mirror of https://github.com/zcash/zips.git
Improve explanation of diversifier sequence choice
This commit is contained in:
parent
888681c0b0
commit
cb1e663836
|
@ -228,8 +228,8 @@ CDKfvk((*ak*\ :sub:`par`\ , *nk*\ :sub:`par`\ , *ovk*\ :sub:`par`\ , *dk*\ :sub:
|
||||||
Diversifier derivation
|
Diversifier derivation
|
||||||
----------------------
|
----------------------
|
||||||
|
|
||||||
The 88-bit diversifiers for a Sapling extended key are derived from its diversifier key *dk*.
|
The 88-bit diversifiers for a Sapling extended key are derived from its diversifier key *dk*. To prevent the diversifier leaking how many diversified addresses have already been generated for an account; we make the sequence of diversifiers pseudorandom and uncorrelated to that of any other account.
|
||||||
In order to reach the maximum possible diversifier range without running into the birthday bound, we use
|
In order to reach the maximum possible diversifier range without running into repetitions due to the birthday bound, we use
|
||||||
FF1-AES256 as a Pseudo-Random Permutation as follows:
|
FF1-AES256 as a Pseudo-Random Permutation as follows:
|
||||||
|
|
||||||
- Let *j* be the index of the desired diversifier, in the range 0 .. 2\ :sup:`88`\ -1.
|
- Let *j* be the index of the desired diversifier, in the range 0 .. 2\ :sup:`88`\ -1.
|
||||||
|
|
Loading…
Reference in New Issue