zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Specify KA^Sapling. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2018-04-21 07:20:42 +01:00
parent 7481181d43
commit bf03ab51fc
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
protocol/protocol.tex
View File

@ -5830,13 +5830,24 @@ $\BlakeTwobOf{256}{p, x}$ is defined in \crossref{concreteblake2}.
\sapling{
\subsubsubsection{\Sapling \KeyAgreement} \label{concretesaplingkeyagreement}
The \keyAgreementScheme specified in \crossref{abstractkeyagreement} is
instantiated using Diffie-Hellman with cofactor multiplication on $\JubjubCurve$
as follows.
$\KASapling$ is a \keyAgreementScheme as specified in \crossref{abstractkeyagreement}.
Let $\KASaplingPublic$ and $\KASaplingSharedSecret$ be the type of compressed
$\JubjubCurve$ points $\CompressedEdwardsJubjub$, and let $\KASaplingPrivate$ be
the type of $\JubjubCurve$ secret keys. \todo{expand this}
It is instantiated as Diffie-Hellman with cofactor multiplication on $\JubjubCurve$
as follows:
Let $\GroupJ$ and the cofactor $\ParamJ{h}$ be as defined in \crossref{jubjub}.
Define $\KASaplingPublic := \GroupJ$.
Define $\KASaplingSharedSecret := \GroupJ$.
Define $\KASaplingPrivate := \GF{\ParamJ{r}}$.
Define $\KASaplingFormatPrivate(x) := x$.
Define $\KASaplingDerivePublic(\sk, B) := \scalarmult{\sk}{B}$.
Define $\KASaplingAgree(\sk, P) := \scalarmult{\ParamJ{h} \mult \sk}{P}$.
} %sapling