mirror of https://github.com/zcash/zips.git
Add cross references for RedDSA batch verification appendix.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
7450495335
commit
af90f0c4af
|
@ -6455,7 +6455,7 @@ The encoding of a public key is as defined in \cite{BDLSY2012}.
|
||||||
|
|
||||||
|
|
||||||
\sapling{
|
\sapling{
|
||||||
\subsubsection{\RedDSAAndRedJubjub} \label{concreteredjubjub}
|
\subsubsection{\RedDSAAndRedJubjub} \label{concretereddsa} \label{concreteredjubjub}
|
||||||
|
|
||||||
$\RedDSA$ is a Schnorr-based \signatureScheme, optionally supporting key re-randomization
|
$\RedDSA$ is a Schnorr-based \signatureScheme, optionally supporting key re-randomization
|
||||||
as described in \crossref{abstractsigrerand}. It also supports a
|
as described in \crossref{abstractsigrerand}. It also supports a
|
||||||
|
@ -9568,6 +9568,9 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
||||||
|
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item No changes to \Sprout.
|
\item No changes to \Sprout.
|
||||||
|
\sapling{
|
||||||
|
\item Add cross references for parameters and functions used in $\RedDSA$ batch verification.
|
||||||
|
} %sapling
|
||||||
\item \texttt{Makefile} changes: name the PDF file for the \Sprout version of the specification as \texttt{sprout.pdf},
|
\item \texttt{Makefile} changes: name the PDF file for the \Sprout version of the specification as \texttt{sprout.pdf},
|
||||||
and make \texttt{protocol.pdf} link to the \Sapling version.
|
and make \texttt{protocol.pdf} link to the \Sapling version.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
@ -11338,14 +11341,24 @@ cryptanalytic attention to confidently use them for \Sapling.
|
||||||
|
|
||||||
\subsection{\RedDSAText{} batch verification} \label{reddsabatchverify}
|
\subsection{\RedDSAText{} batch verification} \label{reddsabatchverify}
|
||||||
|
|
||||||
The reference verification algorithm for $\RedDSA$ signatures is defined in \crossref{concreteredjubjub}.
|
The reference verification algorithm for $\RedDSA$ signatures is defined in \crossref{concretereddsa}.
|
||||||
|
|
||||||
|
Let the $\RedDSA$ parameters $\GroupG{}$ (defining a subgroup $\SubgroupG$ of order $\ParamG{r}$,
|
||||||
|
a cofactor $\ParamG{h}$, a group operation $+$, an additive identity $\ZeroG{}$, a bit-length $\ellG{}$,
|
||||||
|
a representation function $\reprG{}$, and an abstraction function $\abstG{}$); $\GenG{} \typecolon \GroupG{}$;
|
||||||
|
$\RedDSAHashLength \typecolon \Nat$; $\RedDSAHash \typecolon \byteseqs \rightarrow \byteseq{\RedDSAHashLength/8}$;
|
||||||
|
and the derived hash function $\RedDSAHashToScalar \typecolon \byteseqs \rightarrow \GF{\ParamG{r}}$
|
||||||
|
be as defined in that section.
|
||||||
|
|
||||||
|
\vspace{2ex}
|
||||||
Implementations \MAY alternatively use the optimized procedure described in this section to perform
|
Implementations \MAY alternatively use the optimized procedure described in this section to perform
|
||||||
faster verification of a batch of signatures, i.e.\ to determine whether all signatures in a batch are valid.
|
faster verification of a batch of signatures, i.e.\ to determine whether all signatures in a batch are valid.
|
||||||
Its input is a sequence of $N$ \quotedterm{batch entries}, each of which is a
|
Its input is a sequence of $N$ \quotedterm{batch entries}, each of which is a
|
||||||
(public key, message, signature) triple.
|
(public key, message, signature) triple.
|
||||||
|
|
||||||
\vspace{2ex}
|
\vspace{2ex}
|
||||||
|
Let $\LEOStoBSP{}$, $\LEOStoIP{}$, and $\LEBStoOSP{}$ be as defined in \crossref{endian}.
|
||||||
|
|
||||||
Define $\RedDSABatchEntry := \RedDSAPublic \times \RedDSAMessage \times \RedDSASignature$.
|
Define $\RedDSABatchEntry := \RedDSAPublic \times \RedDSAMessage \times \RedDSASignature$.
|
||||||
|
|
||||||
\introlist
|
\introlist
|
||||||
|
|
Loading…
Reference in New Issue