508,9 @@ The personalization field of this hash is set to::
|
|||
|
||||
2: ``sprout_auth_digest``
|
||||
```````````````````````````
|
||||
A BLAKE2b-256 hash of the field encoding of the zkproof values of each
|
||||
``JSDescription`` belonging to the transaction.
|
||||
A BLAKE2b-256 hash of the field encoding of the ``zkproof`` values of each
|
||||
``JSDescription`` belonging to the transaction, followed by the
|
||||
``joinsplit_pubkey`` and ``joinsplit_sig``.
|
||||
|
||||
* 2a. ``zkproofs`` (field encoding bytes)
|
||||
* 2b. ``joinsplit_pubkey``
|
||||
|
|
|
|||
109
zip-0245.rst
109
zip-0245.rst
|
|
@ -31,16 +31,16 @@ TxId Digest
|
|||
The tree of hashes defined by ZIP 244 [#zip-0244]_ is re-structured to include a new
|
||||
branch for TZE hashes. The ``tze_digest`` branch is the only new addition to the
|
||||
tree; ``header_digest``, ``transparent_digest``, ``sprout_digest``, and ``sapling_digest``
|
||||
are as in ZIP 244.
|
||||
are as in ZIP 244::
|
||||
|
||||
txid_digest
|
||||
├── header_digest
|
||||
├── transparent_digest
|
||||
├── tze_digest
|
||||
│ ├── tzein_digest
|
||||
│ └── tzeout_digest
|
||||
├── sprout_digest
|
||||
└── sapling_digest
|
||||
txid_digest
|
||||
├── header_digest
|
||||
├── transparent_digest
|
||||
├── tze_digest
|
||||
│ ├── tzein_digest
|
||||
│ └── tzeout_digest
|
||||
├── sprout_digest
|
||||
└── sapling_digest
|
||||
|
||||
``txid_digest``
|
||||
```````````````
|
||||
|
|
@ -89,19 +89,86 @@ The personalization field of this hash is set to::
|
|||
|
||||
"ZTxIdTzeOutsHash"
|
||||
|
||||
Witness Digest
|
||||
--------------
|
||||
Signature Digest
|
||||
----------------
|
||||
|
||||
The tree of hashes defined by ZIP 244 [#zip-0244]_ is re-structured to include a new
|
||||
branch for TZE hashes. The ``tze_digest`` branch is the only new addition to the
|
||||
tree; ``transparent_digest``, ``sprout_digest``, and ``sapling_digest``
|
||||
are as in ZIP 244.
|
||||
The signature digest creation algorithm defined by ZIP 244 [#zip-0244]_ is modified to
|
||||
include a new branch for TZE hashes. The ``tze_digest`` branch is the only new addition
|
||||
to the tree; ``header_digest``, ``transparent_digest``, ``sprout_digest``, and
|
||||
``sapling_digest`` are as in ZIP 244::
|
||||
|
||||
auth_digest
|
||||
├── transparent_scripts_digest
|
||||
├── tze_witnesses_digest
|
||||
├── sprout_sigs_digest
|
||||
└── sapling_sigs_digest
|
||||
signature_digest
|
||||
├── header_digest
|
||||
├── transparent_digest
|
||||
├── tze_digest
|
||||
│ ├── tzein_digest
|
||||
│ └── tzeout_digest
|
||||
├── sprout_digest
|
||||
└── sapling_digest
|
||||
|
||||
``signature_digest``
|
||||
--------------------
|
||||
A BLAKE2b-256 hash of the following values ::
|
||||
|
||||
* S.1: ``header_digest`` (32-byte hash output)
|
||||
* S.2: ``transparent_digest`` (32-byte hash output)
|
||||
* S.3: ``tze_digest`` (32-byte hash output)
|
||||
* S.4: ``sprout_digest (32-byte hash output)
|
||||
* S.5: ``sapling_digest (32-byte hash output)
|
||||
|
||||
The personalization field of this hash is set to::
|
||||
|
||||
"ZcashTxHash_" || CONSENSUS_BRANCH_ID
|
||||
|
||||
This value must have the same personalization as the top hash of the transaction
|
||||
identifier digest tree, in order to make it possible to sign the transaction id
|
||||
in the case that there are no transparent inputs.
|
||||
|
||||
S.1: ``header_digest``
|
||||
`````````````````````````
|
||||
Identical to that specified by S.1 in ZIP 244
|
||||
|
||||
S.2: ``transparent_digest``
|
||||
```````````````````````````
|
||||
Identical to that specified by S.2 in ZIP 244
|
||||
|
||||
S.3: ``tze_digest``
|
||||
`````````````````````````
|
||||
This digest is a BLAKE2b-256 hash of the following values of the TZE
|
||||
input being signed::
|
||||
|
||||
* S.3a. ``prevout_digest`` (field encoding bytes)
|
||||
* S.3b. ``extension_id`` (CompactSize field encoding)
|
||||
* S.3c. ``mode`` (CompactSize field encoding)
|
||||
* S.3d. ``payload`` (arbitrary bytes)
|
||||
* S.3e. ``value`` of the output spent by this input (8-byte little endian)
|
||||
|
||||
The personalization field of this hash is set to::
|
||||
|
||||
"Zcash__TzeInHash"
|
||||
|
||||
S.4: ``sprout_digest``
|
||||
`````````````````````````
|
||||
Identical to that specified by S.3 in ZIP 244
|
||||
|
||||
S.5: ``sapling_digest``
|
||||
`````````````````````````
|
||||
Identical to that specified by S.4 in ZIP 244
|
||||
|
||||
|
||||
Authorizing Data Commitment
|
||||
---------------------------
|
||||
|
||||
The tree of hashes defined by ZIP 244 [#zip-0244]_ for authorizing data commitments is
|
||||
re-structured to include a new branch for TZE hashes. The ``tze_digest`` branch is the
|
||||
only new addition to the tree; ``transparent_digest``, ``sprout_digest``, and
|
||||
``sapling_digest`` are as in ZIP 244::
|
||||
|
||||
auth_digest
|
||||
├── transparent_scripts_digest
|
||||
├── tze_witnesses_digest
|
||||
├── sprout_sigs_digest
|
||||
└── sapling_sigs_digest
|
||||
|
||||
``auth_digest``
|
||||
```````````````
|
||||
|
|
@ -117,7 +184,7 @@ The personalization field of this hash is unmodified from ZIP 244.
|
|||
|
||||
2: ``tze_witnesses_digest``
|
||||
```````````````````````````
|
||||
A BLAKE2b-256 hash of the field encoding of the witness data associated
|
||||
A BLAKE2b-256 hash of the field encoding of the witness ``payload`` data associated
|
||||
with each TZE input belonging to the transaction.
|
||||
|
||||
The personalization field of this hash is set to::
|
||||
|
|
|
|||
Loading…
Reference in New Issue