zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update Merkle hashes, add unused layer argument to MerkleHash^Sprout. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2018-03-06 22:49:54 +00:00
parent 39780602bf
commit cf0c5a47e6
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
protocol/protocol.tex
View File

@ -159,7 +159,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\lrarrow}{\texorpdfstring{$\leftrightarrow$}{}}
% Using the astral plane character 𝕊 works, but triggers bugs in PDF readers 😛
% Using the astral plane character 𝕊 works, but triggers bugs in PDF readers 😛
\newcommand{\rS}{\texorpdfstring{$\ParamS{r}$}{rS}}
% <https://tex.stackexchange.com/a/309445/78411>
@ -2193,7 +2193,9 @@ The functions $\MerkleCRHSprout \typecolon \MerkleLayerSprout \times \MerkleHash
$\MerkleCRHSapling \typecolon \MerkleLayerSapling \times \MerkleHashSapling \times \MerkleHashSapling
\rightarrow \MerkleHashSapling$
}
are collision-resistant \hashFunctions used in \crossref{merklepath}.
are \hashFunctions used in \crossref{merklepath}.
\sapling{$\MerkleCRHSapling$ is collision-resistant on all its arguments, and}
$\MerkleCRHSprout$ is collision-resistant except on its first argument.
Both of these functions are instantiated in \crossref{merklecrh}.
}
@ -3395,7 +3397,7 @@ $\scalarmult{\PRFnr{\AuthProvePublic}(\NoteAddressRand)}{\scalarmult{8}{\AuthSig
A valid instance of $\ProofJoinSplit$ assures that given a \term{primary input}:
\begin{formulae}
\item $(\rt \typecolon \MerkleHash,\\
\item $(\rt \typecolon \MerkleHashSprout,\\
\hparen\nfOld{\allOld} \typecolon \typeexp{\PRFOutput}{\NOld},\vspace{0.4ex}\\
\hparen\cmNew{\allNew} \typecolon \typeexp{\NoteCommitSproutOutput}{\NNew},\vspace{0.8ex}\\
\hparen\changed{\vpubOld \typecolon \range{0}{2^{64}-1},}\vspace{0.4ex}\\
@ -3408,7 +3410,8 @@ A valid instance of $\ProofJoinSplit$ assures that given a \term{primary input}:
the prover knows an \term{auxiliary input}:
\begin{formulae}
\item $(\treepath{\allOld} \typecolon \typeexp{\typeexp{\MerkleHash}{\MerkleDepth}}{\NOld},\\
\item $(\treepath{\allOld} \typecolon \typeexp{\typeexp{\MerkleHashSprout}{\MerkleDepthSprout}
\times \NotePositionTypeSprout}{\NOld},\\
\hparen\nOld{\allOld} \typecolon \typeexp{\NoteTypeSprout}{\NOld},\\
\hparen\AuthPrivateOld{\allOld} \typecolon \typeexp{\bitseq{\AuthPrivateLength}}{\NOld},\\
\hparen\nNew{\allNew} \typecolon \typeexp{\NoteTypeSprout}{\NNew}\changed{,}\vspace{0.8ex}\\
@ -3938,7 +3941,8 @@ $\MerkleCRHSapling \typecolon \MerkleLayerSapling \times \MerkleHashSapling \tim
\begin{formulae}
\item $\MerkleCRHSapling(\mathsf{layer}, \mathsf{left}, \mathsf{right}) := \PedersenHash(\ascii{Zcash\_PH},
\ItoLEBSP{6}(\mathsf{layer}) \bconcat \mathsf{left} \bconcat \mathsf{right})$.
l \bconcat \mathsf{left} \bconcat \mathsf{right})$
\item \tab where $l = \ItoLEBSP{6}(\MerkleDepthSapling - 1 - \mathsf{layer})$.
\end{formulae}
\vspace{-2ex}