zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cosmetics. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2021-06-28 17:57:56 +01:00
parent ca6d988177
commit c6247f4bd5
1 changed files with 9 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
protocol/protocol.tex
View File

@ -5588,11 +5588,10 @@ The encoded \transaction is submitted to the peer-to-peer network.
\nufive{
\vspace{-2ex}
\vspace{-1ex}
\introlist
\lsubsubsection{Sending Notes (\OrchardText)}{orchardsend}
\vspace{-1ex}
In order to send \Orchard \shielded value, the sender constructs a \transaction
with one or more \actionDescriptions. This section describes how to produce the
output-related fields of an \actionDescription.
@ -5613,12 +5612,10 @@ Let $\DiversifyHash{Orchard}$ be as specified in \crossref{abstracthashes}.
\vspace{-0.25ex}
Let $\ToScalar{Orchard}$ and $\ToBase{Orchard}$ be as specified in \crossref{orchardkeycomponents}.
\vspace{-0.25ex}
Let $\reprP$, $\ParamP{r}$, and the \pallasCurve be as defined in \crossref{pallasandvesta}.
Let $\ExtractPbot$ be as defined in \crossref{concreteextractorpallas}.
\vspace{-0.25ex}
Let $\ItoLEOSP{}$ be as defined in \crossref{endian}.
\vspace{0.5ex}
@ -5636,21 +5633,17 @@ and a destination \Orchard \shieldedPaymentAddress $(\Diversifier, \DiversifiedT
performs the following steps:
\begin{algorithm}
\vspace{-0.75ex}
\vspace{-0.5ex}
\item Check that $\DiversifiedTransmitPublic$ is of type $\KAPublic{Orchard}$.
\item Calculate $\DiversifiedTransmitBase = \DiversifyHash{Orchard}(\Diversifier)$.
\vspace{-0.25ex}
\item Choose a uniformly random \commitmentTrapdoor $\ValueCommitRand \leftarrowR \ValueCommitGenTrapdoor{Orchard}()$.
\vspace{-0.25ex}
\item Choose uniformly random $\NoteSeedBytes \leftarrowR \NoteSeedBytesType$.
\vspace{-0.25ex}
\item Let $\NoteUniqueRand = \nfOld{}$ from the same \actionDescription, and let $\NoteUniqueRandBytes = \ItoLEOSPOf{256}{\NoteUniqueRand}$.
\item Derive $\EphemeralPrivate = \ToScalar{Orchard}\big(\PRFexpand{\NoteSeedBytes}([4] \bconcat \NoteUniqueRandBytes)\kern-0.1em\big)$.
\item Derive $\NoteCommitRand = \ToScalar{Orchard}\big(\PRFexpand{\NoteSeedBytes}([5] \bconcat \NoteUniqueRandBytes)\kern-0.11em\big)$.
\item Derive $\NoteNullifierRand = \ToBase{Orchard}\big(\PRFexpand{\NoteSeedBytes}([9] \bconcat \NoteUniqueRandBytes)\kern-0.09em\big)$.
\item Let $\cvNet{}$ be the \valueCommitment to the value of the input \note minus the value $\Value$
of the output \note for this \actionTransfer, using $\ValueCommitRand$, as described in \crossref{orchardbalance}.
\vspace{-0.25ex}
\item Let $\cmX = \ExtractPbot\big(\NoteCommit{Orchard}{\NoteCommitRand}(\reprP\Of{\DiversifiedTransmitBase},
\reprP\Of{\DiversifiedTransmitPublic},
\Value, \NoteUniqueRand, \NoteNullifierRand)\kern-0.1em\big)$.
@ -5670,12 +5663,11 @@ performs the following steps:
\item Return $(\cv, \cmX, \EphemeralPublic, \TransmitCiphertext{}, \OutCiphertext, \Proof{})$.
\end{algorithm}
\vspace{-1.5ex}
\vspace{-0.5ex}
If no real \Orchard \note is being spent in the same \actionTransfer, the sender
\SHOULD create a \dummyNote to spend as described in \crossref{orcharddummynotes},
and use that \dummyNote's \nullifier as the $\NoteUniqueRand$ value.
\vspace{-0.25ex}
In order to minimize information leakage, the sender \SHOULD randomize the order of
\actionDescriptions in a \transaction. Other considerations relating to information
leakage from the structure of \transactions are beyond the scope of this specification.
@ -5683,46 +5675,38 @@ The encoded \transaction is submitted to the peer-to-peer network.
} %nufive
\vspace{-2ex}
\lsubsection{Dummy Notes}{dummynotes}
\vspace{-1.5ex}
\lsubsubsection{Dummy Notes (\SproutText)}{sproutdummynotes}
\vspace{-1.5ex}
The fields in a \joinSplitDescription allow for $\NOld$ input \notes, and
$\NNew$ output \notes. In practice, we may wish to encode a \joinSplitTransfer
with fewer input or output \notes. This is achieved using \defining{\dummyNotes}.
\introlist
\vspace{0.25ex}
\vspace{0.5ex}
Let $\AuthPrivateLength$ and $\PRFOutputLengthSprout$ be as defined in \crossref{constants}.
\vspace{-0.25ex}
\introlist
Let $\PRFnf{Sprout}{}$ be as defined in \crossref{abstractprfs}.
\vspace{-0.25ex}
Let $\NoteCommitAlg{Sprout}$ be as defined in \crossref{abstractcommit}.
\introlist
\vspace{0.5ex}
A \dummy \Sprout input \note, with index $i$ in the \joinSplitDescription,
is constructed as follows:
\vspace{-0.5ex}
\begin{itemize}
\item Generate a new uniformly random \spendingKey $\AuthPrivateOld{i} \leftarrowR \bitseq{\AuthPrivateLength}$
and derive its \payingKey $\AuthPublicOld{i}$.
\vspace{-0.6ex}
\vspace{-0.4ex}
\item Set $\vOld{i} = 0$.
\vspace{-0.8ex}
\vspace{-0.4ex}
\item Choose uniformly random $\NoteUniqueRandOld{i} \leftarrowR \PRFOutputSprout$
and $\NoteCommitRandOld{i} \leftarrowR \NoteCommitGenTrapdoor{Sprout}()$.
\vspace{-0.2ex}
\item Compute $\nfOld{i} = \PRFnf{Sprout}{\AuthPrivateOld{i}}(\NoteUniqueRandOld{i})$.
\vspace{-0.2ex}
\item Let $\TreePath{i}$ be a \dummy \merklePath for the
\auxiliaryInput to the \joinSplitStatement (this will not be checked).
\vspace{-0.2ex}
\item When generating the \joinSplitProof\!\!, set $\EnforceMerklePath{i}$ to $0$.
\end{itemize}
@ -7913,12 +7897,14 @@ Define:
} %nufive
\item $\Uncommitted{Sprout} \typecolon \bitseq{\MerkleHashLength{Sprout}} := \zeros{\MerkleHashLength{Sprout}}$
\sapling{
\vspace{-0.25ex}
\item $\Uncommitted{Sapling} \typecolon \bitseq{\MerkleHashLength{Sapling}} := \ItoLEBSPOf{\MerkleHashLength{Sapling}}{1}$
} %sapling
\nufive{
\vspace{-1ex}
\item $\Uncommitted{Orchard} \typecolon \GroupPx := 2$
} %nufive
\vspace{0.25ex}
\item $\MAXMONEY \typecolon \Nat := 2.1 \smult 10^{15}$ (\zatoshi)
\blossom{
\item $\BlossomActivationHeight \typecolon \Nat := \begin{cases}