From 90e83ad754d2a8422062123afb30b95449545863 Mon Sep 17 00:00:00 2001 From: Kris Nuttycombe Date: Tue, 2 Feb 2021 13:22:02 -0700 Subject: [PATCH] Note number of underscores in hash personalization strings. Co-authored-by: Daira Hopwood --- zip-0244.rst | 21 +++++++++++++-------- zip-0245.rst | 4 +++- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/zip-0244.rst b/zip-0244.rst index 6d772b6c..5fb346e8 100644 --- a/zip-0244.rst +++ b/zip-0244.rst @@ -148,6 +148,8 @@ The personalization field of this hash is set to:: "ZcashTxHash_" || CONSENSUS_BRANCH_ID +"ZcashTxHash_" has 1 underscore character. + As in ZIP 143 [#zip-0143]_, CONSENSUS_BRANCH_ID is the 4-byte little-endian encoding of the consensus branch ID for the epoch of the block containing the transaction. Domain separation of the transaction id hash across parallel consensus branches provides replay @@ -302,7 +304,7 @@ in the hash:: The personalization field of this hash is set to:: - "ZTxIdSOutC__Hash" + "ZTxIdSOutC__Hash" (2 underscore characters) T.4a.ii: sapling_outputs_memos_digest ..................................... @@ -314,7 +316,7 @@ are included in the hash:: The personalization field of this hash is set to:: - "ZTxIdSOutM__Hash" + "ZTxIdSOutM__Hash" (2 underscore characters) T.4a.iii: sapling_outputs_noncompact_digest ........................................... @@ -363,9 +365,11 @@ The personalization field of this hash is set to:: "ZcashTxHash_" || CONSENSUS_BRANCH_ID -This value must have the same personalization as the top hash of the transaction -identifier digest tree, in order to make it possible to sign the transaction id -in the case that there are no transparent inputs. +"ZcashTxHash_" has 1 underscore character. + +This value has the same personalization as the top hash of the transaction +identifier digest tree, so that what is being signed in the case that there are +no transparent inputs is just the transaction id. S.1: header_digest `````````````````` @@ -501,6 +505,8 @@ The personalization field of this hash is set to:: "ZTxAuthHash_" || CONSENSUS_BRANCH_ID +"ZTxAuthHash_" has 1 underscore character. + A.1: transparent_scripts_digest ``````````````````````````````` A BLAKE2b-256 hash of the field encoding of the Bitcoin script associated @@ -561,9 +567,9 @@ to the transaction data, including witnesses, that appear within the block. As a consequence, we now need to add a new commitment to the block header. This commitment will be the root of a Merkle tree that has parallel structure -to the tree committed to by ``hashMerkleRoot`` (a path through this merkle +to the tree committed to by ``hashMerkleRoot`` (a path through this Merkle tree to a transaction identifies the same transaction as that path reaches -in the tree rooted at ``hashMerkleRoot``) but where the leaves are hashes +in the tree rooted at ``hashMerkleRoot``), but where the leaves are hashes produced according to the `Authorizing Data Commitment` part of this specification. @@ -617,4 +623,3 @@ References .. [#zip-0143] `ZIP 143: Transaction Signature Validation for Overwinter `_ .. [#zip-0307] `ZIP 307: Light Client Protocol for Payment Detection `_ .. [#protocol_consensus] `Zcash Protocol Specification, Version 2020.1.15. Section 7.1: Transaction Encoding and Consensus `_ - diff --git a/zip-0245.rst b/zip-0245.rst index a5e7b1fc..ccfcf56f 100644 --- a/zip-0245.rst +++ b/zip-0245.rst @@ -118,6 +118,8 @@ The personalization field of this hash is set to:: "ZcashTxHash_" || CONSENSUS_BRANCH_ID +"ZcashTxHash_" has 1 underscore character. + This value must have the same personalization as the top hash of the transaction identifier digest tree, in order to make it possible to sign the transaction id in the case that there are no transparent inputs. @@ -135,7 +137,7 @@ input being signed:: The personalization field of this hash is set to:: - "Zcash__TzeInHash" + "Zcash__TzeInHash" (2 underscore characters) Authorizing Data Commitment ---------------------------