mirror of https://github.com/zcash/zips.git
Clarify conversions between bit and byte sequences.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood
parent
9498de38f9
commit
a6245e3f68
|
|
@ -3032,8 +3032,8 @@ are derived as follows:
|
|||
\begin{lrbox}{\crhivkinputbox}
|
||||
\begin{bytefield}[bitwidth=0.06em]{512}
|
||||
\sapling{
|
||||
\sbitbox{256}{$256$-bit $\LEBStoOSPOf{256}{\reprJOf{\AuthSignPublic}\kern 0.1em}$} &
|
||||
\sbitbox{256}{$256$-bit $\LEBStoOSPOf{256}{\reprJOf{\AuthProvePublic}\kern 0.1em}$}
|
||||
\sbitbox{256}{$256$-bit $\reprJOf{\AuthSignPublic}$} &
|
||||
\sbitbox{256}{$256$-bit $\reprJOf{\AuthProvePublic}$}
|
||||
}
|
||||
\end{bytefield}
|
||||
\end{lrbox}
|
||||
|
|
@ -4210,8 +4210,8 @@ $\BlakeTwobOf{256}{\ascii{ZcashComputehSig}, x}$ must be \collisionResistant on
|
|||
\begin{lrbox}{\crhivkbox}
|
||||
\setsapling
|
||||
\begin{bytefield}[bitwidth=0.05em]{512}
|
||||
\sbitbox{256}{$256$-bit $\reprJOf{\AuthSignPublic}$} &
|
||||
\sbitbox{256}{$256$-bit $\reprJOf{\AuthProvePublic}$}
|
||||
\sbitbox{256}{$256$-bit $\LEBStoOSPOf{256}{\AuthSignPublicRepr}$} &
|
||||
\sbitbox{256}{$256$-bit $\LEBStoOSPOf{256}{\AuthProvePublicRepr}$}
|
||||
\end{bytefield}
|
||||
\end{lrbox}
|
||||
|
||||
|
|
@ -4618,8 +4618,8 @@ be necessary.})
|
|||
\newsavebox{\expandbox}
|
||||
\begin{lrbox}{\expandbox}
|
||||
\setsapling
|
||||
\begin{bytefield}[bitwidth=0.038em]{264}
|
||||
\sbitbox{256}{$256$-bit $\SpendingKey$} &
|
||||
\begin{bytefield}[bitwidth=0.042em]{264}
|
||||
\sbitbox{256}{$\LEBStoOSPOf{256}{\SpendingKey}$} &
|
||||
\sbitbox{80}{$8$-bit $t$}
|
||||
\end{bytefield}
|
||||
\end{lrbox}
|
||||
|
|
@ -4627,9 +4627,9 @@ be necessary.})
|
|||
\newsavebox{\nfsaplingbox}
|
||||
\begin{lrbox}{\nfsaplingbox}
|
||||
\setsapling
|
||||
\begin{bytefield}[bitwidth=0.038em]{512}
|
||||
\sbitbox{256}{$256$-bit $\reprJ(\AuthProvePublic)$} &
|
||||
\sbitbox{256}{$256$-bit $\reprJ(\NoteAddressRand)$}
|
||||
\begin{bytefield}[bitwidth=0.046em]{512}
|
||||
\sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\AuthProvePublic}}$} &
|
||||
\sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\NoteAddressRand}}$}
|
||||
\end{bytefield}
|
||||
\end{lrbox}
|
||||
|
||||
|
|
@ -4793,8 +4793,8 @@ the type of $\JubjubCurve$ secret keys. \todo{expand this}
|
|||
\setsapling
|
||||
\begin{bytefield}[bitwidth=0.07em]{544}
|
||||
\sbitbox{80}{$32$-bit $\OutputIndex$} &
|
||||
\sbitbox{256}{$256$-bit $\reprJOf{\DHSecret{}}$} &
|
||||
\sbitbox{256}{$256$-bit $\reprJOf{\EphemeralPublic}$}
|
||||
\sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\DHSecret{}}}$} &
|
||||
\sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\EphemeralPublic}}$}
|
||||
\end{bytefield}
|
||||
\end{lrbox}
|
||||
|
||||
|
|
@ -5302,12 +5302,6 @@ Define $\reprJ \typecolon \GroupJ \rightarrow \bitseq{\ellJ}$ such
|
|||
that $\reprJOf{u, \varv} = \ItoLEBSP{256}(\varv + 2^{255} \smult \tilde{u})$, where
|
||||
$\tilde{u} = u \bmod 2$.
|
||||
|
||||
\todo{Representing this as a bit string is problematic because we normally encode
|
||||
most-significant-bit first within a byte, so that would result in the wrong
|
||||
(i.e. non-standard) encoding as a byte sequence. It's a tricky specification
|
||||
problem that we get away with elsewhere in the spec mostly by luck. Maybe keep
|
||||
the representation as an integer?}
|
||||
|
||||
Let $\abstJ \typecolon \bitseq{\ellJ} \rightarrow \GroupJ \union \setof{\bot}$
|
||||
be the left inverse of $\reprJ$ such that if $S$ is not in the range of
|
||||
$\reprJ$, then $\abstJOf{S} = \bot$.
|
||||
|
|
@ -5808,8 +5802,8 @@ The raw encoding of a \Sapling \paymentAddress consists of:
|
|||
\vspace{2ex}
|
||||
\begin{equation*}
|
||||
\begin{bytefield}[bitwidth=0.07em]{344}
|
||||
\sbitbox{88}{$88$-bit $\Diversifier$}
|
||||
\sbitbox{256}{$256$-bit $\reprJOf{\DiversifiedTransmitPublic}$}
|
||||
\sbitbox{120}{$\LEBStoOSPOf{88}{\Diversifier}$}
|
||||
\sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\DiversifiedTransmitPublic}}$}
|
||||
\end{bytefield}
|
||||
\end{equation*}
|
||||
|
||||
|
|
@ -5926,8 +5920,8 @@ The raw encoding of a \fullViewingKey consists of:
|
|||
\vspace{2ex}
|
||||
\begin{equation*}
|
||||
\begin{bytefield}[bitwidth=0.07em]{512}
|
||||
\sbitbox{256}{$256$-bit $\reprJOf{\AuthSignPublic}$}
|
||||
\sbitbox{256}{$256$-bit $\reprJOf{\AuthProvePublic}$}
|
||||
\sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\AuthSignPublic}}$}
|
||||
\sbitbox{256}{$\LEBStoOSPOf{256}{\reprJOf{\AuthProvePublic}}$}
|
||||
\end{bytefield}
|
||||
\end{equation*}
|
||||
|
||||
|
|
@ -6005,7 +5999,7 @@ The raw encoding of a \Sapling \spendingKey consists of:
|
|||
\vspace{2ex}
|
||||
\begin{equation*}
|
||||
\begin{bytefield}[bitwidth=0.07em]{256}
|
||||
\sbitbox{256}{$256$-bit $\SpendingKey$}
|
||||
\sbitbox{256}{$\LEBStoOSPOf{256}{\SpendingKey}$}
|
||||
\end{bytefield}
|
||||
\end{equation*}
|
||||
|
||||
|
|
@ -7528,6 +7522,8 @@ Daira Hopwood, Sean Bowe, and Jack Grigg.
|
|||
\item Updates to \Sapling construction, changing how the \nullifier is
|
||||
computed and separating it from the \authRandomizedVerifyingKey
|
||||
($\AuthSignRandomizedPublic$).
|
||||
\item Clarify conversions between bit and byte sequences for
|
||||
$\SpendingKey$, $\reprJOf{\AuthSignPublic}$, and $\reprJOf{\AuthProvePublic}$.
|
||||
}
|
||||
\item Change the \texttt{Makefile} to avoid multiple reloads in PDF readers while
|
||||
rebuilding the PDF.
|
||||
|
|
|
|||
Loading…
Reference in New Issue