mirror of https://github.com/zcash/zips.git
Cosmetics.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
25ed3f0043
commit
95193a22df
|
@ -87,7 +87,7 @@
|
|||
\renewcommand{\@pnumwidth}{2em}
|
||||
\makeatother
|
||||
|
||||
\newcommand{\pagenumfont}{\fontfamily{pnc}\selectfont\rule[-.2\baselineskip]{0pt}{1.3\baselineskip}}
|
||||
\newcommand{\pagenumfont}{\fontfamily{pnc}\selectfont\rule[-.2\baselineskip]{0pt}{1.34\baselineskip}}
|
||||
\renewcommand{\cftsecpagefont}{\pagenumfont}
|
||||
\renewcommand{\cftsubsecpagefont}{\pagenumfont}
|
||||
\renewcommand{\cftsubsubsecpagefont}{\pagenumfont}
|
||||
|
@ -7563,8 +7563,8 @@ A $\KASproutCurve$ public key $\EphemeralPublic$. \\ \hline
|
|||
A $256$-bit seed that must be chosen independently at random for each \joinSplitDescription. \\ \hline
|
||||
|
||||
$64$ & $\vmacs$ & \type{char[32][$\NOld$]} & A sequence of message authentication tags
|
||||
$\h{\allOld}$ that bind $\hSig$ to each $\AuthPrivate$ of the
|
||||
$\joinSplitDescription$. \\ \hline
|
||||
$\h{\allOld}$ binding $\hSig$ to each $\AuthPrivate$ of the $\joinSplitDescription$,
|
||||
computed as described in \crossref{sproutnonmalleability}. \\ \hline
|
||||
|
||||
$296\notsprout{\;\dagger}$ & $\zkproof$ & \type{char[296]} & An encoding of the \zeroKnowledgeProof
|
||||
$\ProofJoinSplit$ (see \crossref{phgr}). \\ \hline
|
||||
|
@ -7580,8 +7580,6 @@ components for the encrypted output \notes, $\TransmitCiphertext{\allNew}$. \\ \
|
|||
\end{tabularx}
|
||||
\end{center}
|
||||
|
||||
The $\vmacs$ field encodes $\h{\allOld}$ which are computed as described in
|
||||
\crossref{nonmalleability}.
|
||||
\notsprout{
|
||||
$\dagger$ PHGR13 proofs are used when the \transaction version is $2$ or $3$, i.e.\ before
|
||||
\Sapling activation.
|
||||
|
@ -7829,10 +7827,10 @@ such that $n$ is a multiple of $k+1$. We assume $k \geq 3$.
|
|||
The Equihash parameters for the production and test networks are $n = 200, k = 9$.
|
||||
|
||||
The Generalized Birthday Problem is defined as follows: given a sequence
|
||||
$X_\barerange{1}{\mathrm{N}}$ of $n$-bit strings, find $2^k$ distinct $X_{i_j}$ such that
|
||||
$X_\barerange{1}{\rmN}$ of $n$-bit strings, find $2^k$ distinct $X_{i_j}$ such that
|
||||
$\sxor{j=1}{2^k} X_{i_j} = 0$.
|
||||
|
||||
In Equihash, $\mathrm{N} = 2^{\frac{n}{k+1}+1}$, and the sequence $X_\barerange{1}{\mathrm{N}}$ is
|
||||
In Equihash, $\rmN = 2^{\frac{n}{k+1}+1}$, and the sequence $X_\barerange{1}{\rmN}$ is
|
||||
derived from the \blockHeader and a nonce.
|
||||
|
||||
\newsavebox{\powheaderbox}
|
||||
|
@ -8393,7 +8391,7 @@ obtain \emph{more} funds than they have minted or received via
|
|||
payments. It does not prevent an adversary from causing others'
|
||||
funds to decrease. In a Faerie Gold attack, an adversary can cause
|
||||
spending of a \note to reduce (to zero) the effective value of another
|
||||
\note for which the attacker does not know the \spendingKey, which
|
||||
\note for which the adversary does not know the \spendingKey, which
|
||||
violates an intuitive conception of global balance.
|
||||
\end{itemize}
|
||||
|
||||
|
@ -8460,12 +8458,12 @@ perform the attack by creating a zero-valued \note with a repeated
|
|||
|
||||
\sproutspecific{
|
||||
\xNullifier{} integrity also prevents a ``roadblock attack'' in which the
|
||||
attacker sees a victim's \transaction, and is able to publish another
|
||||
adversary sees a victim's \transaction, and is able to publish another
|
||||
\transaction that is mined first and blocks the victim's \transaction.
|
||||
This attack would be possible if the public value(s) used to
|
||||
enforce uniqueness of $\NoteAddressRand$ could be chosen arbitrarily
|
||||
by the \transaction creator: the victim's \transaction, rather than
|
||||
the attacker's, would be considered to be repeating these values.
|
||||
the adversary's, would be considered to be repeating these values.
|
||||
In the chosen solution that uses \nullifiers for these public values,
|
||||
they are enforced to be dependent on \spendingKeys controlled by the
|
||||
original \transaction creator (whether or not each input note is a
|
||||
|
@ -8858,9 +8856,9 @@ Daira Hopwood, Sean Bowe, and Jack Grigg.
|
|||
\item Specify $\RedDSA$ and $\RedJubjub$.
|
||||
\item Specify \bindingSignatures and \spendAuthSignatures.
|
||||
\item Specify the randomness beacon.
|
||||
\item Add output ciphertexts and $\OutCipherKey$.
|
||||
\item Correct an error in the $y$-coordinate formula for addition
|
||||
in \crossref{cctmontarithmetic} (the constraints were correct).
|
||||
\item Add output ciphertexts and $\OutCipherKey$.
|
||||
} %sapling
|
||||
\item \texttt{Makefile} improvements.
|
||||
\end{itemize}
|
||||
|
|
Loading…
Reference in New Issue