mirror of https://github.com/zcash/zips.git
Change the notation for a multiplication constraint to avoid potential confusion with cartesian product.
This addresses a Least Authority comment. Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood
parent
51c84b7556
commit
c9f6d7ae07
|
|
@ -226,6 +226,7 @@
|
|||
\newcommand*{\bigboxminus}[1]{\mathop{\mathpalette\big@boxminus{#1}\relax}\slimits@}
|
||||
\newcommand*{\bigdiamondplus}[1]{\mathop{\mathpalette\big@diamondplus{#1}\relax}\slimits@}
|
||||
\newcommand*{\bigdiamondminus}[1]{\mathop{\mathpalette\big@diamondminus{#1}\relax}\slimits@}
|
||||
\newcommand*{\bigvartimes}[1]{\mathop{\mathpalette\big@vartimes{#1}\relax}\slimits@}
|
||||
|
||||
\newcommand{\big@boxplus}[2]{%
|
||||
\vcenter{\m@th\bigbox@thickness{#1}\hbox{%
|
||||
|
|
@ -261,6 +262,14 @@
|
|||
\polyline(0,0.5)(1,0.5)
|
||||
\end{picture}}}}
|
||||
|
||||
\newcommand{\big@vartimes}[2]{%
|
||||
\vcenter{\m@th\bigbox@thickness{#1}\hbox{%
|
||||
\setlength{\unitlength}{#2}%
|
||||
\begin{picture}(1,1)
|
||||
\polyline(0.2,0.08)(0.8,1)
|
||||
\polyline(0.2,1)(0.8,0.08)
|
||||
\end{picture}}}}
|
||||
|
||||
\newcommand{\bigbox@thickness}[1]{%
|
||||
\ifx#1\displaystyle
|
||||
\linethickness{0.2ex}%
|
||||
|
|
@ -844,6 +853,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\newcommand{\grpzero}{\Zero_{\subgrpplus}}
|
||||
\newcommand{\grpminus}{\bigboxminus{1.8ex}\,}
|
||||
\newcommand{\grpneg}{\bigboxminus{1.8ex}}
|
||||
\newcommand{\vartimes}{\bigvartimes{1.8ex}}
|
||||
\newcommand{\band}{\binampersand}
|
||||
\newcommand{\suband}{\raisebox{-0.6ex}{\kern-0.06em\scalebox{0.65}{$\binampersand$}}}
|
||||
\newcommand{\bchoose}{\;\scalebox{1.2}[1]{\textsf{?}}\;}
|
||||
|
|
@ -859,7 +869,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
|||
\newcommand{\suchthat}{\,\vert\;}
|
||||
\newcommand{\paramdot}{\bigcdot}
|
||||
\newcommand{\lincomb}[1]{\left(\strut\kern-.025em{#1}\kern-0.04em\right)}
|
||||
\newcommand{\constraint}[3]{\lincomb{#1}\hairspace \times\hairspace \lincomb{#2}\hairspace =\hairspace \lincomb{#3}}
|
||||
\newcommand{\constraint}[3]{\lincomb{#1}\hairspace \vartimes\hairspace \lincomb{#2}\hairspace =\hairspace \lincomb{#3}}
|
||||
\newcommand{\lconstraint}[1]{\lincomb{#1}\hairspace \vartimes\mhspace{0.25em}}
|
||||
\newcommand{\maybe}[1]{{#1} \union \setof{\bot}}
|
||||
|
||||
|
||||
|
|
@ -9141,6 +9152,8 @@ found by Brian Warner.}
|
|||
\item Correct or improve the types of $\GroupJHash{}$, $\FindGroupJHash$, $\ExtractJ$, $\PRFexpand{}$, and $\CRHivk$.
|
||||
\item Ensure that \Sprout functions and values are given \Sprout-specific types where appropriate.
|
||||
\item Improve cross-referencing.
|
||||
\item Change the notation for a multiplication constraint in \crossref{circuitdesign} to avoid
|
||||
potential confusion with cartesian product.
|
||||
} %sapling
|
||||
\end{itemize}
|
||||
|
||||
|
|
@ -9851,9 +9864,11 @@ variables in $\GF{\ParamS{r}}$, each of the form:
|
|||
where $\lincomb{A}$, $\lincomb{B}$, and $\lincomb{C}$ are \linearCombinations
|
||||
of variables and constants in $\GF{\ParamS{r}}$.
|
||||
|
||||
Here $\times$ and $\mult$ both represent multiplication in the field $\GF{\ParamS{r}}$,
|
||||
but we use $\times$ for multiplications corresponding to gates of the circuit,
|
||||
Here $\vartimes$ and $\mult$ both represent multiplication in the field $\GF{\ParamS{r}}$,
|
||||
but we use $\vartimes$ for multiplications corresponding to gates of the circuit,
|
||||
and $\mult$ for multiplications by constants in the terms of a \linearCombination.
|
||||
$\vartimes$ should not be confused with $\times$ which is defined as cartesian product
|
||||
in \crossref{notation}.
|
||||
|
||||
\subsection{Elliptic curve background} \label{ecbackground}
|
||||
|
||||
|
|
@ -10435,19 +10450,19 @@ To look up a given window entry $w_{(B,\,i,\,s)} = (u_s, \varv_s)$, where
|
|||
$s = 4 \smult s_2 + 2 \smult s_1 + s_0$, we use:
|
||||
|
||||
\begin{formulae}
|
||||
\item $\lincomb{s_1} \times \lincomb{s_0} = \lincomb{s\suband}$
|
||||
\item $\lincomb{s_2} \times \big(\!- u_0 \smult s\suband \plus u_0 \smult s_1 \plus u_0 \smult s_0 - u_0 \plus u_1 \smult s\suband
|
||||
- u_1 \smult s_0 \plus u_2 \smult s\suband - u_2 \smult s_1 - u_3 \smult s\suband \\
|
||||
\mhspace{3.28em} \plus u_4 \smult s\suband - u_4 \smult s_1 - u_4 \smult s_0 \plus u_4 - u_5 \smult s\suband
|
||||
\plus u_5 \smult s_0 - u_6 \smult s\suband \plus u_6 \smult s_1 \plus u_7 \smult s\suband\big) = \\
|
||||
\mhspace{1.68em} \lincomb{u_s - u_0 \smult s\suband \plus u_0 \smult s_1 \plus u_0 \smult s_0 - u_0 \plus u_1 \smult s\suband
|
||||
- u_1 \smult s_0 \plus u_2 \smult s\suband - u_2 \smult s_1 - u_3 \smult s\suband}$
|
||||
\item $\lincomb{s_2} \times \big(\!- \vv_0 \smult s\suband \plus \vv_0 \smult s_1 \plus \vv_0 \smult s_0 - \vv_0 \plus \vv_1 \smult s\suband
|
||||
- \vv_1 \smult s_0 \plus \vv_2 \smult s\suband - \vv_2 \smult s_1 - \vv_3 \smult s\suband \\
|
||||
\mhspace{3.27em} \plus \vv_4 \smult s\suband - \vv_4 \smult s_1 - \vv_4 \smult s_0 \plus \vv_4 - \vv_5 \smult s\suband
|
||||
\plus \vv_5 \smult s_0 - \vv_6 \smult s\suband \plus \vv_6 \smult s_1 \plus \vv_7 \smult s\suband\big) = \\
|
||||
\mhspace{1.66em} \lincomb{\vv_s - \vv_0 \smult s\suband \plus \vv_0 \smult s_1 \plus \vv_0 \smult s_0 - \vv_0 \plus \vv_1 \smult s\suband
|
||||
- \vv_1 \smult s_0 \plus \vv_2 \smult s\suband - \vv_2 \smult s_1 - \vv_3 \smult s\suband}$
|
||||
\item $\constraint{s_1}{s_0}{s\suband}$
|
||||
\item $\lconstraint{s_2} \big(\!- u_0 \smult s\suband \plus u_0 \smult s_1 \plus u_0 \smult s_0 - u_0 \plus u_1 \smult s\suband
|
||||
- u_1 \smult s_0 \plus u_2 \smult s\suband - u_2 \smult s_1 - u_3 \smult s\suband \\
|
||||
\mhspace{3.52em} \plus u_4 \smult s\suband - u_4 \smult s_1 - u_4 \smult s_0 \plus u_4 - u_5 \smult s\suband
|
||||
\plus u_5 \smult s_0 - u_6 \smult s\suband \plus u_6 \smult s_1 \plus u_7 \smult s\suband\big) = \\
|
||||
\mhspace{1.92em} \lincomb{u_s - u_0 \smult s\suband \plus u_0 \smult s_1 \plus u_0 \smult s_0 - u_0 \plus u_1 \smult s\suband
|
||||
- u_1 \smult s_0 \plus u_2 \smult s\suband - u_2 \smult s_1 - u_3 \smult s\suband}$
|
||||
\item $\lconstraint{s_2} \big(\!- \vv_0 \smult s\suband \plus \vv_0 \smult s_1 \plus \vv_0 \smult s_0 - \vv_0 \plus \vv_1 \smult s\suband
|
||||
- \vv_1 \smult s_0 \plus \vv_2 \smult s\suband - \vv_2 \smult s_1 - \vv_3 \smult s\suband \\
|
||||
\mhspace{3.51em} \plus \vv_4 \smult s\suband - \vv_4 \smult s_1 - \vv_4 \smult s_0 \plus \vv_4 - \vv_5 \smult s\suband
|
||||
\plus \vv_5 \smult s_0 - \vv_6 \smult s\suband \plus \vv_6 \smult s_1 \plus \vv_7 \smult s\suband\big) = \\
|
||||
\mhspace{1.90em} \lincomb{\vv_s - \vv_0 \smult s\suband \plus \vv_0 \smult s_1 \plus \vv_0 \smult s_0 - \vv_0 \plus \vv_1 \smult s\suband
|
||||
- \vv_1 \smult s_0 \plus \vv_2 \smult s\suband - \vv_2 \smult s_1 - \vv_3 \smult s\suband}$
|
||||
\end{formulae}
|
||||
|
||||
This costs $3$ constraints for each of $84$ window lookups, plus $6$ constraints for
|
||||
|
|
|
|||
Loading…
Reference in New Issue