mirror of https://github.com/zcash/zips.git
ZIP 32: formatting.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
9c0bf830e5
commit
a3f0295cb6
|
@ -413,7 +413,7 @@ License: MIT</pre>
|
|||
</section>
|
||||
<section id="diversifier-derivation"><h3><span class="section-heading">Diversifier derivation</span><span class="section-anchor"> <a href="#diversifier-derivation"><img width="24" height="24" src="assets/images/section-anchor.png" alt=""></a></span></h3>
|
||||
<p>The 88-bit diversifiers for a Sapling extended key are derived from its diversifier key
|
||||
<span class="math">\(dk\)</span>
|
||||
<span class="math">\(\mathsf{dk}\)</span>
|
||||
. To prevent the diversifier leaking how many diversified addresses have already been generated for an account, we make the sequence of diversifiers pseudorandom and uncorrelated to that of any other account. In order to reach the maximum possible diversifier range without running into repetitions due to the birthday bound, we use FF1-AES256 as a Pseudo-Random Permutation as follows:</p>
|
||||
<ul>
|
||||
<li>Let
|
||||
|
|
10
zip-0032.rst
10
zip-0032.rst
|
@ -241,11 +241,11 @@ in [#sapling-key-components]_.
|
|||
Diversifier derivation
|
||||
----------------------
|
||||
|
||||
The 88-bit diversifiers for a Sapling extended key are derived from its diversifier key :math:`dk`. To prevent
|
||||
the diversifier leaking how many diversified addresses have already been generated for an account, we make the
|
||||
sequence of diversifiers pseudorandom and uncorrelated to that of any other account. In order to reach the
|
||||
maximum possible diversifier range without running into repetitions due to the birthday bound, we use
|
||||
FF1-AES256 as a Pseudo-Random Permutation as follows:
|
||||
The 88-bit diversifiers for a Sapling extended key are derived from its diversifier key :math:`\mathsf{dk}`.
|
||||
To prevent the diversifier leaking how many diversified addresses have already been generated for an account,
|
||||
we make the sequence of diversifiers pseudorandom and uncorrelated to that of any other account. In order to
|
||||
reach the maximum possible diversifier range without running into repetitions due to the birthday bound, we
|
||||
use FF1-AES256 as a Pseudo-Random Permutation as follows:
|
||||
|
||||
- Let :math:`j` be the index of the desired diversifier, in the range :math:`0\,.\!. 2^{88} - 1`.
|
||||
- :math:`d_j = \mathsf{FF1}\text{-}\mathsf{AES256.Encrypt}(\mathsf{dk}, \texttt{“”}, \mathsf{I2LEBSP}_{88}(j))`.
|
||||
|
|
Loading…
Reference in New Issue