From 96cfbe92327cb767d6fb6c3ef669097343fdddfa Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Sun, 11 Mar 2018 12:45:51 +0000 Subject: [PATCH] Cosmetics: use 'Of' macros. Signed-off-by: Daira Hopwood --- protocol/protocol.tex | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/protocol/protocol.tex b/protocol/protocol.tex index 838b8915..f4a290e3 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -1241,6 +1241,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\ItoBEBSP}[1]{\mathsf{I2BEBSP}_{#1}} \newcommand{\ItoLEOSPvar}{\mathsf{I2LEOSP_{var}}} \newcommand{\LEOStoIP}[1]{\mathsf{LEOS2IP}_{#1}} +\newcommand{\LEOStoIPOf}[2]{\LEOStoIP{#1}\!\left({#2}\right)} \newcommand{\LEBStoOSP}[1]{\mathsf{LEBS2OSP}_{#1}} \newcommand{\LEBStoOSPOf}[2]{\LEBStoOSP{#1}\!\left({#2}\right)} @@ -3810,7 +3811,7 @@ BLAKE2 is defined by \cite{ANWW2013}. \sapling{\Zcash uses both the $\BlakeTwobGeneric$ and $\BlakeTwosGeneric$ variants.} -$\BlakeTwob{\ell}(p, x)$ refers to unkeyed $\BlakeTwob{\ell}$ +$\BlakeTwobOf{\ell}{p, x}$ refers to unkeyed $\BlakeTwob{\ell}$ in sequential mode, with an output digest length of $\ell/8$ bytes, $16$-byte personalization string $p$, and input $x$. @@ -3834,7 +3835,7 @@ block. \sapling{ \vspace{3ex} -$\BlakeTwos{\ell}(p, x)$ refers to unkeyed $\BlakeTwos{\ell}$ +$\BlakeTwosOf{\ell}{p, x}$ refers to unkeyed $\BlakeTwos{\ell}$ in sequential mode, with an output digest length of $\ell/8$ bytes, $8$-byte personalization string $p$, and input $x$. @@ -3943,7 +3944,7 @@ $\hSigCRH$ is used to compute the value $\hSig$ in \crossref{joinsplitdesc}. \changed{ \begin{formulae} - \item $\hSigCRH(\RandomSeed, \nfOld{\allOld}, \joinSplitPubKey) := \BlakeTwob{256}(\ascii{ZcashComputehSig},\; \hSigInput)$ + \item $\hSigCRH(\RandomSeed, \nfOld{\allOld}, \joinSplitPubKey) := \BlakeTwobOf{256}{\ascii{ZcashComputehSig},\; \hSigInput}$ \end{formulae} where @@ -3952,10 +3953,10 @@ where \end{formulae} } -$\BlakeTwob{256}(p, x)$ is defined in \crossref{concreteblake2}. +$\BlakeTwobOf{256}{p, x}$ is defined in \crossref{concreteblake2}. \securityrequirement{ -$\BlakeTwob{256}(\ascii{ZcashComputehSig}, x)$ must be collision-resistant. +$\BlakeTwobOf{256}{\ascii{ZcashComputehSig}, x}$ must be collision-resistant on $x$. } @@ -3982,7 +3983,7 @@ It is defined as follows: \begin{formulae} \item $\CRHivk(\AuthSignPublic, \AuthProvePublic) := - \LEOStoIP{256}(\BlakeTwos{256}(\ascii{Zcashivk},\; \crhInput)) \bmod 2^{251}$ + \LEOStoIPOf{256}{\BlakeTwosOf{256}{\ascii{Zcashivk},\; \crhInput}} \bmod 2^{251}$ \end{formulae} where @@ -3991,12 +3992,12 @@ where \end{formulae} \vspace{2ex} -$\BlakeTwos{256}(p, x)$ refers to unkeyed $\BlakeTwos{256}$ +$\BlakeTwosOf{256}{p, x}$ refers to unkeyed $\BlakeTwos{256}$ \cite{ANWW2013} in sequential mode, with an output digest length of $32$ bytes, $8$-byte personalization string $p$, and input $x$. \securityrequirement{ -$\LEOStoIP{256}(\BlakeTwos{256}(\ascii{Zcashivk}, x)) \bmod 2^{251}$ +$\LEOStoIPOf{256}{\BlakeTwosOf{256}{\ascii{Zcashivk}, x}} \bmod 2^{251}$ must be collision-resistant on a $512$-bit input $x$. Note that this does not follow from collision-resistance of $\BlakeTwos{256}$ (and the best possible concrete security is that of a $251$-bit hash @@ -4206,15 +4207,15 @@ Let $\EquihashGen{n, k}(S, i) := T_\barerange{h+1}{h+n}$, where \begin{formulae} \item $m := \floor{\frac{512}{n}}$; \item $h := (i-1 \bmod m) \mult n$; - \item $T := \BlakeTwob{(\mathnormal{n \mult m})}(\powtag,\, S \bconcat \powcount(\floor{\frac{i-1}{m}}))$. + \item $T := \BlakeTwobOf{(\mathnormal{n \mult m})}{\powtag,\, S \bconcat \powcount(\floor{\frac{i-1}{m}})}$. \end{formulae} Indices of bits in $T$ are 1-based. -$\BlakeTwob{\ell}(p, x)$ is defined in \crossref{concreteblake2}. +$\BlakeTwobOf{\ell}{p, x}$ is defined in \crossref{concreteblake2}. \securityrequirement{ -$\BlakeTwob{\ell}(\powtag, x)$ must generate output that is sufficiently +$\BlakeTwobOf{\ell}{\powtag, x}$ must generate output that is sufficiently unpredictable to avoid short-cuts to the Equihash solution process. It would suffice to model it as a random oracle. } @@ -4508,7 +4509,7 @@ using $\BlakeTwob{256}$ as follows: \begin{formulae} \item $\KDFSprout(i, \hSig, \DHSecret{i}, \EphemeralPublic, \TransmitPublicNew{i}) := -\BlakeTwob{256}(\kdftag, \kdfinput)$ +\BlakeTwobOf{256}{\kdftag, \kdfinput}$ \end{formulae} \introlist where: @@ -4518,7 +4519,7 @@ where: \end{formulae} } -$\BlakeTwob{256}(p, x)$ is defined in \crossref{concreteblake2}. +$\BlakeTwobOf{256}{p, x}$ is defined in \crossref{concreteblake2}. \sapling{ @@ -4552,7 +4553,7 @@ is instantiated using $\BlakeTwob{256}$ as follows: \begin{formulae} \item $\KDFSapling(\OutputIndex, \DHSecret{}, \EphemeralPublic) := - \BlakeTwob{256}(\ascii{Zcash\_SaplingKDF}, \kdfinput)$. + \BlakeTwobOf{256}{\ascii{Zcash\_SaplingKDF}, \kdfinput}$. \end{formulae} \introlist where: @@ -4560,7 +4561,7 @@ where: \item $\kdfinput := \Justthebox{\kdfsaplinginputbox}$. \end{formulae} -$\BlakeTwob{256}(p, x)$ is defined in \crossref{concreteblake2}. +$\BlakeTwobOf{256}{p, x}$ is defined in \crossref{concreteblake2}. } %sapling @@ -5148,7 +5149,7 @@ The hash $\GroupJHash{\CRS}(D, M)$ is calculated as follows: \end{lrbox} \begin{formulae} - \item $\Justthebox{\ghintbox} := \BlakeTwos{256}(D,\, \CRS \bconcat\, M)$ + \item $\Justthebox{\ghintbox} := \BlakeTwosOf{256}{D,\, \CRS \bconcat\, M}$ \item $P := \abstJOf{p}$ \item If $P = \bot$ then return $\bot$. \item $Q := \scalarmult{8}{P}$