diff --git a/protocol/protocol.tex b/protocol/protocol.tex index 8cba180e..3f095aeb 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -3032,8 +3032,8 @@ are derived as follows: \begin{lrbox}{\crhivkinputbox} \begin{bytefield}[bitwidth=0.06em]{512} \sapling{ - \sbitbox{256}{$256$-bit $\LEBStoOSPOf{256}{\reprJOf{\AuthSignPublic}\kern 0.1em}$} & - \sbitbox{256}{$256$-bit $\LEBStoOSPOf{256}{\reprJOf{\AuthProvePublic}\kern 0.1em}$} + \sbitbox{256}{$256$-bit $\reprJOf{\AuthSignPublic}$} & + \sbitbox{256}{$256$-bit $\reprJOf{\AuthProvePublic}$} } \end{bytefield} \end{lrbox} @@ -4210,8 +4210,8 @@ $\BlakeTwobOf{256}{\ascii{ZcashComputehSig}, x}$ must be \collisionResistant on \begin{lrbox}{\crhivkbox} \setsapling \begin{bytefield}[bitwidth=0.05em]{512} - \sbitbox{256}{$256$-bit $\reprJOf{\AuthSignPublic}$} & - \sbitbox{256}{$256$-bit $\reprJOf{\AuthProvePublic}$} + \sbitbox{256}{$256$-bit $\LEBStoOSPOf{256}{\AuthSignPublicRepr}$} & + \sbitbox{256}{$256$-bit $\LEBStoOSPOf{256}{\AuthProvePublicRepr}$} \end{bytefield} \end{lrbox} @@ -4618,8 +4618,8 @@ be necessary.}) \newsavebox{\expandbox} \begin{lrbox}{\expandbox} \setsapling -\begin{bytefield}[bitwidth=0.038em]{264} - \sbitbox{256}{$256$-bit $\SpendingKey$} & +\begin{bytefield}[bitwidth=0.042em]{264} + \sbitbox{256}{$\LEBStoOSPOf{256}{\SpendingKey}$} & \sbitbox{80}{$8$-bit $t$} \end{bytefield} \end{lrbox} @@ -4627,9 +4627,9 @@ be necessary.}) \newsavebox{\nfsaplingbox} \begin{lrbox}{\nfsaplingbox} \setsapling -\begin{bytefield}[bitwidth=0.038em]{512} - \sbitbox{256}{$256$-bit $\reprJ(\AuthProvePublic)$} & - \sbitbox{256}{$256$-bit $\reprJ(\NoteAddressRand)$} +\begin{bytefield}[bitwidth=0.046em]{512} + \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\AuthProvePublic}}$} & + \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\NoteAddressRand}}$} \end{bytefield} \end{lrbox} @@ -4793,8 +4793,8 @@ the type of $\JubjubCurve$ secret keys. \todo{expand this} \setsapling \begin{bytefield}[bitwidth=0.07em]{544} \sbitbox{80}{$32$-bit $\OutputIndex$} & - \sbitbox{256}{$256$-bit $\reprJOf{\DHSecret{}}$} & - \sbitbox{256}{$256$-bit $\reprJOf{\EphemeralPublic}$} + \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\DHSecret{}}}$} & + \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\EphemeralPublic}}$} \end{bytefield} \end{lrbox} @@ -5302,12 +5302,6 @@ Define $\reprJ \typecolon \GroupJ \rightarrow \bitseq{\ellJ}$ such that $\reprJOf{u, \varv} = \ItoLEBSP{256}(\varv + 2^{255} \smult \tilde{u})$, where $\tilde{u} = u \bmod 2$. -\todo{Representing this as a bit string is problematic because we normally encode -most-significant-bit first within a byte, so that would result in the wrong -(i.e. non-standard) encoding as a byte sequence. It's a tricky specification -problem that we get away with elsewhere in the spec mostly by luck. Maybe keep -the representation as an integer?} - Let $\abstJ \typecolon \bitseq{\ellJ} \rightarrow \GroupJ \union \setof{\bot}$ be the left inverse of $\reprJ$ such that if $S$ is not in the range of $\reprJ$, then $\abstJOf{S} = \bot$. @@ -5808,8 +5802,8 @@ The raw encoding of a \Sapling \paymentAddress consists of: \vspace{2ex} \begin{equation*} \begin{bytefield}[bitwidth=0.07em]{344} - \sbitbox{88}{$88$-bit $\Diversifier$} - \sbitbox{256}{$256$-bit $\reprJOf{\DiversifiedTransmitPublic}$} + \sbitbox{120}{$\LEBStoOSPOf{88}{\Diversifier}$} + \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\DiversifiedTransmitPublic}}$} \end{bytefield} \end{equation*} @@ -5926,8 +5920,8 @@ The raw encoding of a \fullViewingKey consists of: \vspace{2ex} \begin{equation*} \begin{bytefield}[bitwidth=0.07em]{512} - \sbitbox{256}{$256$-bit $\reprJOf{\AuthSignPublic}$} - \sbitbox{256}{$256$-bit $\reprJOf{\AuthProvePublic}$} + \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\AuthSignPublic}}$} + \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\AuthProvePublic}}$} \end{bytefield} \end{equation*} @@ -6005,7 +5999,7 @@ The raw encoding of a \Sapling \spendingKey consists of: \vspace{2ex} \begin{equation*} \begin{bytefield}[bitwidth=0.07em]{256} - \sbitbox{256}{$256$-bit $\SpendingKey$} + \sbitbox{256}{$\LEBStoOSPOf{256}{\SpendingKey}$} \end{bytefield} \end{equation*} @@ -7528,6 +7522,8 @@ Daira Hopwood, Sean Bowe, and Jack Grigg. \item Updates to \Sapling construction, changing how the \nullifier is computed and separating it from the \authRandomizedVerifyingKey ($\AuthSignRandomizedPublic$). + \item Clarify conversions between bit and byte sequences for + $\SpendingKey$, $\reprJOf{\AuthSignPublic}$, and $\reprJOf{\AuthProvePublic}$. } \item Change the \texttt{Makefile} to avoid multiple reloads in PDF readers while rebuilding the PDF.