mirror of https://github.com/zcash/zips.git
Correct the note about domain separators for PRF^expand in \crossref{abstractprfs},
and ensure that new domain separators for deriving internal keys from ZIPs 32 and 316 are included. Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood
parent
cf1995c2ed
commit
b57f6d1487
|
|
@ -3885,26 +3885,28 @@ $\PRFnf{Orchard}{} $&$\typecolon\; \NullifierKeyTypeOrchard $&$\times\; \N
|
|||
\end{tabular}
|
||||
} %nufive
|
||||
|
||||
\sapling{
|
||||
\introlist
|
||||
$\PRFexpand{}$ is used in the following places:
|
||||
\begin{itemize}
|
||||
\item \crossref{saplingkeycomponents}, with inputs $[0]$, $[1]$, $[2]$, and $[3, i \typecolon \byte]$;
|
||||
\nufiveonwarditem{in \crossref{orchardkeycomponents}, with inputs $[6]$, $[7]$, $[8]$, and $[\hexint{82}]$
|
||||
\item \sapling{\crossref{saplingkeycomponents}, with inputs $[0]$, $[1]$, $[2]$, and $[3, i \typecolon \byte]$;}
|
||||
\nufiveonwarditem{in \crossref{orchardkeycomponents}, with inputs $[6]$, $[7]$, $[8]$, and with first byte $\hexint{82}$
|
||||
(the last of these is also specified in \cite{ZIP-32});}
|
||||
\notnufive{
|
||||
\item sending (\crossref{saplingsend}) and receiving (\crossref{saplingandorchardinband}) \Sapling \notes,
|
||||
with inputs $[4]$ and $[5]$;
|
||||
\item \sapling{sending (\crossref{saplingsend}) and receiving (\crossref{saplingandorchardinband}) \Sapling \notes,
|
||||
with inputs $[4]$ and $[5]$;}
|
||||
} %notnufive
|
||||
\notbeforenufive{
|
||||
\item in the processes of sending (\crossref{saplingsend}\nufive{ and \crossref{orchardsend}}) and of receiving
|
||||
\item \sapling{in the processes of sending (\crossref{saplingsend}\nufive{ and \crossref{orchardsend}}) and of receiving
|
||||
(\crossref{saplingandorchardinband}) \notes, with inputs $[4]$ and $[5]$\nufive{, and for \Orchard
|
||||
$[t] \bconcat \NoteUniqueRandBytes$ with $t \in \setof{4, 5, 9}$};
|
||||
$[t] \bconcat \NoteUniqueRandBytes$ with $t \in \setof{4, 5, 9}$};}
|
||||
} %notbeforenufive
|
||||
\item in \cite{ZIP-32}, with inputs $[0]$, $[1]$, $[2]$ (intentionally matching \shortcrossref{saplingkeycomponents}),
|
||||
$[t \typecolon \range{16}{22}]$,\notnufive{ and} $[\hexint{80}]$\nufive{, and $[\hexint{81}]$}.
|
||||
\item in \cite{ZIP-32}, \sapling{with inputs $[0]$, $[1]$, $[2]$ (intentionally matching \shortcrossref{saplingkeycomponents}),
|
||||
$[\hexint{10}]$, $[\hexint{13}]$, $[\hexint{14}]$, and} with first byte in
|
||||
$\setof{\sapling{\hexint{11}, \hexint{12}, \hexint{15}, \hexint{16}, \hexint{17}, \hexint{18},\,}\hexint{80}\nufive{, \hexint{81}, \hexint{82}, \hexint{83}}}$;
|
||||
\item in \cite{ZIP-316}, with first byte $\hexint{D0}$.
|
||||
\end{itemize}
|
||||
|
||||
\sapling{
|
||||
$\PRFock{Sapling}{}$\notnufive{ is}\nufive{ and $\PRFock{Orchard}{}$ are} used in \crossref{saplingandorchardinband}.
|
||||
|
||||
$\PRFnf{Sapling}{}$ is used in \crossref{spendstatement}.
|
||||
|
|
@ -14540,6 +14542,9 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
|||
conclusions are that such attacks could not feasibly result in any equivocation
|
||||
of the decrypted data, or in recovery of $\OutViewingKey$ or $\OutCipherKey$.
|
||||
\end{itemize}
|
||||
\item Correct the note about domain separators for $\PRFexpand{}$ in \crossref{abstractprfs},
|
||||
and ensure that new domain separators for deriving internal keys from \cite{ZIP-32} and
|
||||
\cite{ZIP-316} are included.
|
||||
\end{itemize}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue