From cf0c5a47e6af55e4f46e35d8af6884bdc754e8fe Mon Sep 17 00:00:00 2001 From: Daira Hopwood Date: Tue, 6 Mar 2018 22:49:54 +0000 Subject: [PATCH] Update Merkle hashes, add unused layer argument to MerkleHash^Sprout. Signed-off-by: Daira Hopwood --- protocol/protocol.tex | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/protocol/protocol.tex b/protocol/protocol.tex index 57d48fca..5c663ce9 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -159,7 +159,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\lrarrow}{\texorpdfstring{$\leftrightarrow$}{↔}} -% Using the astral plane character 𝕊 works, but triggers bugs in PDF readers 😛 +% Using the astral plane character 𝕊 works, but triggers bugs in PDF readers 😛 \newcommand{\rS}{\texorpdfstring{$\ParamS{r}$}{rS}} % @@ -2193,7 +2193,9 @@ The functions $\MerkleCRHSprout \typecolon \MerkleLayerSprout \times \MerkleHash $\MerkleCRHSapling \typecolon \MerkleLayerSapling \times \MerkleHashSapling \times \MerkleHashSapling \rightarrow \MerkleHashSapling$ } -are collision-resistant \hashFunctions used in \crossref{merklepath}. +are \hashFunctions used in \crossref{merklepath}. +\sapling{$\MerkleCRHSapling$ is collision-resistant on all its arguments, and} +$\MerkleCRHSprout$ is collision-resistant except on its first argument. Both of these functions are instantiated in \crossref{merklecrh}. } @@ -3395,7 +3397,7 @@ $\scalarmult{\PRFnr{\AuthProvePublic}(\NoteAddressRand)}{\scalarmult{8}{\AuthSig A valid instance of $\ProofJoinSplit$ assures that given a \term{primary input}: \begin{formulae} - \item $(\rt \typecolon \MerkleHash,\\ + \item $(\rt \typecolon \MerkleHashSprout,\\ \hparen\nfOld{\allOld} \typecolon \typeexp{\PRFOutput}{\NOld},\vspace{0.4ex}\\ \hparen\cmNew{\allNew} \typecolon \typeexp{\NoteCommitSproutOutput}{\NNew},\vspace{0.8ex}\\ \hparen\changed{\vpubOld \typecolon \range{0}{2^{64}-1},}\vspace{0.4ex}\\ @@ -3408,7 +3410,8 @@ A valid instance of $\ProofJoinSplit$ assures that given a \term{primary input}: the prover knows an \term{auxiliary input}: \begin{formulae} - \item $(\treepath{\allOld} \typecolon \typeexp{\typeexp{\MerkleHash}{\MerkleDepth}}{\NOld},\\ + \item $(\treepath{\allOld} \typecolon \typeexp{\typeexp{\MerkleHashSprout}{\MerkleDepthSprout} + \times \NotePositionTypeSprout}{\NOld},\\ \hparen\nOld{\allOld} \typecolon \typeexp{\NoteTypeSprout}{\NOld},\\ \hparen\AuthPrivateOld{\allOld} \typecolon \typeexp{\bitseq{\AuthPrivateLength}}{\NOld},\\ \hparen\nNew{\allNew} \typecolon \typeexp{\NoteTypeSprout}{\NNew}\changed{,}\vspace{0.8ex}\\ @@ -3938,7 +3941,8 @@ $\MerkleCRHSapling \typecolon \MerkleLayerSapling \times \MerkleHashSapling \tim \begin{formulae} \item $\MerkleCRHSapling(\mathsf{layer}, \mathsf{left}, \mathsf{right}) := \PedersenHash(\ascii{Zcash\_PH}, - \ItoLEBSP{6}(\mathsf{layer}) \bconcat \mathsf{left} \bconcat \mathsf{right})$. + l \bconcat \mathsf{left} \bconcat \mathsf{right})$ + \item \tab where $l = \ItoLEBSP{6}(\MerkleDepthSapling - 1 - \mathsf{layer})$. \end{formulae} \vspace{-2ex}