mirror of https://github.com/zcash/zips.git
Cosmetics: use 'Of' macros.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
03918a759c
commit
96cfbe9232
|
@ -1241,6 +1241,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
||||||
\newcommand{\ItoBEBSP}[1]{\mathsf{I2BEBSP}_{#1}}
|
\newcommand{\ItoBEBSP}[1]{\mathsf{I2BEBSP}_{#1}}
|
||||||
\newcommand{\ItoLEOSPvar}{\mathsf{I2LEOSP_{var}}}
|
\newcommand{\ItoLEOSPvar}{\mathsf{I2LEOSP_{var}}}
|
||||||
\newcommand{\LEOStoIP}[1]{\mathsf{LEOS2IP}_{#1}}
|
\newcommand{\LEOStoIP}[1]{\mathsf{LEOS2IP}_{#1}}
|
||||||
|
\newcommand{\LEOStoIPOf}[2]{\LEOStoIP{#1}\!\left({#2}\right)}
|
||||||
\newcommand{\LEBStoOSP}[1]{\mathsf{LEBS2OSP}_{#1}}
|
\newcommand{\LEBStoOSP}[1]{\mathsf{LEBS2OSP}_{#1}}
|
||||||
\newcommand{\LEBStoOSPOf}[2]{\LEBStoOSP{#1}\!\left({#2}\right)}
|
\newcommand{\LEBStoOSPOf}[2]{\LEBStoOSP{#1}\!\left({#2}\right)}
|
||||||
|
|
||||||
|
@ -3810,7 +3811,7 @@ BLAKE2 is defined by \cite{ANWW2013}.
|
||||||
\sapling{\Zcash uses both the $\BlakeTwobGeneric$ and $\BlakeTwosGeneric$
|
\sapling{\Zcash uses both the $\BlakeTwobGeneric$ and $\BlakeTwosGeneric$
|
||||||
variants.}
|
variants.}
|
||||||
|
|
||||||
$\BlakeTwob{\ell}(p, x)$ refers to unkeyed $\BlakeTwob{\ell}$
|
$\BlakeTwobOf{\ell}{p, x}$ refers to unkeyed $\BlakeTwob{\ell}$
|
||||||
in sequential mode, with an output digest length of $\ell/8$ bytes,
|
in sequential mode, with an output digest length of $\ell/8$ bytes,
|
||||||
$16$-byte personalization string $p$, and input $x$.
|
$16$-byte personalization string $p$, and input $x$.
|
||||||
|
|
||||||
|
@ -3834,7 +3835,7 @@ block.
|
||||||
|
|
||||||
\sapling{
|
\sapling{
|
||||||
\vspace{3ex}
|
\vspace{3ex}
|
||||||
$\BlakeTwos{\ell}(p, x)$ refers to unkeyed $\BlakeTwos{\ell}$
|
$\BlakeTwosOf{\ell}{p, x}$ refers to unkeyed $\BlakeTwos{\ell}$
|
||||||
in sequential mode, with an output digest length of $\ell/8$ bytes,
|
in sequential mode, with an output digest length of $\ell/8$ bytes,
|
||||||
$8$-byte personalization string $p$, and input $x$.
|
$8$-byte personalization string $p$, and input $x$.
|
||||||
|
|
||||||
|
@ -3943,7 +3944,7 @@ $\hSigCRH$ is used to compute the value $\hSig$ in \crossref{joinsplitdesc}.
|
||||||
|
|
||||||
\changed{
|
\changed{
|
||||||
\begin{formulae}
|
\begin{formulae}
|
||||||
\item $\hSigCRH(\RandomSeed, \nfOld{\allOld}, \joinSplitPubKey) := \BlakeTwob{256}(\ascii{ZcashComputehSig},\; \hSigInput)$
|
\item $\hSigCRH(\RandomSeed, \nfOld{\allOld}, \joinSplitPubKey) := \BlakeTwobOf{256}{\ascii{ZcashComputehSig},\; \hSigInput}$
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
|
|
||||||
where
|
where
|
||||||
|
@ -3952,10 +3953,10 @@ where
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
}
|
}
|
||||||
|
|
||||||
$\BlakeTwob{256}(p, x)$ is defined in \crossref{concreteblake2}.
|
$\BlakeTwobOf{256}{p, x}$ is defined in \crossref{concreteblake2}.
|
||||||
|
|
||||||
\securityrequirement{
|
\securityrequirement{
|
||||||
$\BlakeTwob{256}(\ascii{ZcashComputehSig}, x)$ must be collision-resistant.
|
$\BlakeTwobOf{256}{\ascii{ZcashComputehSig}, x}$ must be collision-resistant on $x$.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -3982,7 +3983,7 @@ It is defined as follows:
|
||||||
|
|
||||||
\begin{formulae}
|
\begin{formulae}
|
||||||
\item $\CRHivk(\AuthSignPublic, \AuthProvePublic) :=
|
\item $\CRHivk(\AuthSignPublic, \AuthProvePublic) :=
|
||||||
\LEOStoIP{256}(\BlakeTwos{256}(\ascii{Zcashivk},\; \crhInput)) \bmod 2^{251}$
|
\LEOStoIPOf{256}{\BlakeTwosOf{256}{\ascii{Zcashivk},\; \crhInput}} \bmod 2^{251}$
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
|
|
||||||
where
|
where
|
||||||
|
@ -3991,12 +3992,12 @@ where
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
|
|
||||||
\vspace{2ex}
|
\vspace{2ex}
|
||||||
$\BlakeTwos{256}(p, x)$ refers to unkeyed $\BlakeTwos{256}$
|
$\BlakeTwosOf{256}{p, x}$ refers to unkeyed $\BlakeTwos{256}$
|
||||||
\cite{ANWW2013} in sequential mode, with an output digest length of
|
\cite{ANWW2013} in sequential mode, with an output digest length of
|
||||||
$32$ bytes, $8$-byte personalization string $p$, and input $x$.
|
$32$ bytes, $8$-byte personalization string $p$, and input $x$.
|
||||||
|
|
||||||
\securityrequirement{
|
\securityrequirement{
|
||||||
$\LEOStoIP{256}(\BlakeTwos{256}(\ascii{Zcashivk}, x)) \bmod 2^{251}$
|
$\LEOStoIPOf{256}{\BlakeTwosOf{256}{\ascii{Zcashivk}, x}} \bmod 2^{251}$
|
||||||
must be collision-resistant on a $512$-bit input $x$. Note that this
|
must be collision-resistant on a $512$-bit input $x$. Note that this
|
||||||
does not follow from collision-resistance of $\BlakeTwos{256}$
|
does not follow from collision-resistance of $\BlakeTwos{256}$
|
||||||
(and the best possible concrete security is that of a $251$-bit hash
|
(and the best possible concrete security is that of a $251$-bit hash
|
||||||
|
@ -4206,15 +4207,15 @@ Let $\EquihashGen{n, k}(S, i) := T_\barerange{h+1}{h+n}$, where
|
||||||
\begin{formulae}
|
\begin{formulae}
|
||||||
\item $m := \floor{\frac{512}{n}}$;
|
\item $m := \floor{\frac{512}{n}}$;
|
||||||
\item $h := (i-1 \bmod m) \mult n$;
|
\item $h := (i-1 \bmod m) \mult n$;
|
||||||
\item $T := \BlakeTwob{(\mathnormal{n \mult m})}(\powtag,\, S \bconcat \powcount(\floor{\frac{i-1}{m}}))$.
|
\item $T := \BlakeTwobOf{(\mathnormal{n \mult m})}{\powtag,\, S \bconcat \powcount(\floor{\frac{i-1}{m}})}$.
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
|
|
||||||
Indices of bits in $T$ are 1-based.
|
Indices of bits in $T$ are 1-based.
|
||||||
|
|
||||||
$\BlakeTwob{\ell}(p, x)$ is defined in \crossref{concreteblake2}.
|
$\BlakeTwobOf{\ell}{p, x}$ is defined in \crossref{concreteblake2}.
|
||||||
|
|
||||||
\securityrequirement{
|
\securityrequirement{
|
||||||
$\BlakeTwob{\ell}(\powtag, x)$ must generate output that is sufficiently
|
$\BlakeTwobOf{\ell}{\powtag, x}$ must generate output that is sufficiently
|
||||||
unpredictable to avoid short-cuts to the Equihash solution process.
|
unpredictable to avoid short-cuts to the Equihash solution process.
|
||||||
It would suffice to model it as a random oracle.
|
It would suffice to model it as a random oracle.
|
||||||
}
|
}
|
||||||
|
@ -4508,7 +4509,7 @@ using $\BlakeTwob{256}$ as follows:
|
||||||
|
|
||||||
\begin{formulae}
|
\begin{formulae}
|
||||||
\item $\KDFSprout(i, \hSig, \DHSecret{i}, \EphemeralPublic, \TransmitPublicNew{i}) :=
|
\item $\KDFSprout(i, \hSig, \DHSecret{i}, \EphemeralPublic, \TransmitPublicNew{i}) :=
|
||||||
\BlakeTwob{256}(\kdftag, \kdfinput)$
|
\BlakeTwobOf{256}{\kdftag, \kdfinput}$
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
\introlist
|
\introlist
|
||||||
where:
|
where:
|
||||||
|
@ -4518,7 +4519,7 @@ where:
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
}
|
}
|
||||||
|
|
||||||
$\BlakeTwob{256}(p, x)$ is defined in \crossref{concreteblake2}.
|
$\BlakeTwobOf{256}{p, x}$ is defined in \crossref{concreteblake2}.
|
||||||
|
|
||||||
|
|
||||||
\sapling{
|
\sapling{
|
||||||
|
@ -4552,7 +4553,7 @@ is instantiated using $\BlakeTwob{256}$ as follows:
|
||||||
|
|
||||||
\begin{formulae}
|
\begin{formulae}
|
||||||
\item $\KDFSapling(\OutputIndex, \DHSecret{}, \EphemeralPublic) :=
|
\item $\KDFSapling(\OutputIndex, \DHSecret{}, \EphemeralPublic) :=
|
||||||
\BlakeTwob{256}(\ascii{Zcash\_SaplingKDF}, \kdfinput)$.
|
\BlakeTwobOf{256}{\ascii{Zcash\_SaplingKDF}, \kdfinput}$.
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
\introlist
|
\introlist
|
||||||
where:
|
where:
|
||||||
|
@ -4560,7 +4561,7 @@ where:
|
||||||
\item $\kdfinput := \Justthebox{\kdfsaplinginputbox}$.
|
\item $\kdfinput := \Justthebox{\kdfsaplinginputbox}$.
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
|
|
||||||
$\BlakeTwob{256}(p, x)$ is defined in \crossref{concreteblake2}.
|
$\BlakeTwobOf{256}{p, x}$ is defined in \crossref{concreteblake2}.
|
||||||
} %sapling
|
} %sapling
|
||||||
|
|
||||||
|
|
||||||
|
@ -5148,7 +5149,7 @@ The hash $\GroupJHash{\CRS}(D, M)$ is calculated as follows:
|
||||||
\end{lrbox}
|
\end{lrbox}
|
||||||
|
|
||||||
\begin{formulae}
|
\begin{formulae}
|
||||||
\item $\Justthebox{\ghintbox} := \BlakeTwos{256}(D,\, \CRS \bconcat\, M)$
|
\item $\Justthebox{\ghintbox} := \BlakeTwosOf{256}{D,\, \CRS \bconcat\, M}$
|
||||||
\item $P := \abstJOf{p}$
|
\item $P := \abstJOf{p}$
|
||||||
\item If $P = \bot$ then return $\bot$.
|
\item If $P = \bot$ then return $\bot$.
|
||||||
\item $Q := \scalarmult{8}{P}$
|
\item $Q := \scalarmult{8}{P}$
|
||||||
|
|
Loading…
Reference in New Issue