mirror of https://github.com/zcash/zips.git
Specify more precisely the requirements on Ed25519 public keys and signatures.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
488195b804
commit
8356e7b3b0
|
@ -3099,10 +3099,18 @@ block.
|
|||
$\JoinSplitSig$ is specified in \crossref{abstractsig}.
|
||||
|
||||
\changed{It is instantiated as $\JoinSplitSigSpecific$ \cite{BDL+2012},
|
||||
with the additional requirement that $\EdDSAs$ (the integer represented
|
||||
by $\EdDSAS$) must be less than the prime
|
||||
$\ell = 2^{252} + 27742317777372353535851937790883648493$,
|
||||
otherwise the signature is considered invalid.
|
||||
with the additional requirements that:
|
||||
|
||||
\begin{itemize}
|
||||
\item $\EdDSAS$ \MUST represent an integer less than
|
||||
the prime $\ell = 2^{252} + 27742317777372353535851937790883648493$;
|
||||
\item $\EdDSAR$ \MUST represent a point of order $\ell$ on the Ed25519 curve;
|
||||
\end{itemize}
|
||||
|
||||
If these requirements are not met then the signature is considered invalid.
|
||||
Note that it is \emph{not} required that the encoding of the y-coordinate
|
||||
in $\EdDSAR$ is less than $2^{255}-19$.
|
||||
|
||||
$\JoinSplitSigSpecific$ is defined as using $\JoinSplitSigHashName$ internally.
|
||||
}
|
||||
|
||||
|
@ -5282,6 +5290,8 @@ The errors in the proof of Ledger Indistinguishability mentioned in
|
|||
\subparagraph{2018.0-beta-5}
|
||||
|
||||
\begin{itemize}
|
||||
\item Specify more precisely the requirements on $\JoinSplitSigSpecific$
|
||||
public keys and signatures.
|
||||
\sapling{
|
||||
\item{\Sapling work in progress.}
|
||||
}
|
||||
|
@ -5647,7 +5657,7 @@ The errors in the proof of Ledger Indistinguishability mentioned in
|
|||
\printbibliography
|
||||
\endgroup
|
||||
|
||||
%\notsprout{
|
||||
\notsprout{
|
||||
|
||||
\introsection
|
||||
\vspace{20ex}
|
||||
|
@ -6102,6 +6112,6 @@ cryptanalytic attention to confidently use them for \Sapling.
|
|||
|
||||
\nsubsection{The SaplingOutput circuit} \label{cctsaplingoutput}
|
||||
|
||||
%} %notsprout
|
||||
} %notsprout
|
||||
|
||||
\end{document}
|
||||
|
|
Loading…
Reference in New Issue