mirror of https://github.com/zcash/zips.git
Fix some terminology and improve some things.
This commit is contained in:
parent
c8665edd14
commit
8cc631a782
Binary file not shown.
|
@ -38,6 +38,7 @@
|
|||
\newcommand{\PRFpk}[2]{\PRF{#1}{pk_{#2}}}
|
||||
\newcommand{\SHA}{\mathtt{SHA256Compress}}
|
||||
\newcommand{\SHAName}{\emph{SHA-256 compression}}
|
||||
\newcommand{\SHAOrig}{\emph{SHA-256}}
|
||||
\newcommand{\bm}{\mathbf{\mathtt{bm}}}
|
||||
\newcommand{\InternalHashK}{\mathsf{k}}
|
||||
\newcommand{\InternalHash}{\mathsf{InternalH}}
|
||||
|
@ -95,15 +96,21 @@
|
|||
|
||||
\section{Concepts}
|
||||
|
||||
\subsection{Endianness}
|
||||
\subsection{Integers and Endianness}
|
||||
|
||||
All numerical objects in Zcash are big endian.
|
||||
Abstractly, integers have a signedness (signed or unsigned), and a bit length.
|
||||
The limits are the same as for the usual two's compliment system. All integers
|
||||
in the publicly-visible \Zcash protocol are encoded in big endian two's
|
||||
compliment.
|
||||
|
||||
If unspecified, curve points, field elements, etc., are encoded according to the
|
||||
crypto libraries the \Zcash implementation uses.
|
||||
|
||||
\subsection{Cryptographic Functions}
|
||||
|
||||
\subparagraph{}
|
||||
|
||||
$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function is used which takes a 512-bit block and produces a 256-bit hash.
|
||||
$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function is used which takes a 512-bit block and produces a 256-bit hash. This is different from the $\SHAOrig$ function, which hashes arbitrary-length strings.
|
||||
|
||||
\subparagraph{}
|
||||
|
||||
|
@ -209,7 +216,7 @@ The underlying $\Value$ and $\SpendAuthorityPublic$ are blinded with $\BucketRan
|
|||
|
||||
\end{flushright}
|
||||
|
||||
We say that the bucket commitment of a bucket $\Bucket$ = $\BucketCommitment{\Bucket}$.
|
||||
We say that the bucket commitment of a bucket $\Bucket$ is $\bm = \BucketCommitment{\Bucket}$.
|
||||
|
||||
\subparagraph{Serials}
|
||||
|
||||
|
@ -360,16 +367,16 @@ TBD. Identical to Bitcoin?
|
|||
|
||||
TBD. Identical to Bitcoin?
|
||||
|
||||
\subsection{\Zcash Public Addresses}
|
||||
\subsection{Protected Public Addresses}
|
||||
|
||||
A public address consists of $\SpendAuthorityPublic$ and $\TransmitPublic$.
|
||||
A protected address consists of $\SpendAuthorityPublic$ and $\TransmitPublic$.
|
||||
$\SpendAuthorityPublic$ is a SHA-256 compression function output.
|
||||
$\TransmitPublic$ is an encryption public key (currently ECIES, but this may
|
||||
change to Curve25519/crypto\_box), which is an elliptic curve point.
|
||||
|
||||
\subsubsection{Raw Encoding}
|
||||
|
||||
The raw encoding of a \Zcash public address consists of:
|
||||
The raw encoding of a protected address consists of:
|
||||
|
||||
\begin{equation*}
|
||||
\begin{bytefield}[bitwidth=0.07em]{520}
|
||||
|
@ -397,16 +404,16 @@ produces the correct Base58 leading character}
|
|||
|
||||
\textbf{TODO: what about the network version byte?}
|
||||
|
||||
\subsection{\Zcash Private Keys}
|
||||
\subsection{Protected Address Secrets}
|
||||
|
||||
A \Zcash private key consists of $\SpendAuthorityPrivate$ and
|
||||
A protected address secret consists of $\SpendAuthorityPrivate$ and
|
||||
$\TransmitPrivate$. $\SpendAuthorityPrivate$ is a SHA-256 compression function
|
||||
output. $\TransmitPrivate$ is an encryption private key (currently ECIES), which
|
||||
is an integer.
|
||||
|
||||
\subsubsection{Raw Encoding}
|
||||
|
||||
The raw encoding of a \Zcash private key consists of, in order:
|
||||
The raw encoding of a protected address secret consists of, in order:
|
||||
|
||||
\begin{equation*}
|
||||
\begin{bytefield}[bitwidth=0.07em]{520}
|
||||
|
|
Loading…
Reference in New Issue