mirror of https://github.com/zcash/zips.git
Cosmetics.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
f189fb122f
commit
b2f78a33cc
|
@ -147,6 +147,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\DeclareMathSymbol{\binampersand}{\mathbin}{bskadd}{"EE}
|
||||
|
||||
\newcommand{\hairspace}{~\!}
|
||||
\newcommand{\hparen}{\hphantom{(}}
|
||||
|
||||
\newcommand{\hfrac}[2]{\scalebox{0.8}{$\genfrac{}{}{0.5pt}{0}{#1}{#2}$}}
|
||||
|
||||
|
@ -698,6 +699,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\newcommand{\vmacs}{\mathtt{vmacs}}
|
||||
\newcommand{\GroupG}[1]{\mathbb{G}_{#1}}
|
||||
\newcommand{\PointP}[1]{\mathcal{P}_{#1}}
|
||||
\newcommand{\xP}{{x_{\hspace{-0.12em}P}}}
|
||||
\newcommand{\yP}{{y_{\hspace{-0.03em}P}}}
|
||||
\newcommand{\GF}[1]{\mathbb{F}_{#1}}
|
||||
\newcommand{\GFstar}[1]{\mathbb{F}^\ast_{#1}}
|
||||
\newcommand{\ECtoOSP}{\mathsf{EC2OSP}}
|
||||
|
@ -1903,27 +1906,25 @@ attempts to add a \nullifier to the \nullifierSet that already exists in the set
|
|||
A valid instance of $\JoinSplitProof$ assures that given a \term{primary input}:
|
||||
|
||||
\begin{formulae}
|
||||
\item $(\rt \typecolon \MerkleHash,
|
||||
\nfOld{\allOld} \typecolon \typeexp{\PRFOutput}{\NOld},
|
||||
\cmNew{\allNew} \typecolon \typeexp{\CommitOutput}{\NNew},
|
||||
\changed{\vpubOld \typecolon \range{0}{2^{64}-1},}\,
|
||||
\vpubNew \typecolon \range{0}{2^{64}-1},\\
|
||||
\hphantom{(}
|
||||
\hSig \typecolon \hSigType,
|
||||
\h{\allOld} \typecolon \typeexp{\PRFOutput}{\NOld})$,
|
||||
\item $(\rt \typecolon \MerkleHash,\\
|
||||
\hparen\nfOld{\allOld} \typecolon \typeexp{\PRFOutput}{\NOld},\vspace{0.4ex}\\
|
||||
\hparen\cmNew{\allNew} \typecolon \typeexp{\CommitOutput}{\NNew},\vspace{0.8ex}\\
|
||||
\hparen\changed{\vpubOld \typecolon \range{0}{2^{64}-1},}\vspace{0.4ex}\\
|
||||
\hparen\vpubNew \typecolon \range{0}{2^{64}-1},\\
|
||||
\hparen\hSig \typecolon \hSigType,\\
|
||||
\hparen\h{\allOld} \typecolon \typeexp{\PRFOutput}{\NOld})$,
|
||||
\end{formulae}
|
||||
|
||||
\introlist
|
||||
the prover knows an \term{auxiliary input}:
|
||||
|
||||
\begin{formulae}
|
||||
\item $(\treepath{\allOld} \typecolon \typeexp{\typeexp{\MerkleHash}{\MerkleDepth}}{\NOld},
|
||||
\nOld{\allOld} \typecolon \typeexp{\NoteType}{\NOld},
|
||||
\AuthPrivateOld{\allOld} \typecolon \typeexp{\bitseq{\AuthPrivateLength}}{\NOld},
|
||||
\nNew{\allNew} \typecolon \typeexp{\NoteType}{\NOld}\changed{,}\\
|
||||
\hphantom{(}
|
||||
\changed{\NoteAddressPreRand \typecolon \bitseq{\NoteAddressPreRandLength},
|
||||
\EnforceMerklePath{\allOld} \typecolon \bitseq{\NOld}})$,
|
||||
\item $(\treepath{\allOld} \typecolon \typeexp{\typeexp{\MerkleHash}{\MerkleDepth}}{\NOld},\\
|
||||
\hparen\nOld{\allOld} \typecolon \typeexp{\NoteType}{\NOld},\\
|
||||
\hparen\AuthPrivateOld{\allOld} \typecolon \typeexp{\bitseq{\AuthPrivateLength}}{\NOld},\\
|
||||
\hparen\nNew{\allNew} \typecolon \typeexp{\NoteType}{\NNew}\changed{,}\vspace{0.8ex}\\
|
||||
\hparen\changed{\NoteAddressPreRand \typecolon \bitseq{\NoteAddressPreRandLength},}\\
|
||||
\hparen\changed{\EnforceMerklePath{\allOld} \typecolon \bitseq{\NOld}})$,
|
||||
\end{formulae}
|
||||
|
||||
\introlist
|
||||
|
@ -2810,7 +2811,7 @@ Let $r = 21888242871839275222246405745257275088548364400416034343698204186575808
|
|||
|
||||
Let $b = 3$.
|
||||
|
||||
($q$ and $r$ are prime.)
|
||||
(\hairspace $q$ and $r$ are prime.)
|
||||
|
||||
\introlist
|
||||
The pairing is of type $\GroupG{1} \times \GroupG{2} \rightarrow \GroupG{T}$, where:
|
||||
|
@ -2901,24 +2902,24 @@ Define $\ItoOSP{} \typecolon (k \typecolon \Nat) \times \range{0}{256^k\!-\!1} \
|
|||
representing $n$ in big-endian order.
|
||||
|
||||
\introlist
|
||||
For a point $P \typecolon \GroupG{1} = (x_P, y_P)$:
|
||||
For a point $P \typecolon \GroupG{1} = (\xP, \yP)$:
|
||||
|
||||
\begin{itemize}
|
||||
\item The field elements $x_P$ and $y_P \typecolon \GF{q}$ are represented as
|
||||
\item The field elements $\xP$ and $\yP \typecolon \GF{q}$ are represented as
|
||||
integers $x$ and $y \typecolon \range{0}{q\!-\!1}$.
|
||||
\item Let $\tilde{y} = y \bmod 2$.
|
||||
\item $P$ is encoded as $\Justthebox{\gonebox}$.
|
||||
\end{itemize}
|
||||
|
||||
\introlist
|
||||
For a point $P \typecolon \GroupG{2} = (x_P, y_P)$:
|
||||
For a point $P \typecolon \GroupG{2} = (\xP, \yP)$:
|
||||
|
||||
\begin{itemize}
|
||||
\item A field element $w \typecolon \GF{q^2}$ is represented as
|
||||
a polynomial $a_{w,1} \mult t + a_{w,0} \typecolon \GF{q}[t]$ modulo $t^2 + 1$.
|
||||
Define $\FEtoIP \typecolon \GF{q^2} \rightarrow \range{0}{q^2\!-\!1}$ such that
|
||||
$\FEtoIP(w) = a_{w,1} \mult q + a_{w,0}$.
|
||||
\item Let $x = \FEtoIP(x_P)$, $y = \FEtoIP(y_P)$, and $y' = \FEtoIP(-y_P)$.
|
||||
\item Let $x = \FEtoIP(\xP)$, $y = \FEtoIP(\yP)$, and $y' = \FEtoIP(-\yP)$.
|
||||
\item Let $\tilde{y} = \begin{cases}
|
||||
1, &\caseif y > y' \\
|
||||
0, &\caseotherwise.
|
||||
|
|
Loading…
Reference in New Issue