From cec980b00474dba783349926377c795ccee7eece Mon Sep 17 00:00:00 2001
From: Daira Hopwood
Date: Thu, 22 Apr 2021 22:23:41 +0100
Subject: [PATCH] Correct minimum length.
Signed-off-by: Daira Hopwood
---
zip-0316.html | 10 +++++-----
zip-0316.rst | 20 ++++++++++----------
2 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/zip-0316.html b/zip-0316.html
index a08507ee..96f82c99 100644
--- a/zip-0316.html
+++ b/zip-0316.html
@@ -275,7 +275,7 @@ c^{n+m}}{q}\)
of length
\(\ell_M\)
bytes such that
- \(22 \leq \ell_M \leq 16448\)
+ \(48 \leq \ell_M \leq 16448\)
, define
\(\mathsf{F4Jumble}(M)\)
by:
@@ -343,14 +343,14 @@ c^{n+m}}{q}\)
Usage for Unified Addresses
- In order to prevent the generic attack against nonmalleability, there needs to be some redundancy in the encoding. Therefore, the Producer of a Unified Address appends 16 zero bytes to the encoding of the sequence of (Typecode, length, addr), then applies
+ Usage for Unified Addresses, UFVKs, and UIVKs
+ In order to prevent the generic attack against nonmalleability, there needs to be some redundancy in the encoding. Therefore, the Producer of a Unified Address, UFVK, or UIVK appends 16 zero bytes to the raw encoding, then applies
\(\mathsf{F4Jumble}\)
before encoding the result with Bech32m.
- The Sender rejects any Bech32m-decoded byte sequence that is less than 22 bytes or greater than 16448 bytes; otherwise it applies
+
The Sender rejects any Bech32m-decoded byte sequence that is less than 48 bytes or greater than 16448 bytes; otherwise it applies
\(\mathsf{F4Jumble}^{-1}\)
. It rejects any result that does not end in 16 zero bytes, before stripping these 16 bytes and parsing the result.
- (22 bytes is the minimum size of a valid encoded Address sequence, corresponding to just a Transparent Address, and 16448 bytes is the largest input/output size supported by
+
(48 bytes is the minimum size of a valid UA, UFVK, or UIVK raw encoding plus 16 zero bytes, corresponding to a single Sapling Incoming Viewing Key. 16448 bytes is the largest input/output size supported by
\(\mathsf{F4Jumble}\)
.)
diff --git a/zip-0316.rst b/zip-0316.rst
index 64b3169c..bfaac1de 100644
--- a/zip-0316.rst
+++ b/zip-0316.rst
@@ -449,7 +449,7 @@ length :math:`\ell_H` bytes. Let :math:`G_i` be a XOF (a hash function with
extendable output length) based on :math:`H`, personalized by :math:`i`.
Given input :math:`M` of length :math:`\ell_M` bytes such that
-:math:`22 \leq \ell_M \leq 16448`, define :math:`\mathsf{F4Jumble}(M)`
+:math:`48 \leq \ell_M \leq 16448`, define :math:`\mathsf{F4Jumble}(M)`
by:
* let :math:`\ell_L = \mathsf{min}(\ell_H, \mathsf{floor}(\ell_M/2))`
@@ -482,23 +482,23 @@ concatenation of
(In practice the lengths :math:`\ell_L` and :math:`\ell_R` will be roughly
the same until :math:`\ell_M` is larger than :math:`128` bytes.)
-Usage for Unified Addresses
-'''''''''''''''''''''''''''
+Usage for Unified Addresses, UFVKs, and UIVKs
+'''''''''''''''''''''''''''''''''''''''''''''
In order to prevent the generic attack against nonmalleability, there
needs to be some redundancy in the encoding. Therefore, the Producer of
-a Unified Address appends 16 zero bytes to the encoding of the sequence
-of (Typecode, length, addr), then applies :math:`\mathsf{F4Jumble}`
-before encoding the result with Bech32m.
+a Unified Address, UFVK, or UIVK appends 16 zero bytes to the raw encoding,
+then applies :math:`\mathsf{F4Jumble}` before encoding the result with
+Bech32m.
The Sender rejects any Bech32m-decoded byte sequence that is less than
-22 bytes or greater than 16448 bytes; otherwise it applies
+48 bytes or greater than 16448 bytes; otherwise it applies
:math:`\mathsf{F4Jumble}^{-1}`. It rejects any result that does not end
in 16 zero bytes, before stripping these 16 bytes and parsing the result.
-(22 bytes is the minimum size of a valid encoded Address sequence,
-corresponding to just a Transparent Address, and 16448 bytes is the largest
-input/output size supported by :math:`\mathsf{F4Jumble}`.)
+(48 bytes is the minimum size of a valid UA, UFVK, or UIVK raw encoding
+plus 16 zero bytes, corresponding to a single Sapling Incoming Viewing Key.
+16448 bytes is the largest input/output size supported by :math:`\mathsf{F4Jumble}`.)
Heuristic analysis
''''''''''''''''''