mirror of https://github.com/zcash/zips.git
PRF^nr must be collision-resistant.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
002983854a
commit
a5759a0c04
|
@ -2159,10 +2159,10 @@ It is used in \crossref{spendstatement}.}
|
||||||
\begin{securityrequirements}
|
\begin{securityrequirements}
|
||||||
\item Security definitions for \pseudoRandomFunctions are given in \cite[section 4]{BDJR2000}.
|
\item Security definitions for \pseudoRandomFunctions are given in \cite[section 4]{BDJR2000}.
|
||||||
\item In addition to being \pseudoRandomFunctions, it is required that
|
\item In addition to being \pseudoRandomFunctions, it is required that
|
||||||
$\PRFnf{x}$\changed{, $\PRFaddr{x}$, and $\PRFrho{x}$} be collision-resistant
|
$\PRFnf{x}$,\changed{ $\PRFaddr{x}$, \sprout{and} $\PRFrho{x}$}\sapling{, and $\PRFnr{x}$}
|
||||||
across all $x$ --- i.e.\ it should not be feasible to find $(x, y) \neq (x', y')$
|
be collision-resistant across all $x$ --- i.e.\ finding $(x, y) \neq (x', y')$
|
||||||
such that $\PRFnf{x}(y) = \PRFnf{x'}(y')$\changed{, and similarly for $\PRFaddr{}$
|
such that $\PRFnf{x}(y) = \PRFnf{x'}(y')$ should not be feasible\changed{, and
|
||||||
and $\PRFrho{}$}.
|
similarly for $\PRFaddr{}$ and $\PRFrho{}$\sapling{ and $\PRFnr{}$}}.
|
||||||
\end{securityrequirements}
|
\end{securityrequirements}
|
||||||
|
|
||||||
\pnote{$\PRFnf{}$ was called $\PRFsn{}$ in \Zerocash \cite{BCG+2014}.}
|
\pnote{$\PRFnf{}$ was called $\PRFsn{}$ in \Zerocash \cite{BCG+2014}.}
|
||||||
|
|
Loading…
Reference in New Issue