mirror of https://github.com/zcash/zips.git
Specify KA^Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
7481181d43
commit
bf03ab51fc
|
@ -5830,13 +5830,24 @@ $\BlakeTwobOf{256}{p, x}$ is defined in \crossref{concreteblake2}.
|
|||
\sapling{
|
||||
\subsubsubsection{\Sapling \KeyAgreement} \label{concretesaplingkeyagreement}
|
||||
|
||||
The \keyAgreementScheme specified in \crossref{abstractkeyagreement} is
|
||||
instantiated using Diffie-Hellman with cofactor multiplication on $\JubjubCurve$
|
||||
as follows.
|
||||
$\KASapling$ is a \keyAgreementScheme as specified in \crossref{abstractkeyagreement}.
|
||||
|
||||
Let $\KASaplingPublic$ and $\KASaplingSharedSecret$ be the type of compressed
|
||||
$\JubjubCurve$ points $\CompressedEdwardsJubjub$, and let $\KASaplingPrivate$ be
|
||||
the type of $\JubjubCurve$ secret keys. \todo{expand this}
|
||||
It is instantiated as Diffie-Hellman with cofactor multiplication on $\JubjubCurve$
|
||||
as follows:
|
||||
|
||||
Let $\GroupJ$ and the cofactor $\ParamJ{h}$ be as defined in \crossref{jubjub}.
|
||||
|
||||
Define $\KASaplingPublic := \GroupJ$.
|
||||
|
||||
Define $\KASaplingSharedSecret := \GroupJ$.
|
||||
|
||||
Define $\KASaplingPrivate := \GF{\ParamJ{r}}$.
|
||||
|
||||
Define $\KASaplingFormatPrivate(x) := x$.
|
||||
|
||||
Define $\KASaplingDerivePublic(\sk, B) := \scalarmult{\sk}{B}$.
|
||||
|
||||
Define $\KASaplingAgree(\sk, P) := \scalarmult{\ParamJ{h} \mult \sk}{P}$.
|
||||
} %sapling
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue