zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Rename zk-SNARK Parameters sections according to the proving system. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2019-02-08 22:59:38 +00:00
parent 0d8430799c
commit d18edb4abc
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
protocol/protocol.tex
View File

@ -578,8 +578,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\verifyingKeys}{\term{verifying keys}} \newcommand{\verifyingKeys}{\term{verifying keys}}
\newcommand{\zkVerifyingKeys}{\term{zero-knowledge verifying keys}} \newcommand{\zkVerifyingKeys}{\term{zero-knowledge verifying keys}}
\newcommand{\joinSplitParameters}{\term{JoinSplit parameters}} \newcommand{\joinSplitParameters}{\term{JoinSplit parameters}}
\newcommand{\SproutZKParameters}{\titleterm{\notsprout{\Sprout }zk-SNARK Parameters}} \newcommand{\BCTVZKParameters}{\titleterm{BCTV14 zk-SNARK Parameters}}
\newcommand{\SaplingZKParameters}{\titleterm{\Sapling zk-SNARK Parameters}} \newcommand{\GrothZKParameters}{\titleterm{Groth16 zk-SNARK Parameters}}
\newcommand{\rankOneConstraintSystem}{\term{Rank 1 Constraint System}} \newcommand{\rankOneConstraintSystem}{\term{Rank 1 Constraint System}}
\newcommand{\primary}{\term{primary}} \newcommand{\primary}{\term{primary}}
\newcommand{\primaryInput}{\term{primary input}} \newcommand{\primaryInput}{\term{primary input}}
@ -3613,7 +3613,7 @@ $\JoinSplit$ refers to this \provingSystem with the $\BNCurve$ pairing,
specialized to the \joinSplitStatement given in \crossref{joinsplitstatement}. specialized to the \joinSplitStatement given in \crossref{joinsplitstatement}.
In this case we omit the key subscripts on $\JoinSplitProve$ and $\JoinSplitVerify$, In this case we omit the key subscripts on $\JoinSplitProve$ and $\JoinSplitVerify$,
taking them to be the particular \provingKey and \verifyingKey defined by the taking them to be the particular \provingKey and \verifyingKey defined by the
\joinSplitParameters in \crossref{sproutparameters}. \joinSplitParameters in \crossref{bctvparameters}.
} %sprout } %sprout
\sapling{ \sapling{
\introlist \introlist
@ -3637,17 +3637,17 @@ These specializations are: $\JoinSplit$ for the \Sprout
$\BLSCurve$); $\Spend$ for the \Sapling \spendStatement; and $\Output$ $\BLSCurve$); $\Spend$ for the \Sapling \spendStatement; and $\Output$
for the \Sapling \outputStatement. for the \Sapling \outputStatement.
We omit the key subscripts on $\JoinSplitProve$ and We omit key subscripts on $\JoinSplitProve$ and
$\JoinSplitVerify$, taking them to be either the $\BCTV$ \provingKey $\JoinSplitVerify$, taking them to be either the $\BCTV$ \provingKey
and \verifyingKey defined in \crossref{sproutparameters}, or the and \verifyingKey defined in \crossref{bctvparameters}, or the
\texttt{sprout-groth16.params} $\Groth$ \provingKey and \verifyingKey \texttt{sprout-groth16.params} $\Groth$ \provingKey and \verifyingKey
defined in \crossref{saplingparameters}, according to whether the proof defined in \crossref{grothparameters}, according to whether the proof
appears in a \block before or after \Sapling activation. appears in a \block before or after \Sapling activation.
We also omit subscripts on $\SpendProve$, We also omit subscripts on $\SpendProve$,
$\SpendVerify$, $\OutputProve$, and $\OutputVerify$, taking $\SpendVerify$, $\OutputProve$, and $\OutputVerify$, taking
them to be the relevant $\Groth$ \provingKeys and them to be the relevant $\Groth$ \provingKeys and
\verifyingKeys defined in \crossref{saplingparameters}. \verifyingKeys defined in \crossref{grothparameters}.
} %sapling } %sapling
@ -7601,7 +7601,7 @@ other details of the \provingSystem are beyond the scope of this protocol
document. For example, certain details of the translations of the \spendStatement and document. For example, certain details of the translations of the \spendStatement and
\outputStatement to \quadraticArithmeticPrograms are not specified in this document. \outputStatement to \quadraticArithmeticPrograms are not specified in this document.
In practice it will be necessary to use the specific proving and verification keys In practice it will be necessary to use the specific proving and verification keys
generated for the \Zcash production \blockchain (see \crossref{saplingparameters}), generated for the \Zcash production \blockchain (see \crossref{grothparameters}),
and a \provingSystem implementation that is interoperable with the \bellman and a \provingSystem implementation that is interoperable with the \bellman
library used by \Zcash, to ensure compatibility. library used by \Zcash, to ensure compatibility.
} }
@ -8111,7 +8111,7 @@ For \spendingKeys on the test network, the \humanReadablePart is \ascii{secret-s
\introlist \introlist
\subsection{\SproutZKParameters} \label{sproutparameters} \subsection{\BCTVZKParameters} \label{bctvparameters}
For the \Zcash production \blockchain and testnet, the $\SHAFull$ hashes of the For the \Zcash production \blockchain and testnet, the $\SHAFull$ hashes of the
\provingKey and \verifyingKey for the \SproutOrZcash \joinSplitCircuit, encoded in \provingKey and \verifyingKey for the \SproutOrZcash \joinSplitCircuit, encoded in
@ -8129,7 +8129,7 @@ activation.}
\sapling{ \sapling{
\introsection \introsection
\subsection{\SaplingZKParameters} \label{saplingparameters} \subsection{\GrothZKParameters} \label{grothparameters}
\bellman \cite{Bowe-bellman} encodes the \provingKey and \verifyingKey for a \bellman \cite{Bowe-bellman} encodes the \provingKey and \verifyingKey for a
\zkSNARKCircuit in a single parameters file. The $\BlakeTwob{512}$ hashes of this file \zkSNARKCircuit in a single parameters file. The $\BlakeTwob{512}$ hashes of this file
@ -8157,7 +8157,7 @@ Let $\URS := \ascii{096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b4
This value is used in the definition of $\GroupJHash{}$ in \crossref{concretegrouphashjubjub}, This value is used in the definition of $\GroupJHash{}$ in \crossref{concretegrouphashjubjub},
and in the multi-party computation to obtain the \Sapling parameters given in and in the multi-party computation to obtain the \Sapling parameters given in
\crossref{saplingparameters}. \crossref{grothparameters}.
It is derived as described in \cite{Bowe2018}: It is derived as described in \cite{Bowe2018}:
@ -9803,6 +9803,11 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
\begin{itemize} \begin{itemize}
\item Correct [SBB2019] to \cite{SWB2019}. \item Correct [SBB2019] to \cite{SWB2019}.
\item The $\BCTV$ vulnerability affected Soundness as well as Knowledge Soundness. \item The $\BCTV$ vulnerability affected Soundness as well as Knowledge Soundness.
\sapling{
\item Rename zk-SNARK Parameters sections to be named according to the proving
system ($\BCTV$ or $\Groth$), not the shielded protocol construction
(\Sprout or \Sapling).
}
\end{itemize} \end{itemize}
\introlist \introlist