mirror of https://github.com/zcash/zips.git
Arguments to PRF^expand don't need to be specified as hex.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
553be0f9eb
commit
9321a0d9fc
|
@ -4494,8 +4494,8 @@ performs the following steps:
|
||||||
\canopy{
|
\canopy{
|
||||||
\item else:
|
\item else:
|
||||||
\item \tab Choose uniformly random $\NoteSeedBytes \leftarrowR \NoteSeedBytesType$.
|
\item \tab Choose uniformly random $\NoteSeedBytes \leftarrowR \NoteSeedBytesType$.
|
||||||
\item \tab Derive $\EphemeralPrivate = \ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{04})\kern-0.1em\big)$.
|
\item \tab Derive $\EphemeralPrivate = \ToScalar\big(\PRFexpand{\NoteSeedBytes}([4])\kern-0.1em\big)$.
|
||||||
\item \tab Derive $\NoteCommitRandBytes = \ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{05})\kern-0.11em\big)$.
|
\item \tab Derive $\NoteCommitRandBytes = \ToScalar\big(\PRFexpand{\NoteSeedBytes}([5])\kern-0.11em\big)$.
|
||||||
\item \blank
|
\item \blank
|
||||||
}
|
}
|
||||||
\item Calculate
|
\item Calculate
|
||||||
|
@ -5647,7 +5647,7 @@ from $\TransmitPlaintext{}$
|
||||||
\vspace{-0.25ex}
|
\vspace{-0.25ex}
|
||||||
\canopyonwarditem{let $\NoteCommitRandBytes = \begin{cases}
|
\canopyonwarditem{let $\NoteCommitRandBytes = \begin{cases}
|
||||||
\NoteSeedBytes,&\caseif \NotePlaintextLeadByte = \hexint{01} \\
|
\NoteSeedBytes,&\caseif \NotePlaintextLeadByte = \hexint{01} \\
|
||||||
\ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{05})\kern-0.11em\big),&\caseotherwise
|
\ToScalar\big(\PRFexpand{\NoteSeedBytes}([5])\kern-0.11em\big),&\caseotherwise
|
||||||
\end{cases}$}
|
\end{cases}$}
|
||||||
\item let $\NoteCommitRand = \LEOStoIPOf{256}{\NoteCommitRandBytes}$
|
\item let $\NoteCommitRand = \LEOStoIPOf{256}{\NoteCommitRandBytes}$
|
||||||
and $\DiversifiedTransmitBase = \DiversifyHash(\Diversifier)$
|
and $\DiversifiedTransmitBase = \DiversifyHash(\Diversifier)$
|
||||||
|
@ -5659,7 +5659,7 @@ from $\TransmitPlaintext{}$
|
||||||
\item if $\LEBStoOSPOf{256}{\cmU'} \neq \cmuField$, return $\bot$
|
\item if $\LEBStoOSPOf{256}{\cmU'} \neq \cmuField$, return $\bot$
|
||||||
\canopyonwarditem{if $\NotePlaintextLeadByte \neq \hexint{01}$:}
|
\canopyonwarditem{if $\NotePlaintextLeadByte \neq \hexint{01}$:}
|
||||||
\canopy{
|
\canopy{
|
||||||
\item \tab $\EphemeralPrivate = \ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{04})\kern-0.11em\big)$
|
\item \tab $\EphemeralPrivate = \ToScalar\big(\PRFexpand{\NoteSeedBytes}([4])\kern-0.11em\big)$
|
||||||
\item \tab if $\KASaplingDerivePublic(\EphemeralPrivate, \DiversifiedTransmitBase) \neq \EphemeralPublic$,
|
\item \tab if $\KASaplingDerivePublic(\EphemeralPrivate, \DiversifiedTransmitBase) \neq \EphemeralPublic$,
|
||||||
return $\bot$
|
return $\bot$
|
||||||
\item \blank
|
\item \blank
|
||||||
|
@ -5737,10 +5737,10 @@ from $\TransmitPlaintext{}$
|
||||||
\canopyonwarditem{if $\BlockHeight < \CanopyActivationHeight + \ZIPTwoOneTwoGracePeriod \text{ and } \NotePlaintextLeadByte \not\in \setof{\hexint{01}, \hexint{02}}$, return $\bot$}
|
\canopyonwarditem{if $\BlockHeight < \CanopyActivationHeight + \ZIPTwoOneTwoGracePeriod \text{ and } \NotePlaintextLeadByte \not\in \setof{\hexint{01}, \hexint{02}}$, return $\bot$}
|
||||||
\canopyonwarditem{if $\BlockHeight \geq \CanopyActivationHeight + \ZIPTwoOneTwoGracePeriod \text{ and } \NotePlaintextLeadByte \neq \hexint{02}$, return $\bot$}
|
\canopyonwarditem{if $\BlockHeight \geq \CanopyActivationHeight + \ZIPTwoOneTwoGracePeriod \text{ and } \NotePlaintextLeadByte \neq \hexint{02}$, return $\bot$}
|
||||||
\vspace{-0.25ex}
|
\vspace{-0.25ex}
|
||||||
\canopyonwarditem{if $\NotePlaintextLeadByte \neq \hexint{01}$ and $\ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{04})\kern-0.11em\big) \neq \EphemeralPrivate$, return $\bot$}
|
\canopyonwarditem{if $\NotePlaintextLeadByte \neq \hexint{01}$ and $\ToScalar\big(\PRFexpand{\NoteSeedBytes}([4])\kern-0.11em\big) \neq \EphemeralPrivate$, return $\bot$}
|
||||||
\canopyonwarditem{let $\NoteCommitRandBytes = \begin{cases}
|
\canopyonwarditem{let $\NoteCommitRandBytes = \begin{cases}
|
||||||
\NoteSeedBytes,&\caseif \NotePlaintextLeadByte = \hexint{01} \\
|
\NoteSeedBytes,&\caseif \NotePlaintextLeadByte = \hexint{01} \\
|
||||||
\ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{05})\kern-0.11em\big),&\caseotherwise
|
\ToScalar\big(\PRFexpand{\NoteSeedBytes}([5])\kern-0.11em\big),&\caseotherwise
|
||||||
\end{cases}$}
|
\end{cases}$}
|
||||||
\item let $\NoteCommitRand = \LEOStoIPOf{256}{\NoteCommitRandBytes}$
|
\item let $\NoteCommitRand = \LEOStoIPOf{256}{\NoteCommitRandBytes}$
|
||||||
and $\DiversifiedTransmitBase = \DiversifyHash(\Diversifier)$
|
and $\DiversifiedTransmitBase = \DiversifyHash(\Diversifier)$
|
||||||
|
@ -10530,7 +10530,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
||||||
\item Specify that \shieldedOutputs of \coinbaseTransactions \MUST use v2 \notePlaintexts after
|
\item Specify that \shieldedOutputs of \coinbaseTransactions \MUST use v2 \notePlaintexts after
|
||||||
\Canopy activation.
|
\Canopy activation.
|
||||||
\item Correct a bug in \crossref{saplingdecryptovk}: $\EphemeralPrivate$ is only to be checked
|
\item Correct a bug in \crossref{saplingdecryptovk}: $\EphemeralPrivate$ is only to be checked
|
||||||
against $\ToScalar\big(\PRFexpand{\NoteSeedBytes}(\hexarray{04})\kern-0.11em\big)$
|
against $\ToScalar\big(\PRFexpand{\NoteSeedBytes}([4])\kern-0.11em\big)$
|
||||||
when $\NotePlaintextLeadByte \neq \hexint{01}$.
|
when $\NotePlaintextLeadByte \neq \hexint{01}$.
|
||||||
}
|
}
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
Loading…
Reference in New Issue