mirror of https://github.com/zcash/zips.git
Add signature digest algorithm for TZEs.
This commit is contained in:
parent
7fbe3780d9
commit
7558c6995d
21
zip-0244.rst
21
zip-0244.rst
|
@ -252,7 +252,7 @@ The personalization field of this hash is set to::
|
||||||
|
|
||||||
T.4a.i: ``sapling_spends_compact_digest``
|
T.4a.i: ``sapling_spends_compact_digest``
|
||||||
.......................................
|
.......................................
|
||||||
A BLAKE2b-256 hash of the field encoding of all nullifier field
|
A BLAKE2b-256 hash of the field encoding of all ``nullifier`` field
|
||||||
values of Sapling shielded spends belonging to the transaction.
|
values of Sapling shielded spends belonging to the transaction.
|
||||||
|
|
||||||
The personalization field of this hash is set to::
|
The personalization field of this hash is set to::
|
||||||
|
@ -330,12 +330,12 @@ The personalization field of this hash is set to::
|
||||||
Signature Digest
|
Signature Digest
|
||||||
================
|
================
|
||||||
|
|
||||||
A new per-input transaction digest algorithm that constructs a hash that may be signed
|
A new per-input transaction digest algorithm is defined that constructs a hash that may be
|
||||||
by a transaction creator to commit to the effects of the transaction. In the
|
signed by a transaction creator to commit to the effects of the transaction. In the case
|
||||||
case that the transaction consumes no transparent inputs, it should be possible
|
that the transaction consumes no transparent inputs, it should be possible to just sign
|
||||||
to just sign the transaction identifier produced by the ``TxId Digest`` algorithm.
|
the transaction identifier produced by the ``TxId Digest`` algorithm. In the case that
|
||||||
In the case that transparent inputs are present, this algorithm follows closely
|
transparent inputs are present, this algorithm follows closely the ZIP 143 [#zip-0143]_
|
||||||
the ZIP 143 [#zip-0143]_ algorithm.
|
algorithm.
|
||||||
|
|
||||||
The overall structure of the hash is as follows; each name referenced here will be
|
The overall structure of the hash is as follows; each name referenced here will be
|
||||||
described in detail below:
|
described in detail below:
|
||||||
|
@ -495,7 +495,7 @@ A BLAKE2b-256 hash of the following values ::
|
||||||
|
|
||||||
The personalization field of this hash is set to::
|
The personalization field of this hash is set to::
|
||||||
|
|
||||||
"ZTxAuth_____Hash" (5 underscore characters)
|
"ZTxAuthHash_" || CONSENSUS_BRANCH_ID
|
||||||
|
|
||||||
1: ``transparent_scripts_digest``
|
1: ``transparent_scripts_digest``
|
||||||
`````````````````````````````````
|
`````````````````````````````````
|
||||||
|
@ -508,8 +508,9 @@ The personalization field of this hash is set to::
|
||||||
|
|
||||||
2: ``sprout_auth_digest``
|
2: ``sprout_auth_digest``
|
||||||
```````````````````````````
|
```````````````````````````
|
||||||
A BLAKE2b-256 hash of the field encoding of the zkproof values of each
|
A BLAKE2b-256 hash of the field encoding of the ``zkproof`` values of each
|
||||||
``JSDescription`` belonging to the transaction.
|
``JSDescription`` belonging to the transaction, followed by the
|
||||||
|
``joinsplit_pubkey`` and ``joinsplit_sig``.
|
||||||
|
|
||||||
* 2a. ``zkproofs`` (field encoding bytes)
|
* 2a. ``zkproofs`` (field encoding bytes)
|
||||||
* 2b. ``joinsplit_pubkey``
|
* 2b. ``joinsplit_pubkey``
|
||||||
|
|
109
zip-0245.rst
109
zip-0245.rst
|
@ -31,16 +31,16 @@ TxId Digest
|
||||||
The tree of hashes defined by ZIP 244 [#zip-0244]_ is re-structured to include a new
|
The tree of hashes defined by ZIP 244 [#zip-0244]_ is re-structured to include a new
|
||||||
branch for TZE hashes. The ``tze_digest`` branch is the only new addition to the
|
branch for TZE hashes. The ``tze_digest`` branch is the only new addition to the
|
||||||
tree; ``header_digest``, ``transparent_digest``, ``sprout_digest``, and ``sapling_digest``
|
tree; ``header_digest``, ``transparent_digest``, ``sprout_digest``, and ``sapling_digest``
|
||||||
are as in ZIP 244.
|
are as in ZIP 244::
|
||||||
|
|
||||||
txid_digest
|
txid_digest
|
||||||
├── header_digest
|
├── header_digest
|
||||||
├── transparent_digest
|
├── transparent_digest
|
||||||
├── tze_digest
|
├── tze_digest
|
||||||
│ ├── tzein_digest
|
│ ├── tzein_digest
|
||||||
│ └── tzeout_digest
|
│ └── tzeout_digest
|
||||||
├── sprout_digest
|
├── sprout_digest
|
||||||
└── sapling_digest
|
└── sapling_digest
|
||||||
|
|
||||||
``txid_digest``
|
``txid_digest``
|
||||||
```````````````
|
```````````````
|
||||||
|
@ -89,19 +89,86 @@ The personalization field of this hash is set to::
|
||||||
|
|
||||||
"ZTxIdTzeOutsHash"
|
"ZTxIdTzeOutsHash"
|
||||||
|
|
||||||
Witness Digest
|
Signature Digest
|
||||||
--------------
|
----------------
|
||||||
|
|
||||||
The tree of hashes defined by ZIP 244 [#zip-0244]_ is re-structured to include a new
|
The signature digest creation algorithm defined by ZIP 244 [#zip-0244]_ is modified to
|
||||||
branch for TZE hashes. The ``tze_digest`` branch is the only new addition to the
|
include a new branch for TZE hashes. The ``tze_digest`` branch is the only new addition
|
||||||
tree; ``transparent_digest``, ``sprout_digest``, and ``sapling_digest``
|
to the tree; ``header_digest``, ``transparent_digest``, ``sprout_digest``, and
|
||||||
are as in ZIP 244.
|
``sapling_digest`` are as in ZIP 244::
|
||||||
|
|
||||||
auth_digest
|
signature_digest
|
||||||
├── transparent_scripts_digest
|
├── header_digest
|
||||||
├── tze_witnesses_digest
|
├── transparent_digest
|
||||||
├── sprout_sigs_digest
|
├── tze_digest
|
||||||
└── sapling_sigs_digest
|
│ ├── tzein_digest
|
||||||
|
│ └── tzeout_digest
|
||||||
|
├── sprout_digest
|
||||||
|
└── sapling_digest
|
||||||
|
|
||||||
|
``signature_digest``
|
||||||
|
--------------------
|
||||||
|
A BLAKE2b-256 hash of the following values ::
|
||||||
|
|
||||||
|
* S.1: ``header_digest`` (32-byte hash output)
|
||||||
|
* S.2: ``transparent_digest`` (32-byte hash output)
|
||||||
|
* S.3: ``tze_digest`` (32-byte hash output)
|
||||||
|
* S.4: ``sprout_digest (32-byte hash output)
|
||||||
|
* S.5: ``sapling_digest (32-byte hash output)
|
||||||
|
|
||||||
|
The personalization field of this hash is set to::
|
||||||
|
|
||||||
|
"ZcashTxHash_" || CONSENSUS_BRANCH_ID
|
||||||
|
|
||||||
|
This value must have the same personalization as the top hash of the transaction
|
||||||
|
identifier digest tree, in order to make it possible to sign the transaction id
|
||||||
|
in the case that there are no transparent inputs.
|
||||||
|
|
||||||
|
S.1: ``header_digest``
|
||||||
|
`````````````````````````
|
||||||
|
Identical to that specified by S.1 in ZIP 244
|
||||||
|
|
||||||
|
S.2: ``transparent_digest``
|
||||||
|
```````````````````````````
|
||||||
|
Identical to that specified by S.2 in ZIP 244
|
||||||
|
|
||||||
|
S.3: ``tze_digest``
|
||||||
|
`````````````````````````
|
||||||
|
This digest is a BLAKE2b-256 hash of the following values of the TZE
|
||||||
|
input being signed::
|
||||||
|
|
||||||
|
* S.3a. ``prevout_digest`` (field encoding bytes)
|
||||||
|
* S.3b. ``extension_id`` (CompactSize field encoding)
|
||||||
|
* S.3c. ``mode`` (CompactSize field encoding)
|
||||||
|
* S.3d. ``payload`` (arbitrary bytes)
|
||||||
|
* S.3e. ``value`` of the output spent by this input (8-byte little endian)
|
||||||
|
|
||||||
|
The personalization field of this hash is set to::
|
||||||
|
|
||||||
|
"Zcash__TzeInHash"
|
||||||
|
|
||||||
|
S.4: ``sprout_digest``
|
||||||
|
`````````````````````````
|
||||||
|
Identical to that specified by S.3 in ZIP 244
|
||||||
|
|
||||||
|
S.5: ``sapling_digest``
|
||||||
|
`````````````````````````
|
||||||
|
Identical to that specified by S.4 in ZIP 244
|
||||||
|
|
||||||
|
|
||||||
|
Authorizing Data Commitment
|
||||||
|
---------------------------
|
||||||
|
|
||||||
|
The tree of hashes defined by ZIP 244 [#zip-0244]_ for authorizing data commitments is
|
||||||
|
re-structured to include a new branch for TZE hashes. The ``tze_digest`` branch is the
|
||||||
|
only new addition to the tree; ``transparent_digest``, ``sprout_digest``, and
|
||||||
|
``sapling_digest`` are as in ZIP 244::
|
||||||
|
|
||||||
|
auth_digest
|
||||||
|
├── transparent_scripts_digest
|
||||||
|
├── tze_witnesses_digest
|
||||||
|
├── sprout_sigs_digest
|
||||||
|
└── sapling_sigs_digest
|
||||||
|
|
||||||
``auth_digest``
|
``auth_digest``
|
||||||
```````````````
|
```````````````
|
||||||
|
@ -117,7 +184,7 @@ The personalization field of this hash is unmodified from ZIP 244.
|
||||||
|
|
||||||
2: ``tze_witnesses_digest``
|
2: ``tze_witnesses_digest``
|
||||||
```````````````````````````
|
```````````````````````````
|
||||||
A BLAKE2b-256 hash of the field encoding of the witness data associated
|
A BLAKE2b-256 hash of the field encoding of the witness ``payload`` data associated
|
||||||
with each TZE input belonging to the transaction.
|
with each TZE input belonging to the transaction.
|
||||||
|
|
||||||
The personalization field of this hash is set to::
|
The personalization field of this hash is set to::
|
||||||
|
|
Loading…
Reference in New Issue