zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ZIP 32: Clarify the diversifier key capabilities of an Orchard fvk

This commit is contained in:
Jack Grigg 2021-02-28 02:27:28 +00:00 committed by Daira Hopwood
parent 2ae31ccdb7
commit 95ea11de9d
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
zip-0032.html
View File

@ -612,7 +612,8 @@ License: MIT</pre>
</ul>
</section>
<section id="orchard-diversifier-derivation"><h3><span class="section-heading">Orchard diversifier derivation</span><span class="section-anchor"> <a rel="bookmark" href="#orchard-diversifier-derivation"><img width="24" height="24" src="assets/images/section-anchor.png" alt=""></a></span></h3>
<p>As with Sapling, we define a mechanism for deterministically deriving a sequence of diversifiers, without leaking how many diversified addresses have already been generated for an account. Given an Orchard extended spending key
<p>As with Sapling, we define a mechanism for deterministically deriving a sequence of diversifiers, without leaking how many diversified addresses have already been generated for an account. Unlike Sapling, we do so by deriving a diversifier key directly from the full viewing key, instead of as part of the extended spending key. This means that the full viewing key provides the capability to determine the position of a diversifier within the sequence, which matches the capabilities of a Sapling extended full viewing key but simplifies the key structure.</p>
<p>Given an Orchard extended spending key
<span class="math">\((\mathsf{sk}_i, \mathsf{c}_i)\)</span>
:</p>
<ul>

9
zip-0032.rst
View File

@ -357,8 +357,13 @@ Orchard diversifier derivation
------------------------------
As with Sapling, we define a mechanism for deterministically deriving a sequence of diversifiers, without
leaking how many diversified addresses have already been generated for an account. Given an Orchard extended
spending key :math:`(\mathsf{sk}_i, \mathsf{c}_i)`:
leaking how many diversified addresses have already been generated for an account. Unlike Sapling, we do so
by deriving a diversifier key directly from the full viewing key, instead of as part of the extended spending
key. This means that the full viewing key provides the capability to determine the position of a diversifier
within the sequence, which matches the capabilities of a Sapling extended full viewing key but simplifies the
key structure.
Given an Orchard extended spending key :math:`(\mathsf{sk}_i, \mathsf{c}_i)`:
- Let :math:`\mathsf{fvk}_i` be the raw encoding of the Orchard full viewing key for :math:`\mathsf{sk}_i`
(as specified in TODO).