diff --git a/protocol/protocol.pdf b/protocol/protocol.pdf index 7285e95f..ababefe9 100644 Binary files a/protocol/protocol.pdf and b/protocol/protocol.pdf differ diff --git a/protocol/protocol.tex b/protocol/protocol.tex index 7349c84b..9d191b8d 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -183,6 +183,8 @@ \newcommand{\CoinAddressRandNew}[1]{\mathsf{\uprho^{new}_\mathnormal{#1}}} \newcommand{\CoinAddressPreRand}{\mathsf{\upvarphi}} \newcommand{\CoinCommitS}{\mathsf{s}} +\newcommand{\sn}{\mathsf{nf}} +\newcommand{\snOld}[1]{\sn^\mathsf{old}_\mathnormal{#1}} \newcommand{\hSigInputVersionByte}{\hexint{C1}} \newcommand{\Memo}{\mathsf{memo}} \newcommand{\CurveMultiply}{\mathsf{Curve25519}} @@ -209,7 +211,7 @@ \newcommand{\Clamp}{\mathsf{clamp_{Curve25519}}} \newcommand{\PRF}[2]{\mathsf{{PRF}^{#2}_\mathnormal{#1}}} \newcommand{\PRFaddr}[1]{\PRF{#1}{addr}} -\newcommand{\PRFsn}[1]{\PRF{#1}{rn}} +\newcommand{\PRFsn}[1]{\PRF{#1}{\sn}} \newcommand{\PRFpk}[1]{\PRF{#1}{pk}} \newcommand{\PRFrho}[1]{\PRF{#1}{\CoinAddressRand}} \newcommand{\PRFdk}[1]{\PRF{#1}{dk}} @@ -225,8 +227,6 @@ % merkle tree \newcommand{\MerkleDepth}{\mathsf{d}} -\newcommand{\sn}{\mathsf{rn}} -\newcommand{\snOld}[1]{\mathsf{{rn}^{old}_\mathnormal{#1}}} % bitcoin \newcommand{\vin}{\mathtt{vin}} @@ -717,7 +717,7 @@ as a fee. A \pourDescription is data included in a \block that describes a \pourTransfer, i.e. a confidential value transfer. This kind of value transfer is the primary -\Zerocash-specific operation performed by transactions; it uses, but should not be +\Zcash-specific operation performed by transactions; it uses, but should not be confused with, the \PourCircuit used for the \zkSNARK proof and verification. A \pourTransfer spends $\NOld$ \coins $\cOld{\allOld}$ and transparent input @@ -767,18 +767,19 @@ A value $\vpubOld$ that the \PourTransfer removes from the value pool. \\ \hline into the value pool. \\ \hline 32 & $\anchorField$ & \type{char[32]} & A merkle root $\rt$ of the \coinCommitmentTree at -some block height in the past, or the merkle root produced by a previous xfer in +some block height in the past, or the merkle root produced by a previous \pourTransfer in this transaction. \sean{We need to be more specific here.} \\ \hline -64 & $\serials$ & \type{char[32][$\NOld$]} & A sequence of \serialNumbers $\snOld{\allOld}$. \\ \hline +64 & $\serials$ & \type{char[32][$\NOld$]} & A sequence of \serialNumbers of the input +\coins $\snOld{\allOld}$. \\ \hline -64 & $\commitments$ & \type{char[32][$\NNew$]}. & A sequence of \coinCommitments -$\cmNew{\allNew}$. \\ \hline +64 & $\commitments$ & \type{char[32][$\NNew$]}. & A sequence of \coinCommitments for the +output \coins $\cmNew{\allNew}$. \\ \hline 32 & $\ephemeralKey$ & \type{char[32]} & A Curve25519 public key $\EphemeralPublic$. \\ \hline 288 & $\encCiphertexts$ & \type{char[144][$\NNew$]} & A sequence of ciphertext -components, $\TransmitCiphertext{\allNew}$. \\ \hline +components for the encrypted output \coins, $\TransmitCiphertext{\allNew}$. \\ \hline \setchanged 32 &\setchanged $\randomSeed$ &\setchanged \type{char[32]} &\mbox{}\setchanged A 256-bit seed that must be chosen independently at random for each \pourDescription. \\ \hline