mirror of https://github.com/zcash/zips.git
Cosmetics and trivial fixes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood
parent
625d35fce7
commit
9f67a5d977
|
|
@ -296,6 +296,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\newcommand{\positionedNotes}{\term{positioned notes}}
|
||||
\newcommand{\noteTraceabilitySet}{\term{note traceability set}}
|
||||
\newcommand{\noteTraceabilitySets}{\term{note traceability sets}}
|
||||
\newcommand{\KeyComponents}{\titleterm{Key Components}}
|
||||
\newcommand{\valueCommitment}{\term{value commitment}}
|
||||
\newcommand{\valueCommitments}{\term{value commitments}}
|
||||
\newcommand{\joinSplitDescription}{\term{JoinSplit description}}
|
||||
|
|
@ -1018,12 +1019,12 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\newcommand{\encCiphertext}{\mathtt{encCiphertext}}
|
||||
\newcommand{\encCiphertexts}{\mathtt{encCiphertexts}}
|
||||
\newcommand{\randomSeed}{\mathtt{randomSeed}}
|
||||
\newcommand{\spendAuthSig}{\mathtt{spendAuthSig}}
|
||||
\newcommand{\Varies}{\textit{Varies}}
|
||||
\newcommand{\heading}[1]{\multicolumn{1}{c|}{#1}}
|
||||
\newcommand{\type}[1]{\texttt{#1}}
|
||||
\newcommand{\compactSize}{\type{compactSize uint}}
|
||||
|
||||
\newcommand{\spendAuthSig}{\mathtt{spendAuthSig}}
|
||||
|
||||
\newcommand{\sighashTxHashes}{\term{SIGHASH transaction hashes}}
|
||||
\newcommand{\sighashType}{\term{SIGHASH type}}
|
||||
|
|
@ -1830,7 +1831,7 @@ A \Sapling \noteCommitment is computed as
|
|||
\begin{tabular}{@{\hskip 2em}r@{\;}l}
|
||||
$\DiversifiedTransmitBase$ &$:= \GroupJHash{U}(\ascii{Zcash\_gd}, \Diversifier)$ \\
|
||||
$\NoteCommitmentSapling(\NoteTuple{})$ &$:=
|
||||
\NoteCommitSapling{\NoteCommitRand}(\reprJ{\DiversifiedTransmitBase}, \DiversifiedTransmitPublic, \Value)$
|
||||
\NoteCommitSapling{\NoteCommitRand}(\reprJOf{\DiversifiedTransmitBase}, \DiversifiedTransmitPublic, \Value)$
|
||||
\end{tabular}
|
||||
\vspace{-1ex}
|
||||
where $\NoteCommitSapling{}$ is instantiated in \crossref{concretewindowedcommit}.
|
||||
|
|
@ -2679,9 +2680,9 @@ them to be the $\Groth$ \provingKeys and
|
|||
\verifyingKeys defined in \crossref{saplingparameters}.
|
||||
}
|
||||
|
||||
\nsubsection{Key Components} \label{keycomponents}
|
||||
\nsubsection{\KeyComponents} \label{keycomponents}
|
||||
|
||||
\notsprout{\nsubsubsection{\Sprout Key Components}} \label{sproutkeycomponents}
|
||||
\notsprout{\nsubsubsection{\Sprout{} \KeyComponents}} \label{sproutkeycomponents}
|
||||
|
||||
Let $\PRFaddr{}$ be a \pseudoRandomFunction, instantiated in \crossref{concreteprfs}.
|
||||
|
||||
|
|
@ -2703,7 +2704,7 @@ as follows:}
|
|||
\end{tabular}
|
||||
|
||||
\sapling{
|
||||
\nsubsubsection{\Sapling Key Components} \label{saplingkeycomponents}
|
||||
\nsubsubsection{\Sapling{} \KeyComponents} \label{saplingkeycomponents}
|
||||
|
||||
Let $\PRGExpandSeed{}$ be a \pseudoRandomGenerator, instantiated in \crossref{concreteprgs}.
|
||||
|
||||
|
|
@ -4045,8 +4046,10 @@ We define $\MixingPedersenHash{D} \typecolon \byteseq{8} \times \GroupJ \times \
|
|||
|
||||
\securityrequirement{
|
||||
Fix $D_1, D_2 \typecolon \byteseq{8}$ with $D_1 \neq D_2$, and consider the function
|
||||
$\fun{(r, M, x) \typecolon \range{0}{\ParamJ{r}-1} \times \bitseq{\PosInt} \times
|
||||
\range{0}{\ParamJ{r}-1}}{\MixingPedersenHash(D_2, x, \WindowedPedersenCommit{r}(D_1, M)) \typecolon \GroupJ}$.
|
||||
\begin{formulae}
|
||||
\item $\fun{(r, M, x) \typecolon \range{0}{\ParamJ{r}-1} \times \bitseq{\PosInt} \times
|
||||
\range{0}{\ParamJ{r}-1}}{\MixingPedersenHash(D_2, x, \WindowedPedersenCommit{r}(D_1, M)) \typecolon \GroupJ}$.
|
||||
\end{formulae}
|
||||
This function must be collision-resistant on $(r, M, x)$.
|
||||
}
|
||||
|
||||
|
|
@ -4338,10 +4341,10 @@ the type of $\JubjubCurve$ secret keys. \todo{expand this}
|
|||
|
||||
\newsavebox{\kdfsaplinginputbox}
|
||||
\begin{lrbox}{\kdfsaplinginputbox}
|
||||
\begin{bytefield}[bitwidth=0.06em]{544}
|
||||
\bitbox{32}{$32$-bit $\OutputIndex$} &
|
||||
\bitbox{256}{$256$-bit $\reprJ{\DHSecret{}}$} &
|
||||
\bitbox{256}{$256$-bit $\reprJ{\EphemeralPublic}$}
|
||||
\begin{bytefield}[bitwidth=0.07em]{544}
|
||||
\bitbox{80}{$32$-bit $\OutputIndex$} &
|
||||
\bitbox{256}{$256$-bit $\reprJOf{\DHSecret{}}$} &
|
||||
\bitbox{256}{$256$-bit $\reprJOf{\EphemeralPublic}$}
|
||||
\end{bytefield}
|
||||
\end{lrbox}
|
||||
|
||||
|
|
@ -4512,8 +4515,8 @@ In order to support this property, we also define \quotedterm{raw}
|
|||
\xPedersenCommitments as follows:
|
||||
|
||||
\begin{formulae}
|
||||
\item $\RawPedersenCommit{\ValueCommitRand}(D, \Value) =
|
||||
\scalarmult{\Value}{\ValueCommitBase} + \scalarmult{\ValueCommitRand}{\FindGroupJHashOf{D, ascii{}}}$
|
||||
\item $\RawPedersenCommit{\ValueCommitRand}(D, \Value) :=
|
||||
\scalarmult{\Value}{\ValueCommitBase} + \scalarmult{\ValueCommitRand}{\FindGroupJHashOf{D, \ascii{}}}$
|
||||
\end{formulae}
|
||||
|
||||
|
||||
|
|
@ -5154,10 +5157,10 @@ Other fields are as defined in \crossref{notes}.
|
|||
The encoding of a \SproutOrNothing \notePlaintext consists of:
|
||||
\vspace{2ex}
|
||||
\begin{equation*}
|
||||
\begin{bytefield}[bitwidth=0.029em]{1608}
|
||||
\begin{bytefield}[bitwidth=0.029em]{1672}
|
||||
\changed{
|
||||
\bitbox{192}{$8$-bit $\NotePlaintextLeadByteSprout$}
|
||||
&}\bitbox{192}{$64$-bit $\Value$} &
|
||||
\bitbox{180}{$8$-bit $\NotePlaintextLeadByteSprout$}
|
||||
&}\bitbox{180}{$64$-bit $\Value$} &
|
||||
\bitbox{256}{$256$-bit $\NoteAddressRand$} &
|
||||
\bitbox{256}{\changed{$256$}-bit $\NoteCommitRand$} &
|
||||
\changed{\bitbox{800}{$\Memo$ ($512$ bytes)}}
|
||||
|
|
@ -5183,12 +5186,12 @@ The encoding of a \SproutOrNothing \notePlaintext consists of:
|
|||
The encoding of a \Sapling \notePlaintext consists of:
|
||||
\vspace{2ex}
|
||||
\begin{equation*}
|
||||
\begin{bytefield}[bitwidth=0.029em]{1172}
|
||||
\bitbox{192}{$8$-bit $\NotePlaintextLeadByteSapling$}
|
||||
\bitbox{224}{$88$-bit $\Diversifier$}
|
||||
\bitbox{192}{$64$-bit $\Value$}
|
||||
\begin{bytefield}[bitwidth=0.029em]{1672}
|
||||
\bitbox{180}{$8$-bit $\NotePlaintextLeadByteSapling$}
|
||||
\bitbox{240}{$88$-bit $\Diversifier$}
|
||||
\bitbox{180}{$64$-bit $\Value$}
|
||||
\bitbox{256}{$256$-bit $\NoteCommitRand$}
|
||||
\changed{\bitbox{800}{$\Memo$ ($512$ bytes)}}
|
||||
\bitbox{800}{$\Memo$ ($512$ bytes)}
|
||||
\end{bytefield}
|
||||
\end{equation*}
|
||||
|
||||
|
|
@ -8215,7 +8218,7 @@ We define $\MixingPedersenHash{D} \typecolon \byteseq{8} \times \range{0}{\Param
|
|||
\times \GroupJ \rightarrow \GroupJ$ by:
|
||||
|
||||
\begin{formulae}
|
||||
\item $\MixingPedersenHash(D, P, x) := P + \scalarmult{x}{\FindGroupJHashOf{D, \ascii{}}}$.
|
||||
\item $\MixingPedersenHash(D, P, x) := P + \scalarmult{x}{\FindGroupJHashOf{U}{D, \ascii{}}}$.
|
||||
\end{formulae}
|
||||
|
||||
This costs \todo{...} for the scalar multiplication, and $6$ constraints for the
|
||||
|
|
|
|||
Loading…
Reference in New Issue