mirror of https://github.com/zcash/zips.git
Clarify rationale for personalization changes.
Also clarify terminology around signature hash flags vs. types.
This commit is contained in:
parent
4b8a78c51b
commit
a424153462
32
zip-0244.rst
32
zip-0244.rst
|
@ -148,7 +148,7 @@ The personalization field of this hash is set to::
|
|||
|
||||
"ZcashTxHash_" || CONSENSUS_BRANCH_ID
|
||||
|
||||
"ZcashTxHash_" has 1 underscore character.
|
||||
``ZcashTxHash_`` has 1 underscore character.
|
||||
|
||||
As in ZIP 143 [#zip-0143]_, CONSENSUS_BRANCH_ID is the 4-byte little-endian encoding of
|
||||
the consensus branch ID for the epoch of the block containing the transaction. Domain
|
||||
|
@ -156,6 +156,12 @@ separation of the transaction id hash across parallel consensus branches provide
|
|||
protection: transactions targeted for one consensus branch will not have the same
|
||||
transaction identifier on other consensus branches.
|
||||
|
||||
This signature hash personalization prefix has been changed to reflect the new role of
|
||||
this hash (relative to ``ZcashSigHash`` as specified in ZIP 143) as a transaction
|
||||
identifier rather than a commitment that is exclusively used for signature purposes.
|
||||
The previous computation of the transaction identifier was a SHA256d hash of the
|
||||
serialized transaction contents, and was not personalized.
|
||||
|
||||
T.1: header_digest
|
||||
``````````````````
|
||||
A BLAKE2b-256 hash of the following values ::
|
||||
|
@ -365,7 +371,7 @@ The personalization field of this hash is set to::
|
|||
|
||||
"ZcashTxHash_" || CONSENSUS_BRANCH_ID
|
||||
|
||||
"ZcashTxHash_" has 1 underscore character.
|
||||
``ZcashTxHash_`` has 1 underscore character.
|
||||
|
||||
This value has the same personalization as the top hash of the transaction
|
||||
identifier digest tree, so that what is being signed in the case that there are
|
||||
|
@ -398,7 +404,7 @@ The personalization field of this hash is set to::
|
|||
S.2a: prevouts_digest
|
||||
'''''''''''''''''''''
|
||||
This is a BLAKE2b-256 hash initialized with the personalization field value
|
||||
"ZTxIdPrevoutHash".
|
||||
``ZTxIdPrevoutHash``.
|
||||
|
||||
If the ``SIGHASH_ANYONECANPAY`` flag is not set::
|
||||
|
||||
|
@ -413,10 +419,10 @@ otherwise::
|
|||
S.2b: sequence_digest
|
||||
'''''''''''''''''''''
|
||||
This is a BLAKE2b-256 hash initialized with the personalization field value
|
||||
"ZTxIdSequencHash".
|
||||
``ZTxIdSequencHash``.
|
||||
|
||||
If none of the ``SIGHASH_ANYONECANPAY``, ``SIGHASH_SINGLE``, or ``SIGHASH_NONE`` flags are
|
||||
set::
|
||||
If the ``SIGHASH_ANYONECANPAY`` flag is not set, and the sighash type is neither
|
||||
``SIGHASH_SINGLE`` nor ``SIGHASH_NONE``::
|
||||
|
||||
identical to the value of ``sequence_digest`` as specified for the
|
||||
transaction identifier in section T.2b.
|
||||
|
@ -429,22 +435,22 @@ otherwise::
|
|||
S.2c: outputs_digest
|
||||
''''''''''''''''''''
|
||||
This is a BLAKE2b-256 hash initialized with the personalization field value
|
||||
"ZTxIdOutputsHash".
|
||||
``ZTxIdOutputsHash``.
|
||||
|
||||
If none of the ``SIGHASH_SINGLE`` or ``SIGHASH_NONE`` flags are set::
|
||||
If the sighash type is neither ``SIGHASH_SINGLE`` nor ``SIGHASH_NONE``::
|
||||
|
||||
identical to the value of ``outputs_digest`` as specified for the
|
||||
transaction identifier in section T.2c.
|
||||
|
||||
If the ``SIGHASH_SINGLE`` flag is set and the signature hash is being computed for
|
||||
If the sighash type is ``SIGHASH_SINGLE`` and the signature hash is being computed for
|
||||
the transparent input at a particular index, and a transparent output appears in
|
||||
the transaction at that index::
|
||||
|
||||
the hash is updated with the transaction serialized form of the
|
||||
transparent output at that index, and finalized.
|
||||
|
||||
If the ``SIGHASH_SINGLE`` flag is set and the signature is being computed for
|
||||
a shielded input, or if the ``SIGHASH_NONE`` flag is set::
|
||||
If the sighash type is ``SIGHASH_SINGLE`` and the signature is being computed for
|
||||
a shielded input, or if the sighash type is ``SIGHASH_NONE``::
|
||||
|
||||
the hash is immediately finalized, without being updated with any
|
||||
additional data
|
||||
|
@ -452,7 +458,7 @@ a shielded input, or if the ``SIGHASH_NONE`` flag is set::
|
|||
S.2d: txin_sig_digest
|
||||
'''''''''''''''''''''
|
||||
This is a BLAKE2b-256 hash initialized with the personalization field value
|
||||
"Zcash___TxInHash" (3 underscores).
|
||||
``Zcash___TxInHash`` (3 underscores).
|
||||
|
||||
If the signature hash is being computed for a transparent input, the hash
|
||||
is updated with the following properties of that input::
|
||||
|
@ -505,7 +511,7 @@ The personalization field of this hash is set to::
|
|||
|
||||
"ZTxAuthHash_" || CONSENSUS_BRANCH_ID
|
||||
|
||||
"ZTxAuthHash_" has 1 underscore character.
|
||||
``ZTxAuthHash_`` has 1 underscore character.
|
||||
|
||||
A.1: transparent_scripts_digest
|
||||
```````````````````````````````
|
||||
|
|
Loading…
Reference in New Issue