mirror of https://github.com/zcash/zips.git
Cosmetics (spacing).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
0b8a4b3d90
commit
c5c34cf93c
|
@ -6947,6 +6947,7 @@ For details of the form and encoding of \actionStatement proofs, see \crossref{h
|
||||||
|
|
||||||
\lsubsection{In-band secret distribution\pSproutOrNothingText}{sproutinband}
|
\lsubsection{In-band secret distribution\pSproutOrNothingText}{sproutinband}
|
||||||
|
|
||||||
|
\vspace{-1ex}
|
||||||
\sprout{The}\notsprout{In \Sprout, the} secrets that need to be transmitted
|
\sprout{The}\notsprout{In \Sprout, the} secrets that need to be transmitted
|
||||||
to a recipient of funds in order for them to later spend, are $\Value$,
|
to a recipient of funds in order for them to later spend, are $\Value$,
|
||||||
$\NoteUniqueRand$, and $\NoteCommitRand$. \canopy{(After \Canopy activation,
|
$\NoteUniqueRand$, and $\NoteCommitRand$. \canopy{(After \Canopy activation,
|
||||||
|
@ -6959,13 +6960,14 @@ To transmit these secrets securely to a recipient
|
||||||
possession of the associated \incomingViewingKey $\InViewingKey$ is used to
|
possession of the associated \incomingViewingKey $\InViewingKey$ is used to
|
||||||
reconstruct the original \note\changed{ and \memo}.
|
reconstruct the original \note\changed{ and \memo}.
|
||||||
|
|
||||||
|
\introlist
|
||||||
A single \ephemeralPublicKey is shared between encryptions of the $\NNew$
|
A single \ephemeralPublicKey is shared between encryptions of the $\NNew$
|
||||||
\shieldedOutputs in a \joinSplitDescription. All of the resulting ciphertexts
|
\shieldedOutputs in a \joinSplitDescription. All of the resulting ciphertexts
|
||||||
are combined to form a \notesCiphertextSprout.
|
are combined to form a \notesCiphertextSprout.
|
||||||
|
|
||||||
\introlist
|
|
||||||
For both encryption and decryption,
|
For both encryption and decryption,
|
||||||
|
|
||||||
|
\vspace{-0.5ex}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item let $\Sym$ be the scheme instantiated in \crossref{concretesym};
|
\item let $\Sym$ be the scheme instantiated in \crossref{concretesym};
|
||||||
\vspace{-0.5ex}
|
\vspace{-0.5ex}
|
||||||
|
@ -6983,29 +6985,32 @@ For both encryption and decryption,
|
||||||
\vspace{-1ex}
|
\vspace{-1ex}
|
||||||
Let $\KA{Sprout}$ be the \keyAgreementScheme instantiated in \crossref{concretesproutkeyagreement}.
|
Let $\KA{Sprout}$ be the \keyAgreementScheme instantiated in \crossref{concretesproutkeyagreement}.
|
||||||
|
|
||||||
\vspace{-0.5ex}
|
\vspace{-0.75ex}
|
||||||
Let $\TransmitPublicSub{\allNew}$ be the \transmissionKeys
|
Let $\TransmitPublicSub{\allNew}$ be the \transmissionKeys
|
||||||
for the intended recipient addresses of each new \note.
|
for the intended recipient addresses of each new \note.
|
||||||
|
|
||||||
|
\vspace{-0.5ex}
|
||||||
Let $\NotePlaintext{\allNew}$ be \Sprout \notePlaintexts
|
Let $\NotePlaintext{\allNew}$ be \Sprout \notePlaintexts
|
||||||
defined in \crossref{notept}.
|
defined in \crossref{notept}.
|
||||||
|
|
||||||
\introlist
|
\introlist
|
||||||
\vspace{1ex}
|
\vspace{0.5ex}
|
||||||
Then to encrypt:
|
Then to encrypt:
|
||||||
|
|
||||||
|
\vspace{-0.5ex}
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\changed{
|
\changed{
|
||||||
\item Generate a new $\KA{Sprout}$ (public, private) key pair
|
\item Generate a new $\KA{Sprout}$ (public, private) key pair $(\EphemeralPublic, \EphemeralPrivate)$.
|
||||||
$(\EphemeralPublic, \EphemeralPrivate)$.
|
\vspace{-0.5ex}
|
||||||
\item For $i \in \setofNew$,
|
\item For $i \in \setofNew$,
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Let $\TransmitPlaintext{i}$ be the \rawEncoding of $\NotePlaintext{i}$.
|
\item Let $\TransmitPlaintext{i}$ be the \rawEncoding of $\NotePlaintext{i}$.
|
||||||
|
\vspace{-0.5ex}
|
||||||
\item Let $\DHSecret{i} = \KAAgree{Sprout}(\EphemeralPrivate,
|
\item Let $\DHSecret{i} = \KAAgree{Sprout}(\EphemeralPrivate,
|
||||||
\TransmitPublicSub{i})$.
|
\TransmitPublicSub{i})$.
|
||||||
|
\vspace{-0.5ex}
|
||||||
\item Let $\TransmitKey{i} = \KDF{Sprout}(i, \hSig, \DHSecret{i}, \EphemeralPublic,
|
\item Let $\TransmitKey{i} = \KDF{Sprout}(i, \hSig, \DHSecret{i}, \EphemeralPublic,
|
||||||
\TransmitPublicSub{i})$.
|
\TransmitPublicSub{i})$.
|
||||||
\vspace{0.5ex}
|
|
||||||
\item Let $\TransmitCiphertext{i} =
|
\item Let $\TransmitCiphertext{i} =
|
||||||
\SymEncrypt{\TransmitKey{i}}(\TransmitPlaintext{i})$.
|
\SymEncrypt{\TransmitKey{i}}(\TransmitPlaintext{i})$.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
@ -7026,8 +7031,10 @@ further security considerations, for example of how to validate a \Sprout{}
|
||||||
\note received out-of-band, which are not addressed in this document.
|
\note received out-of-band, which are not addressed in this document.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
\vspace{-2ex}
|
||||||
\lsubsubsection{Decryption\pSproutOrNothingText}{sproutdecrypt}
|
\lsubsubsection{Decryption\pSproutOrNothingText}{sproutdecrypt}
|
||||||
|
|
||||||
|
\vspace{-1ex}
|
||||||
Let $\InViewingKey = (\AuthPublic, \TransmitPrivate)$ be the recipient's \incomingViewingKey,
|
Let $\InViewingKey = (\AuthPublic, \TransmitPrivate)$ be the recipient's \incomingViewingKey,
|
||||||
and let $\TransmitPublic$ be the corresponding \transmissionKey derived from
|
and let $\TransmitPublic$ be the corresponding \transmissionKey derived from
|
||||||
$\TransmitPrivate$ as specified in \crossref{sproutkeycomponents}.
|
$\TransmitPrivate$ as specified in \crossref{sproutkeycomponents}.
|
||||||
|
@ -7041,10 +7048,12 @@ component $(\EphemeralPublic, \TransmitCiphertext{i})$ as follows:
|
||||||
|
|
||||||
\changed{
|
\changed{
|
||||||
\begin{formulae}
|
\begin{formulae}
|
||||||
\vspace{-0.5ex}
|
\vspace{-0.5ex}
|
||||||
\item let $\DHSecret{i} = \KAAgree{Sprout}(\TransmitPrivate, \EphemeralPublic)$
|
\item let $\DHSecret{i} = \KAAgree{Sprout}(\TransmitPrivate, \EphemeralPublic)$
|
||||||
|
\vspace{-0.5ex}
|
||||||
\item let $\TransmitKey{i} = \KDF{Sprout}(i, \hSig, \DHSecret{i}, \EphemeralPublic,
|
\item let $\TransmitKey{i} = \KDF{Sprout}(i, \hSig, \DHSecret{i}, \EphemeralPublic,
|
||||||
\TransmitPublic)$
|
\TransmitPublic)$
|
||||||
|
\vspace{-0.5ex}
|
||||||
\item return $\DecryptNoteSprout(\TransmitKey{i}, \TransmitCiphertext{i}, \cm_i,
|
\item return $\DecryptNoteSprout(\TransmitKey{i}, \TransmitCiphertext{i}, \cm_i,
|
||||||
\AuthPublic).$
|
\AuthPublic).$
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
|
@ -7056,17 +7065,22 @@ is defined as follows:
|
||||||
\begin{formulae}
|
\begin{formulae}
|
||||||
\item let $\TransmitPlaintext{i} =
|
\item let $\TransmitPlaintext{i} =
|
||||||
\SymDecrypt{\TransmitKey{i}}(\TransmitCiphertext{i})$
|
\SymDecrypt{\TransmitKey{i}}(\TransmitCiphertext{i})$
|
||||||
|
\vspace{-0.5ex}
|
||||||
\item if $\TransmitPlaintext{i} = \bot$, return $\bot$
|
\item if $\TransmitPlaintext{i} = \bot$, return $\bot$
|
||||||
|
\vspace{-1.5ex}
|
||||||
\item extract $\NotePlaintext{i} = (\NotePlaintextLeadByte_i \typecolon \byte,
|
\item extract $\NotePlaintext{i} = (\NotePlaintextLeadByte_i \typecolon \byte,
|
||||||
\Value_i \typecolon \ValueType,
|
\Value_i \typecolon \ValueType,
|
||||||
\NoteUniqueRand_i \typecolon \PRFOutputSprout,
|
\NoteUniqueRand_i \typecolon \PRFOutputSprout,
|
||||||
\NoteCommitRand_i \typecolon \NoteCommitTrapdoor{Sprout},
|
\NoteCommitRand_i \typecolon \NoteCommitTrapdoor{Sprout},
|
||||||
\Memo_i \typecolon \MemoType)$ from $\TransmitPlaintext{i}$
|
\Memo_i \typecolon \MemoType)$ from $\TransmitPlaintext{i}$
|
||||||
|
\vspace{-0.5ex}
|
||||||
\item if $\NotePlaintextLeadByte_i \neq \hexint{00}$ or $\NoteCommitment{Sprout}((\AuthPublic, \Value_i, \NoteUniqueRand_i,
|
\item if $\NotePlaintextLeadByte_i \neq \hexint{00}$ or $\NoteCommitment{Sprout}((\AuthPublic, \Value_i, \NoteUniqueRand_i,
|
||||||
\NoteCommitRand_i)) \neq \cm_i$, return $\bot$, else return $\NotePlaintext{i}$.
|
\NoteCommitRand_i)) \neq \cm_i$, return $\bot$, else return $\NotePlaintext{i}$.
|
||||||
\end{formulae}
|
\end{formulae}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
\vspace{-0.5ex}
|
||||||
|
\introlist
|
||||||
To test whether a \note is unspent in a particular \blockChain also requires
|
To test whether a \note is unspent in a particular \blockChain also requires
|
||||||
the \spendingKey $\AuthPrivate$; the coin is unspent if and only if
|
the \spendingKey $\AuthPrivate$; the coin is unspent if and only if
|
||||||
$\nf = \PRFnf{Sprout}{\AuthPrivate}(\NoteUniqueRand)$ is not in the \nullifierSet
|
$\nf = \PRFnf{Sprout}{\AuthPrivate}(\NoteUniqueRand)$ is not in the \nullifierSet
|
||||||
|
@ -7090,6 +7104,7 @@ engineering rationale behind this encryption scheme.
|
||||||
\sapling{
|
\sapling{
|
||||||
\extralabel{saplinginband}{\lsubsection{In-band secret distribution (\SaplingAndOrchardText)}{saplingandorchardinband}}
|
\extralabel{saplinginband}{\lsubsection{In-band secret distribution (\SaplingAndOrchardText)}{saplingandorchardinband}}
|
||||||
|
|
||||||
|
\vspace{-1ex}
|
||||||
In \SaplingAndOrchard, the secrets that need to be transmitted to a recipient of funds
|
In \SaplingAndOrchard, the secrets that need to be transmitted to a recipient of funds
|
||||||
in order for them to later spend, are $\Diversifier$, $\Value$, and $\NoteCommitRand$.
|
in order for them to later spend, are $\Diversifier$, $\Value$, and $\NoteCommitRand$.
|
||||||
A \memo (\crossref{noteptconcept}) is also transmitted.
|
A \memo (\crossref{noteptconcept}) is also transmitted.
|
||||||
|
@ -7130,8 +7145,10 @@ For both encryption and decryption,
|
||||||
|
|
||||||
|
|
||||||
\sapling{
|
\sapling{
|
||||||
|
\vspace{-2ex}
|
||||||
\extralabel{saplingencrypt}{\lsubsubsection{Encryption (\SaplingAndOrchardText)}{saplingandorchardencrypt}}
|
\extralabel{saplingencrypt}{\lsubsubsection{Encryption (\SaplingAndOrchardText)}{saplingandorchardencrypt}}
|
||||||
|
|
||||||
|
\vspace{-1ex}
|
||||||
Let $\DiversifiedTransmitPublic \typecolon \KAPublicPrimeSubgroup{}$ be the
|
Let $\DiversifiedTransmitPublic \typecolon \KAPublicPrimeSubgroup{}$ be the
|
||||||
\diversifiedTransmissionKey for the intended recipient address of a new \SaplingOrOrchard \note,
|
\diversifiedTransmissionKey for the intended recipient address of a new \SaplingOrOrchard \note,
|
||||||
and let $\DiversifiedTransmitBase \typecolon \KAPublicPrimeSubgroup{}$ be the corresponding
|
and let $\DiversifiedTransmitBase \typecolon \KAPublicPrimeSubgroup{}$ be the corresponding
|
||||||
|
@ -7142,6 +7159,7 @@ Since \Sapling \note encryption is used only in the context of \crossref{sapling
|
||||||
$\DiversifiedTransmitBase$ has already been calculated and is not $\bot$. Also, the \ephemeralPrivateKey
|
$\DiversifiedTransmitBase$ has already been calculated and is not $\bot$. Also, the \ephemeralPrivateKey
|
||||||
$\EphemeralPrivate$ has been chosen.
|
$\EphemeralPrivate$ has been chosen.
|
||||||
|
|
||||||
|
\introlist
|
||||||
Let $\OutViewingKey \typecolon \maybe{\OutViewingKeyType}$ be as described in \shortcrossref{saplingsend}\nufive{ or
|
Let $\OutViewingKey \typecolon \maybe{\OutViewingKeyType}$ be as described in \shortcrossref{saplingsend}\nufive{ or
|
||||||
\shortcrossref{orchardsend}}, i.e.\ the \outgoingViewingKey of the \shieldedPaymentAddress from which the \note is being
|
\shortcrossref{orchardsend}}, i.e.\ the \outgoingViewingKey of the \shieldedPaymentAddress from which the \note is being
|
||||||
spent, or an \outgoingViewingKey associated with a \cite{ZIP-32} account, or $\bot$.
|
spent, or an \outgoingViewingKey associated with a \cite{ZIP-32} account, or $\bot$.
|
||||||
|
@ -7199,6 +7217,7 @@ received out-of-band, which are not addressed in this document.
|
||||||
\sapling{
|
\sapling{
|
||||||
\extralabel{saplingdecryptivk}{\lsubsubsection{Decryption using an Incoming Viewing Key (\SaplingAndOrchardText)}{decryptivk}}
|
\extralabel{saplingdecryptivk}{\lsubsubsection{Decryption using an Incoming Viewing Key (\SaplingAndOrchardText)}{decryptivk}}
|
||||||
|
|
||||||
|
\vspace{-1ex}
|
||||||
Let $\InViewingKey \typecolon \InViewingKeyTypeSapling$\notbeforenufive{ (in \Sapling)\nufive{ or
|
Let $\InViewingKey \typecolon \InViewingKeyTypeSapling$\notbeforenufive{ (in \Sapling)\nufive{ or
|
||||||
$\InViewingKeyTypeOrchard$ (in \Orchard)}} be the recipient's \incomingViewingKey, as specified in
|
$\InViewingKeyTypeOrchard$ (in \Orchard)}} be the recipient's \incomingViewingKey, as specified in
|
||||||
\crossref{saplingkeycomponents}\nufive{ or \crossref{orchardkeycomponents}}.
|
\crossref{saplingkeycomponents}\nufive{ or \crossref{orchardkeycomponents}}.
|
||||||
|
|
Loading…
Reference in New Issue