Cosmetics.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-09-02 09:00:29 +01:00 · 2018-09-02 09:00:29 +01:00 · a1f90a56cf
parent bfc9ba5b21
commit a1f90a56cf
1 changed files with 26 additions and 12 deletions
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@ -418,6 +418,11 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\collisionResistant}{collision\hyp resistant }
 \newcommand{\collisionResistance}{collision resistance }

+\newcommand{\keyPrivacy}{\term{key privacy}}
+\newcommand{\xKeyPrivacy}{\term{Key privacy}}
+\newcommand{\keyPrivate}{\term{key\hyp private}}
+\newcommand{\xKeyPrivate}{\term{Key\hyp private}}
+
 \newcommand{\note}{\term{note}}
 \newcommand{\notes}{\term{notes}}
 \newcommand{\Note}{\titleterm{Note}}
@ -983,7 +988,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\EphemeralPublic}{\mathsf{epk}}
 \newcommand{\Repr}{\star}
 \newcommand{\MakeRepr}[2]{{#1}\rlap{\raisebox{-0.32ex}{$\Repr$}}\rule{0ex}{2.2ex}^{#2}}
-\newcommand{\EphemeralPublicRepr}{\EphemeralPublic\Repr}
+\newcommand{\EphemeralPublicRepr}{{\EphemeralPublic\Repr}}
 \newcommand{\EphemeralPrivate}{\mathsf{esk}}
 \newcommand{\EphemeralPrivateBytes}{\bytes{\EphemeralPrivate}}
 \newcommand{\EphemeralPrivateBytesType}{\byteseq{32}}
@ -1002,15 +1007,15 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\AuthSignPrivate}{\mathsf{ask}}
 \newcommand{\AuthSignBase}{\mathcal{G}}
 \newcommand{\AuthSignPublic}{\mathsf{ak}}
-\newcommand{\AuthSignPublicRepr}{\AuthSignPublic\Repr}
+\newcommand{\AuthSignPublicRepr}{{\AuthSignPublic\Repr}}
 \newcommand{\AuthSignRandomizedPublic}{\mathsf{rk}}
-\newcommand{\AuthSignRandomizedPublicRepr}{\AuthSignRandomizedPublic\Repr}
+\newcommand{\AuthSignRandomizedPublicRepr}{{\AuthSignRandomizedPublic\Repr}}
 \newcommand{\AuthSignRandomizedPrivate}{\mathsf{rsk}}
 \newcommand{\AuthSignRandomizer}{\alpha}
 \newcommand{\AuthProvePrivate}{\mathsf{nsk}}
 \newcommand{\AuthProveBase}{\mathcal{H}}
 \newcommand{\AuthProvePublic}{\mathsf{nk}}
-\newcommand{\AuthProvePublicRepr}{\AuthProvePublic\Repr}
+\newcommand{\AuthProvePublicRepr}{{\AuthProvePublic\Repr}}
 \newcommand{\OutViewingKey}{\mathsf{ovk}}
 \newcommand{\OutViewingKeyLength}{\mathsf{\ell_{\OutViewingKey}}}
 \newcommand{\OutViewingKeyType}{\byteseq{\OutViewingKeyLength/8}}
@ -1171,7 +1176,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\NoteCommitRandOld}[1]{\NoteCommitRand^\mathsf{old}_{#1}}
 \newcommand{\NoteCommitRandNew}[1]{\NoteCommitRand^\mathsf{new}_{#1}}
 \newcommand{\NoteAddressRand}{\mathsf{\uprho}}
-\newcommand{\NoteAddressRandRepr}{\NoteAddressRand\Repr}
+\newcommand{\NoteAddressRandRepr}{{\NoteAddressRand\Repr}}
 \newcommand{\NoteAddressRandOld}[1]{\NoteAddressRand^\mathsf{old}_{#1}}
 \newcommand{\NoteAddressRandNew}[1]{\NoteAddressRand^\mathsf{new}_{#1}}
 \newcommand{\NoteAddressPreRand}{\mathsf{\upvarphi}}
@ -1898,7 +1903,7 @@ which proves that all of the following hold except with insignificant probabilit

 \begin{itemize}
  \item The input and output values balance (individually for each \joinSplitTransfer).
-  \item For each input \note of non-zero value, some revealed \noteCommitment
+  \item For each input \note of nonzero value, some revealed \noteCommitment
        exists for that \note.
  \item The prover knew the private \spendingKeys of the input \notes.
  \item The \nullifiers and \noteCommitments are computed correctly.
@ -1918,7 +1923,7 @@ For each \shieldedInput,
 \begin{itemize}
  \item \saplingonward{there is a revealed \valueCommitment to the same value as
        the input \note;}
-  \item if the value is non-zero, some revealed \noteCommitment exists for this \note;
+  \item if the value is nonzero, some revealed \noteCommitment exists for this \note;
  \item the prover knew the \authProvingKey of the \note;
  \item the \nullifier and \noteCommitment are computed correctly.
 \end{itemize}
@ -2991,15 +2996,15 @@ with $\KASapling$ and derives keys for $\SymEncrypt{}$.
 \begin{securityrequirements}
  \item The asymmetric encryption scheme in \crossref{sproutinband}, constructed
        from $\KASprout$, $\KDFSprout$ and $\Sym$, is required to be IND-CCA2-secure
-        and key-private.
+        and \keyPrivate.
  \item \sapling{
        The asymmetric encryption scheme in \crossref{saplinginband}, constructed
        from $\KASapling$, $\KDFSapling$ and $\Sym$, is required to be IND-CCA2-secure
-        and key-private.
+        and \keyPrivate.
        } %sapling
 \end{securityrequirements}

-Key privacy is defined in \cite{BBDP2001}.
+\xKeyPrivacy is defined in \cite{BBDP2001}.
 } %notsprout


@ -4613,7 +4618,7 @@ using the \sighashType $\SIGHASHALL$.
 Let $\AuthSignPrivate$ be the \spendAuthPrivateKey as defined in \crossref{saplingkeycomponents}.

 \vspace{2ex}
-For each \spendDescription, the signer uses a fresh \spendAuthRandomizer $\AuthSignRandomizer$:
+For each \spendDescription, the signer chooses a fresh \spendAuthRandomizer $\AuthSignRandomizer$:

 \vspace{-1ex}
 \begin{enumerate}
@ -6906,6 +6911,7 @@ In order to support this property, we also define \quotedterm{homomorphic}
 See \crossref{ccthomomorphiccommit} for rationale and efficient circuit implementation
 of this function.

+\introlist
 \vspace{1ex}
 Define:
 \begin{formulae}
@ -7024,11 +7030,14 @@ $\GenG{1}$ and $\GenG{2}$ are generators of $\SubgroupG{1}$ and $\SubgroupG{2}$
 \end{bytefield}
 \end{lrbox}

+\introlist
 Define $\ItoBEBSP{} \typecolon (\ell \typecolon \Nat) \times \binaryrange{\ell} \rightarrow
 \bitseq{\ell}$ as in \crossref{endian}.

 \introlist
+\vspace{2ex}
 For a point $P \typecolon \SubgroupGstar{1} = (\xP, \yP)$:
+\vspace{1ex}

 \begin{itemize}
  \item The field elements $\xP$ and $\yP \typecolon \GF{q}$ are represented as
@ -7038,8 +7047,10 @@ For a point $P \typecolon \SubgroupGstar{1} = (\xP, \yP)$:
 \end{itemize}

 \introlist
+\vspace{1ex}
 For a point $P \typecolon \SubgroupGstar{2} = (\xP, \yP)$:

+\vspace{1ex}
 \begin{itemize}
  \item Define $\FEtoIP \typecolon \GF{\ParamG{q}}[t] / (t^2 + 1) \rightarrow
          \range{0}{\ParamGexp{q}{2}\!-\!1}$ such that
@ -7081,6 +7092,7 @@ For a point $P \typecolon \SubgroupGstar{2} = (\xP, \yP)$:
        \cite[Appendix A.12.11]{IEEE2004} for $\SubgroupGstar{2}$.
 \end{nnotes}

+\vspace{2ex}
 When computing square roots in $\GF{\ParamG{q}}$ or $\GF{\ParamGexp{q}{2}}$ in
 order to decompress a point encoding, the implementation \MUSTNOT assume that
 the square root exists, or that the encoding represents a point on the curve.
@ -7110,6 +7122,7 @@ the square root exists, or that the encoding represents a point on the curve.
 \end{lrbox}

 \sapling{
+\intropart
 \subsubsubsection{\BLSRepresentedPairing} \label{blspairing}

 The \representedPairing $\BLSCurve$ is defined in this section. Parameters are taken from
@ -11598,9 +11611,9 @@ $\range{0}{\MAXMONEY}$, but the \Sapling circuit uses $64$.}.
 This can be straightforwardly implemented in ... constraints.


-\introsection
 \subsubsection{BLAKE2s hashes} \label{cctblake2s}

+\introlist
 $\BlakeTwosGeneric$ is defined in \cite{ANWW2013}. Its main subcomponent is a
 ``$G$ function'', defined as follows:

@ -11619,6 +11632,7 @@ $\BlakeTwosGeneric$ is defined in \cite{ANWW2013}. Its main subcomponent is a
        \end{tabular}
 \end{formulae}

+\introlist
 The following table is used to determine which message words the $x$ and $y$ arguments
 to $G$ are selected from: