mirror of https://github.com/zcash/zips.git
Add cross references for RedDSA batch verification appendix.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
7450495335
commit
af90f0c4af
|
@ -6455,7 +6455,7 @@ The encoding of a public key is as defined in \cite{BDLSY2012}.
|
|||
|
||||
|
||||
\sapling{
|
||||
\subsubsection{\RedDSAAndRedJubjub} \label{concreteredjubjub}
|
||||
\subsubsection{\RedDSAAndRedJubjub} \label{concretereddsa} \label{concreteredjubjub}
|
||||
|
||||
$\RedDSA$ is a Schnorr-based \signatureScheme, optionally supporting key re-randomization
|
||||
as described in \crossref{abstractsigrerand}. It also supports a
|
||||
|
@ -9568,6 +9568,9 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
|||
|
||||
\begin{itemize}
|
||||
\item No changes to \Sprout.
|
||||
\sapling{
|
||||
\item Add cross references for parameters and functions used in $\RedDSA$ batch verification.
|
||||
} %sapling
|
||||
\item \texttt{Makefile} changes: name the PDF file for the \Sprout version of the specification as \texttt{sprout.pdf},
|
||||
and make \texttt{protocol.pdf} link to the \Sapling version.
|
||||
\end{itemize}
|
||||
|
@ -11338,14 +11341,24 @@ cryptanalytic attention to confidently use them for \Sapling.
|
|||
|
||||
\subsection{\RedDSAText{} batch verification} \label{reddsabatchverify}
|
||||
|
||||
The reference verification algorithm for $\RedDSA$ signatures is defined in \crossref{concreteredjubjub}.
|
||||
The reference verification algorithm for $\RedDSA$ signatures is defined in \crossref{concretereddsa}.
|
||||
|
||||
Let the $\RedDSA$ parameters $\GroupG{}$ (defining a subgroup $\SubgroupG$ of order $\ParamG{r}$,
|
||||
a cofactor $\ParamG{h}$, a group operation $+$, an additive identity $\ZeroG{}$, a bit-length $\ellG{}$,
|
||||
a representation function $\reprG{}$, and an abstraction function $\abstG{}$); $\GenG{} \typecolon \GroupG{}$;
|
||||
$\RedDSAHashLength \typecolon \Nat$; $\RedDSAHash \typecolon \byteseqs \rightarrow \byteseq{\RedDSAHashLength/8}$;
|
||||
and the derived hash function $\RedDSAHashToScalar \typecolon \byteseqs \rightarrow \GF{\ParamG{r}}$
|
||||
be as defined in that section.
|
||||
|
||||
\vspace{2ex}
|
||||
Implementations \MAY alternatively use the optimized procedure described in this section to perform
|
||||
faster verification of a batch of signatures, i.e.\ to determine whether all signatures in a batch are valid.
|
||||
Its input is a sequence of $N$ \quotedterm{batch entries}, each of which is a
|
||||
(public key, message, signature) triple.
|
||||
|
||||
\vspace{2ex}
|
||||
Let $\LEOStoBSP{}$, $\LEOStoIP{}$, and $\LEBStoOSP{}$ be as defined in \crossref{endian}.
|
||||
|
||||
Define $\RedDSABatchEntry := \RedDSAPublic \times \RedDSAMessage \times \RedDSASignature$.
|
||||
|
||||
\introlist
|
||||
|
|
Loading…
Reference in New Issue