mirror of https://github.com/zcash/zips.git
Clarify what "collision-resistant across all x" means.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
b3da327877
commit
a7d75007fa
|
@ -197,8 +197,10 @@ different from the $\SHAOrig$ function, which hashes arbitrary-length strings.
|
||||||
\subparagraph{}
|
\subparagraph{}
|
||||||
|
|
||||||
$\PRF{x}{}$ is a pseudo-random function seeded by $x$. Three \emph{independent}
|
$\PRF{x}{}$ is a pseudo-random function seeded by $x$. Three \emph{independent}
|
||||||
$\PRF{x}{}$ are needed in our scheme: $\PRFaddr{x}$, $\PRFsn{x}$, and
|
$\PRF{x}{}$ are needed in our scheme: $\PRFaddr{x}$, $\PRFsn{x}$, and $\PRFpk{x}$.
|
||||||
$\PRFpk{x}$. It is required that $\PRFsn{x}$ be collision-resistant across all $x$.
|
It is required that $\PRFsn{x}$ be collision-resistant across all $x$ --- i.e. it
|
||||||
|
should not be feasible to find $(x, y) \neq (x', y')$ such that
|
||||||
|
$\PRFsn{x}(y) = \PRFsn{x'}(y')$.
|
||||||
|
|
||||||
In \Zcash, the $\SHAName$ function is used to construct all three of these
|
In \Zcash, the $\SHAName$ function is used to construct all three of these
|
||||||
functions. The bits $\mathtt{00}$, $\mathtt{01}$ and $\mathtt{10}$ are included
|
functions. The bits $\mathtt{00}$, $\mathtt{01}$ and $\mathtt{10}$ are included
|
||||||
|
|
Loading…
Reference in New Issue