From cec980b00474dba783349926377c795ccee7eece Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Thu, 22 Apr 2021 22:23:41 +0100
Subject: [PATCH] Correct minimum length.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 zip-0316.html | 10 +++++-----
 zip-0316.rst  | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/zip-0316.html b/zip-0316.html
index a08507ee..96f82c99 100644
--- a/zip-0316.html
+++ b/zip-0316.html
@@ -275,7 +275,7 @@ c^{n+m}}{q}\)</span>
                      of length
                         <span class="math">\(\ell_M\)</span>
                      bytes such that
-                        <span class="math">\(22 \leq \ell_M \leq 16448\)</span>
+                        <span class="math">\(48 \leq \ell_M \leq 16448\)</span>
                     , define
                         <span class="math">\(\mathsf{F4Jumble}(M)\)</span>
                      by:</p>
@@ -343,14 +343,14 @@ c^{n+m}}{q}\)</span>
                         <span class="math">\(128\)</span>
                      bytes.)</p>
                 </section>
-                <section id="usage-for-unified-addresses"><h4><span class="section-heading">Usage for Unified Addresses</span><span class="section-anchor"> <a rel="bookmark" href="#usage-for-unified-addresses"><img width="24" height="24" src="assets/images/section-anchor.png" alt=""></a></span></h4>
-                    <p>In order to prevent the generic attack against nonmalleability, there needs to be some redundancy in the encoding. Therefore, the Producer of a Unified Address appends 16 zero bytes to the encoding of the sequence of (Typecode, length, addr), then applies
+                <section id="usage-for-unified-addresses-ufvks-and-uivks"><h4><span class="section-heading">Usage for Unified Addresses, UFVKs, and UIVKs</span><span class="section-anchor"> <a rel="bookmark" href="#usage-for-unified-addresses-ufvks-and-uivks"><img width="24" height="24" src="assets/images/section-anchor.png" alt=""></a></span></h4>
+                    <p>In order to prevent the generic attack against nonmalleability, there needs to be some redundancy in the encoding. Therefore, the Producer of a Unified Address, UFVK, or UIVK appends 16 zero bytes to the raw encoding, then applies
                         <span class="math">\(\mathsf{F4Jumble}\)</span>
                      before encoding the result with Bech32m.</p>
-                    <p>The Sender rejects any Bech32m-decoded byte sequence that is less than 22 bytes or greater than 16448 bytes; otherwise it applies
+                    <p>The Sender rejects any Bech32m-decoded byte sequence that is less than 48 bytes or greater than 16448 bytes; otherwise it applies
                         <span class="math">\(\mathsf{F4Jumble}^{-1}\)</span>
                     . It rejects any result that does not end in 16 zero bytes, before stripping these 16 bytes and parsing the result.</p>
-                    <p>(22 bytes is the minimum size of a valid encoded Address sequence, corresponding to just a Transparent Address, and 16448 bytes is the largest input/output size supported by
+                    <p>(48 bytes is the minimum size of a valid UA, UFVK, or UIVK raw encoding plus 16 zero bytes, corresponding to a single Sapling Incoming Viewing Key. 16448 bytes is the largest input/output size supported by
                         <span class="math">\(\mathsf{F4Jumble}\)</span>
                     .)</p>
                 </section>
diff --git a/zip-0316.rst b/zip-0316.rst
index 64b3169c..bfaac1de 100644
--- a/zip-0316.rst
+++ b/zip-0316.rst
@@ -449,7 +449,7 @@ length :math:`\ell_H` bytes. Let :math:`G_i` be a XOF (a hash function with
 extendable output length) based on :math:`H`, personalized by :math:`i`.
 
 Given input :math:`M` of length :math:`\ell_M` bytes such that
-:math:`22 \leq \ell_M \leq 16448`, define :math:`\mathsf{F4Jumble}(M)`
+:math:`48 \leq \ell_M \leq 16448`, define :math:`\mathsf{F4Jumble}(M)`
 by:
 
 * let :math:`\ell_L = \mathsf{min}(\ell_H, \mathsf{floor}(\ell_M/2))`
@@ -482,23 +482,23 @@ concatenation of
 (In practice the lengths :math:`\ell_L` and :math:`\ell_R` will be roughly
 the same until :math:`\ell_M` is larger than :math:`128` bytes.)
 
-Usage for Unified Addresses
-'''''''''''''''''''''''''''
+Usage for Unified Addresses, UFVKs, and UIVKs
+'''''''''''''''''''''''''''''''''''''''''''''
 
 In order to prevent the generic attack against nonmalleability, there
 needs to be some redundancy in the encoding. Therefore, the Producer of
-a Unified Address appends 16 zero bytes to the encoding of the sequence
-of (Typecode, length, addr), then applies :math:`\mathsf{F4Jumble}`
-before encoding the result with Bech32m.
+a Unified Address, UFVK, or UIVK appends 16 zero bytes to the raw encoding,
+then applies :math:`\mathsf{F4Jumble}` before encoding the result with
+Bech32m.
 
 The Sender rejects any Bech32m-decoded byte sequence that is less than
-22 bytes or greater than 16448 bytes; otherwise it applies
+48 bytes or greater than 16448 bytes; otherwise it applies
 :math:`\mathsf{F4Jumble}^{-1}`. It rejects any result that does not end
 in 16 zero bytes, before stripping these 16 bytes and parsing the result.
 
-(22 bytes is the minimum size of a valid encoded Address sequence,
-corresponding to just a Transparent Address, and 16448 bytes is the largest
-input/output size supported by :math:`\mathsf{F4Jumble}`.)
+(48 bytes is the minimum size of a valid UA, UFVK, or UIVK raw encoding
+plus 16 zero bytes, corresponding to a single Sapling Incoming Viewing Key.
+16448 bytes is the largest input/output size supported by :math:`\mathsf{F4Jumble}`.)
 
 Heuristic analysis
 ''''''''''''''''''