mirror of https://github.com/zcash/zips.git
Add a paragraph about security proofs for the encryption scheme.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
0b0e4a6bb7
commit
a6a50618c8
|
@ -3013,6 +3013,15 @@ The motivations for this change were as follows:
|
|||
encrypted in each \joinSplitDescription.
|
||||
\end{itemize}
|
||||
|
||||
The security proofs of \cite{ABR1999} can be adapted straightforwardly to the
|
||||
resulting scheme. Although DHAES as defined in that paper does not pass the
|
||||
recipient public key or a public seed to the hash function $H$, this does not
|
||||
impair the proof because we can consider $H$ to be the specialization of our
|
||||
KDF to a given recipient key and seed. It is necessary to adapt the
|
||||
``HDH independence'' assumptions and the proof slightly to take into account
|
||||
that the ephemeral key is reused for two encryptions.
|
||||
|
||||
|
||||
\nsubsection{Omission in \Zerocash security proof} \label{crprf}
|
||||
|
||||
The abstract \Zerocash protocol requires $\PRFaddr{}$ only to be a PRF;
|
||||
|
|
Loading…
Reference in New Issue