zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Clarify rationale for personalization changes. 

Also clarify terminology around signature hash flags vs. types.
This commit is contained in:
Kris Nuttycombe 2021-02-04 10:57:28 -07:00
parent 4b8a78c51b
commit a424153462
1 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
zip-0244.rst
View File

@ -148,7 +148,7 @@ The personalization field of this hash is set to::
"ZcashTxHash_" || CONSENSUS_BRANCH_ID
"ZcashTxHash_" has 1 underscore character.
``ZcashTxHash_`` has 1 underscore character.
As in ZIP 143 [#zip-0143]_, CONSENSUS_BRANCH_ID is the 4-byte little-endian encoding of
the consensus branch ID for the epoch of the block containing the transaction. Domain
@ -156,6 +156,12 @@ separation of the transaction id hash across parallel consensus branches provide
protection: transactions targeted for one consensus branch will not have the same
transaction identifier on other consensus branches.
This signature hash personalization prefix has been changed to reflect the new role of
this hash (relative to ``ZcashSigHash`` as specified in ZIP 143) as a transaction
identifier rather than a commitment that is exclusively used for signature purposes.
The previous computation of the transaction identifier was a SHA256d hash of the
serialized transaction contents, and was not personalized.
T.1: header_digest
``````````````````
A BLAKE2b-256 hash of the following values ::
@ -268,7 +274,7 @@ The personalization field of this hash is set to::
T.4a.ii: sapling_spends_noncompact_digest
.........................................
A BLAKE2b-256 hash of the non-nullifier information for all Sapling shielded spends
belonging to the transaction, excluding zkproof data and spend authorization
belonging to the transaction, excluding zkproof data and spend authorization
signature. For each spend, the following elements are included in the hash::
T.4a.ii.1: cv (field encoding bytes)
@ -365,7 +371,7 @@ The personalization field of this hash is set to::
"ZcashTxHash_" || CONSENSUS_BRANCH_ID
"ZcashTxHash_" has 1 underscore character.
``ZcashTxHash_`` has 1 underscore character.
This value has the same personalization as the top hash of the transaction
identifier digest tree, so that what is being signed in the case that there are
@ -398,7 +404,7 @@ The personalization field of this hash is set to::
S.2a: prevouts_digest
'''''''''''''''''''''
This is a BLAKE2b-256 hash initialized with the personalization field value
"ZTxIdPrevoutHash".
``ZTxIdPrevoutHash``.
If the ``SIGHASH_ANYONECANPAY`` flag is not set::
@ -413,10 +419,10 @@ otherwise::
S.2b: sequence_digest
'''''''''''''''''''''
This is a BLAKE2b-256 hash initialized with the personalization field value
"ZTxIdSequencHash".
``ZTxIdSequencHash``.
If none of the ``SIGHASH_ANYONECANPAY``, ``SIGHASH_SINGLE``, or ``SIGHASH_NONE`` flags are
set::
If the ``SIGHASH_ANYONECANPAY`` flag is not set, and the sighash type is neither
``SIGHASH_SINGLE`` nor ``SIGHASH_NONE``::
identical to the value of ``sequence_digest`` as specified for the
transaction identifier in section T.2b.
@ -429,22 +435,22 @@ otherwise::
S.2c: outputs_digest
''''''''''''''''''''
This is a BLAKE2b-256 hash initialized with the personalization field value
"ZTxIdOutputsHash".
``ZTxIdOutputsHash``.
If none of the ``SIGHASH_SINGLE`` or ``SIGHASH_NONE`` flags are set::
If the sighash type is neither ``SIGHASH_SINGLE`` nor ``SIGHASH_NONE``::
identical to the value of ``outputs_digest`` as specified for the
transaction identifier in section T.2c.
If the ``SIGHASH_SINGLE`` flag is set and the signature hash is being computed for
If the sighash type is ``SIGHASH_SINGLE`` and the signature hash is being computed for
the transparent input at a particular index, and a transparent output appears in
the transaction at that index::
the hash is updated with the transaction serialized form of the
transparent output at that index, and finalized.
If the ``SIGHASH_SINGLE`` flag is set and the signature is being computed for
a shielded input, or if the ``SIGHASH_NONE`` flag is set::
If the sighash type is ``SIGHASH_SINGLE`` and the signature is being computed for
a shielded input, or if the sighash type is ``SIGHASH_NONE``::
the hash is immediately finalized, without being updated with any
additional data
@ -452,7 +458,7 @@ a shielded input, or if the ``SIGHASH_NONE`` flag is set::
S.2d: txin_sig_digest
'''''''''''''''''''''
This is a BLAKE2b-256 hash initialized with the personalization field value
"Zcash___TxInHash" (3 underscores).
``Zcash___TxInHash`` (3 underscores).
If the signature hash is being computed for a transparent input, the hash
is updated with the following properties of that input::
@ -505,7 +511,7 @@ The personalization field of this hash is set to::
"ZTxAuthHash_" || CONSENSUS_BRANCH_ID
"ZTxAuthHash_" has 1 underscore character.
``ZTxAuthHash_`` has 1 underscore character.
A.1: transparent_scripts_digest
```````````````````````````````