zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Improve explanation of diversifier sequence choice

This commit is contained in:
Ariel 2018-09-20 12:11:13 +03:00 committed by GitHub
parent 888681c0b0
commit cb1e663836
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
zip-0032.rst
View File

@ -228,8 +228,8 @@ CDKfvk((*ak*\ :sub:`par`\ , *nk*\ :sub:`par`\ , *ovk*\ :sub:`par`\ , *dk*\ :sub:
Diversifier derivation
----------------------
The 88-bit diversifiers for a Sapling extended key are derived from its diversifier key *dk*.
In order to reach the maximum possible diversifier range without running into the birthday bound, we use
The 88-bit diversifiers for a Sapling extended key are derived from its diversifier key *dk*. To prevent the diversifier leaking how many diversified addresses have already been generated for an account; we make the sequence of diversifiers pseudorandom and uncorrelated to that of any other account.
In order to reach the maximum possible diversifier range without running into repetitions due to the birthday bound, we use
FF1-AES256 as a Pseudo-Random Permutation as follows:
- Let *j* be the index of the desired diversifier, in the range 0 .. 2\ :sup:`88`\ -1.