mirror of https://github.com/zcash/zips.git
Update RedDSA verification to use cofactor multiplication.
This is necessary in order for the output of batch verification to match unbatched verification in all cases. Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
ea61325c25
commit
90692541aa
|
@ -6559,7 +6559,7 @@ Define $\RedDSAVerify{} \typecolon (\vk \typecolon \RedDSAPublic) \times (M \typ
|
||||||
\item Let $\vkBytes = \LEBStoOSPOf{\ellG{}}{\reprGOf{}{\vk}}$.
|
\item Let $\vkBytes = \LEBStoOSPOf{\ellG{}}{\reprGOf{}{\vk}}$.
|
||||||
\item Let $\RedDSASigc = \RedDSAHashToScalar(\RedDSAReprR \bconcat \vkBytes \bconcat M)$.
|
\item Let $\RedDSASigc = \RedDSAHashToScalar(\RedDSAReprR \bconcat \vkBytes \bconcat M)$.
|
||||||
\item Return $1$ if $\RedDSASigR \neq \bot$ and $\RedDSASigS < \ParamG{r}$ and
|
\item Return $1$ if $\RedDSASigR \neq \bot$ and $\RedDSASigS < \ParamG{r}$ and
|
||||||
$\scalarmult{\RedDSASigS}{\GenG{}} = \RedDSASigR + \scalarmult{\RedDSASigc}{\vk}$, otherwise $0$.
|
$\scalarmult{\ParamG{h}}{\big(\!\!-\scalarmult{\RedDSASigS}{\GenG{}} + \RedDSASigR + \scalarmult{\RedDSASigc}{\vk}\big)} = \ZeroG{}$, otherwise $0$.
|
||||||
\end{algorithm}
|
\end{algorithm}
|
||||||
|
|
||||||
\vspace{-4ex}
|
\vspace{-4ex}
|
||||||
|
@ -9553,6 +9553,18 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
||||||
\intropart
|
\intropart
|
||||||
\section{Change History}
|
\section{Change History}
|
||||||
|
|
||||||
|
\subparagraph{2018.0-beta-23}
|
||||||
|
|
||||||
|
\begin{itemize}
|
||||||
|
\item No changes to \Sprout.
|
||||||
|
\sapling{
|
||||||
|
\item Update $\RedDSA$ verification to use cofactor multiplication.
|
||||||
|
This is necessary in order for the output of batch verification to match
|
||||||
|
that of unbatched verification in all cases.
|
||||||
|
} %sapling
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
\introlist
|
||||||
\subparagraph{2018.0-beta-22}
|
\subparagraph{2018.0-beta-22}
|
||||||
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
|
Loading…
Reference in New Issue