mirror of https://github.com/zcash/zips.git
Update RedDSA verification to use cofactor multiplication.
This is necessary in order for the output of batch verification to match unbatched verification in all cases. Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
ea61325c25
commit
90692541aa
|
@ -6559,7 +6559,7 @@ Define $\RedDSAVerify{} \typecolon (\vk \typecolon \RedDSAPublic) \times (M \typ
|
|||
\item Let $\vkBytes = \LEBStoOSPOf{\ellG{}}{\reprGOf{}{\vk}}$.
|
||||
\item Let $\RedDSASigc = \RedDSAHashToScalar(\RedDSAReprR \bconcat \vkBytes \bconcat M)$.
|
||||
\item Return $1$ if $\RedDSASigR \neq \bot$ and $\RedDSASigS < \ParamG{r}$ and
|
||||
$\scalarmult{\RedDSASigS}{\GenG{}} = \RedDSASigR + \scalarmult{\RedDSASigc}{\vk}$, otherwise $0$.
|
||||
$\scalarmult{\ParamG{h}}{\big(\!\!-\scalarmult{\RedDSASigS}{\GenG{}} + \RedDSASigR + \scalarmult{\RedDSASigc}{\vk}\big)} = \ZeroG{}$, otherwise $0$.
|
||||
\end{algorithm}
|
||||
|
||||
\vspace{-4ex}
|
||||
|
@ -9553,6 +9553,18 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
|||
\intropart
|
||||
\section{Change History}
|
||||
|
||||
\subparagraph{2018.0-beta-23}
|
||||
|
||||
\begin{itemize}
|
||||
\item No changes to \Sprout.
|
||||
\sapling{
|
||||
\item Update $\RedDSA$ verification to use cofactor multiplication.
|
||||
This is necessary in order for the output of batch verification to match
|
||||
that of unbatched verification in all cases.
|
||||
} %sapling
|
||||
\end{itemize}
|
||||
|
||||
\introlist
|
||||
\subparagraph{2018.0-beta-22}
|
||||
|
||||
\begin{itemize}
|
||||
|
|
Loading…
Reference in New Issue