zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Clarify what "collision-resistant across all x" means. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2016-01-28 23:55:17 +00:00
parent b3da327877
commit a7d75007fa
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
protocol/protocol.tex
View File

@ -197,8 +197,10 @@ different from the $\SHAOrig$ function, which hashes arbitrary-length strings.
\subparagraph{}
$\PRF{x}{}$ is a pseudo-random function seeded by $x$. Three \emph{independent}
$\PRF{x}{}$ are needed in our scheme: $\PRFaddr{x}$, $\PRFsn{x}$, and
$\PRFpk{x}$. It is required that $\PRFsn{x}$ be collision-resistant across all $x$.
$\PRF{x}{}$ are needed in our scheme: $\PRFaddr{x}$, $\PRFsn{x}$, and $\PRFpk{x}$.
It is required that $\PRFsn{x}$ be collision-resistant across all $x$ --- i.e. it
should not be feasible to find $(x, y) \neq (x', y')$ such that
$\PRFsn{x}(y) = \PRFsn{x'}(y')$.
In \Zcash, the $\SHAName$ function is used to construct all three of these
functions. The bits $\mathtt{00}$, $\mathtt{01}$ and $\mathtt{10}$ are included