mirror of https://github.com/zcash/zips.git
Rename zk-SNARK Parameters sections according to the proving system.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
0d8430799c
commit
d18edb4abc
|
@ -578,8 +578,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
|
||||||
\newcommand{\verifyingKeys}{\term{verifying keys}}
|
\newcommand{\verifyingKeys}{\term{verifying keys}}
|
||||||
\newcommand{\zkVerifyingKeys}{\term{zero-knowledge verifying keys}}
|
\newcommand{\zkVerifyingKeys}{\term{zero-knowledge verifying keys}}
|
||||||
\newcommand{\joinSplitParameters}{\term{JoinSplit parameters}}
|
\newcommand{\joinSplitParameters}{\term{JoinSplit parameters}}
|
||||||
\newcommand{\SproutZKParameters}{\titleterm{\notsprout{\Sprout }zk-SNARK Parameters}}
|
\newcommand{\BCTVZKParameters}{\titleterm{BCTV14 zk-SNARK Parameters}}
|
||||||
\newcommand{\SaplingZKParameters}{\titleterm{\Sapling zk-SNARK Parameters}}
|
\newcommand{\GrothZKParameters}{\titleterm{Groth16 zk-SNARK Parameters}}
|
||||||
\newcommand{\rankOneConstraintSystem}{\term{Rank 1 Constraint System}}
|
\newcommand{\rankOneConstraintSystem}{\term{Rank 1 Constraint System}}
|
||||||
\newcommand{\primary}{\term{primary}}
|
\newcommand{\primary}{\term{primary}}
|
||||||
\newcommand{\primaryInput}{\term{primary input}}
|
\newcommand{\primaryInput}{\term{primary input}}
|
||||||
|
@ -3613,7 +3613,7 @@ $\JoinSplit$ refers to this \provingSystem with the $\BNCurve$ pairing,
|
||||||
specialized to the \joinSplitStatement given in \crossref{joinsplitstatement}.
|
specialized to the \joinSplitStatement given in \crossref{joinsplitstatement}.
|
||||||
In this case we omit the key subscripts on $\JoinSplitProve$ and $\JoinSplitVerify$,
|
In this case we omit the key subscripts on $\JoinSplitProve$ and $\JoinSplitVerify$,
|
||||||
taking them to be the particular \provingKey and \verifyingKey defined by the
|
taking them to be the particular \provingKey and \verifyingKey defined by the
|
||||||
\joinSplitParameters in \crossref{sproutparameters}.
|
\joinSplitParameters in \crossref{bctvparameters}.
|
||||||
} %sprout
|
} %sprout
|
||||||
\sapling{
|
\sapling{
|
||||||
\introlist
|
\introlist
|
||||||
|
@ -3637,17 +3637,17 @@ These specializations are: $\JoinSplit$ for the \Sprout
|
||||||
$\BLSCurve$); $\Spend$ for the \Sapling \spendStatement; and $\Output$
|
$\BLSCurve$); $\Spend$ for the \Sapling \spendStatement; and $\Output$
|
||||||
for the \Sapling \outputStatement.
|
for the \Sapling \outputStatement.
|
||||||
|
|
||||||
We omit the key subscripts on $\JoinSplitProve$ and
|
We omit key subscripts on $\JoinSplitProve$ and
|
||||||
$\JoinSplitVerify$, taking them to be either the $\BCTV$ \provingKey
|
$\JoinSplitVerify$, taking them to be either the $\BCTV$ \provingKey
|
||||||
and \verifyingKey defined in \crossref{sproutparameters}, or the
|
and \verifyingKey defined in \crossref{bctvparameters}, or the
|
||||||
\texttt{sprout-groth16.params} $\Groth$ \provingKey and \verifyingKey
|
\texttt{sprout-groth16.params} $\Groth$ \provingKey and \verifyingKey
|
||||||
defined in \crossref{saplingparameters}, according to whether the proof
|
defined in \crossref{grothparameters}, according to whether the proof
|
||||||
appears in a \block before or after \Sapling activation.
|
appears in a \block before or after \Sapling activation.
|
||||||
|
|
||||||
We also omit subscripts on $\SpendProve$,
|
We also omit subscripts on $\SpendProve$,
|
||||||
$\SpendVerify$, $\OutputProve$, and $\OutputVerify$, taking
|
$\SpendVerify$, $\OutputProve$, and $\OutputVerify$, taking
|
||||||
them to be the relevant $\Groth$ \provingKeys and
|
them to be the relevant $\Groth$ \provingKeys and
|
||||||
\verifyingKeys defined in \crossref{saplingparameters}.
|
\verifyingKeys defined in \crossref{grothparameters}.
|
||||||
} %sapling
|
} %sapling
|
||||||
|
|
||||||
|
|
||||||
|
@ -7601,7 +7601,7 @@ other details of the \provingSystem are beyond the scope of this protocol
|
||||||
document. For example, certain details of the translations of the \spendStatement and
|
document. For example, certain details of the translations of the \spendStatement and
|
||||||
\outputStatement to \quadraticArithmeticPrograms are not specified in this document.
|
\outputStatement to \quadraticArithmeticPrograms are not specified in this document.
|
||||||
In practice it will be necessary to use the specific proving and verification keys
|
In practice it will be necessary to use the specific proving and verification keys
|
||||||
generated for the \Zcash production \blockchain (see \crossref{saplingparameters}),
|
generated for the \Zcash production \blockchain (see \crossref{grothparameters}),
|
||||||
and a \provingSystem implementation that is interoperable with the \bellman
|
and a \provingSystem implementation that is interoperable with the \bellman
|
||||||
library used by \Zcash, to ensure compatibility.
|
library used by \Zcash, to ensure compatibility.
|
||||||
}
|
}
|
||||||
|
@ -8111,7 +8111,7 @@ For \spendingKeys on the test network, the \humanReadablePart is \ascii{secret-s
|
||||||
|
|
||||||
|
|
||||||
\introlist
|
\introlist
|
||||||
\subsection{\SproutZKParameters} \label{sproutparameters}
|
\subsection{\BCTVZKParameters} \label{bctvparameters}
|
||||||
|
|
||||||
For the \Zcash production \blockchain and testnet, the $\SHAFull$ hashes of the
|
For the \Zcash production \blockchain and testnet, the $\SHAFull$ hashes of the
|
||||||
\provingKey and \verifyingKey for the \SproutOrZcash \joinSplitCircuit, encoded in
|
\provingKey and \verifyingKey for the \SproutOrZcash \joinSplitCircuit, encoded in
|
||||||
|
@ -8129,7 +8129,7 @@ activation.}
|
||||||
|
|
||||||
\sapling{
|
\sapling{
|
||||||
\introsection
|
\introsection
|
||||||
\subsection{\SaplingZKParameters} \label{saplingparameters}
|
\subsection{\GrothZKParameters} \label{grothparameters}
|
||||||
|
|
||||||
\bellman \cite{Bowe-bellman} encodes the \provingKey and \verifyingKey for a
|
\bellman \cite{Bowe-bellman} encodes the \provingKey and \verifyingKey for a
|
||||||
\zkSNARKCircuit in a single parameters file. The $\BlakeTwob{512}$ hashes of this file
|
\zkSNARKCircuit in a single parameters file. The $\BlakeTwob{512}$ hashes of this file
|
||||||
|
@ -8157,7 +8157,7 @@ Let $\URS := \ascii{096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b4
|
||||||
|
|
||||||
This value is used in the definition of $\GroupJHash{}$ in \crossref{concretegrouphashjubjub},
|
This value is used in the definition of $\GroupJHash{}$ in \crossref{concretegrouphashjubjub},
|
||||||
and in the multi-party computation to obtain the \Sapling parameters given in
|
and in the multi-party computation to obtain the \Sapling parameters given in
|
||||||
\crossref{saplingparameters}.
|
\crossref{grothparameters}.
|
||||||
|
|
||||||
It is derived as described in \cite{Bowe2018}:
|
It is derived as described in \cite{Bowe2018}:
|
||||||
|
|
||||||
|
@ -9803,6 +9803,11 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item Correct [SBB2019] to \cite{SWB2019}.
|
\item Correct [SBB2019] to \cite{SWB2019}.
|
||||||
\item The $\BCTV$ vulnerability affected Soundness as well as Knowledge Soundness.
|
\item The $\BCTV$ vulnerability affected Soundness as well as Knowledge Soundness.
|
||||||
|
\sapling{
|
||||||
|
\item Rename zk-SNARK Parameters sections to be named according to the proving
|
||||||
|
system ($\BCTV$ or $\Groth$), not the shielded protocol construction
|
||||||
|
(\Sprout or \Sapling).
|
||||||
|
}
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
|
|
||||||
\introlist
|
\introlist
|
||||||
|
|
Loading…
Reference in New Issue