mirror of https://github.com/zcash/zips.git
PRF^nr must be collision-resistant.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
002983854a
commit
a5759a0c04
|
@ -2159,10 +2159,10 @@ It is used in \crossref{spendstatement}.}
|
|||
\begin{securityrequirements}
|
||||
\item Security definitions for \pseudoRandomFunctions are given in \cite[section 4]{BDJR2000}.
|
||||
\item In addition to being \pseudoRandomFunctions, it is required that
|
||||
$\PRFnf{x}$\changed{, $\PRFaddr{x}$, and $\PRFrho{x}$} be collision-resistant
|
||||
across all $x$ --- i.e.\ it should not be feasible to find $(x, y) \neq (x', y')$
|
||||
such that $\PRFnf{x}(y) = \PRFnf{x'}(y')$\changed{, and similarly for $\PRFaddr{}$
|
||||
and $\PRFrho{}$}.
|
||||
$\PRFnf{x}$,\changed{ $\PRFaddr{x}$, \sprout{and} $\PRFrho{x}$}\sapling{, and $\PRFnr{x}$}
|
||||
be collision-resistant across all $x$ --- i.e.\ finding $(x, y) \neq (x', y')$
|
||||
such that $\PRFnf{x}(y) = \PRFnf{x'}(y')$ should not be feasible\changed{, and
|
||||
similarly for $\PRFaddr{}$ and $\PRFrho{}$\sapling{ and $\PRFnr{}$}}.
|
||||
\end{securityrequirements}
|
||||
|
||||
\pnote{$\PRFnf{}$ was called $\PRFsn{}$ in \Zerocash \cite{BCG+2014}.}
|
||||
|
|
Loading…
Reference in New Issue