zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

PRF^nr must be collision-resistant. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2018-02-12 13:06:12 +00:00
parent 002983854a
commit a5759a0c04
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
protocol/protocol.tex
View File

@ -2159,10 +2159,10 @@ It is used in \crossref{spendstatement}.}
\begin{securityrequirements}
\item Security definitions for \pseudoRandomFunctions are given in \cite[section 4]{BDJR2000}.
\item In addition to being \pseudoRandomFunctions, it is required that
$\PRFnf{x}$\changed{, $\PRFaddr{x}$, and $\PRFrho{x}$} be collision-resistant
across all $x$ --- i.e.\ it should not be feasible to find $(x, y) \neq (x', y')$
such that $\PRFnf{x}(y) = \PRFnf{x'}(y')$\changed{, and similarly for $\PRFaddr{}$
and $\PRFrho{}$}.
$\PRFnf{x}$,\changed{ $\PRFaddr{x}$, \sprout{and} $\PRFrho{x}$}\sapling{, and $\PRFnr{x}$}
be collision-resistant across all $x$ --- i.e.\ finding $(x, y) \neq (x', y')$
such that $\PRFnf{x}(y) = \PRFnf{x'}(y')$ should not be feasible\changed{, and
similarly for $\PRFaddr{}$ and $\PRFrho{}$\sapling{ and $\PRFnr{}$}}.
\end{securityrequirements}
\pnote{$\PRFnf{}$ was called $\PRFsn{}$ in \Zerocash \cite{BCG+2014}.}