mirror of https://github.com/zcash/zips.git
Ensure \AuthSignBase (\mathcal{G}) is defined where used.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
df02fcf9ac
commit
d236700a8d
|
@ -4280,8 +4280,6 @@ The technique of checking signatures using a public key derived from a sum of
|
||||||
\sapling{
|
\sapling{
|
||||||
\subsection{\SpendAuthSignature} \label{spendauthsig}
|
\subsection{\SpendAuthSignature} \label{spendauthsig}
|
||||||
|
|
||||||
Let $\AuthSignBase$ be as defined in \crossref{saplingkeycomponents}.
|
|
||||||
|
|
||||||
$\SpendAuthSig$ is used in \Sapling to prove knowledge of the \spendingKey authorizing
|
$\SpendAuthSig$ is used in \Sapling to prove knowledge of the \spendingKey authorizing
|
||||||
spending of an input \note.
|
spending of an input \note.
|
||||||
|
|
||||||
|
@ -4569,8 +4567,8 @@ For details of the form and encoding of \spendStatement proofs, see \crossref{gr
|
||||||
\item In the Merkle path validity check, each \merkleLayer does \emph{not} check that its
|
\item In the Merkle path validity check, each \merkleLayer does \emph{not} check that its
|
||||||
input bit sequence is a canonical encoding (in $\range{0}{\ParamJ{r}-1}$) of the integer
|
input bit sequence is a canonical encoding (in $\range{0}{\ParamJ{r}-1}$) of the integer
|
||||||
from the previous \merkleLayer.
|
from the previous \merkleLayer.
|
||||||
\item $\SpendAuthSigRandomizePublic(\AuthSignRandomizer, \AuthSignPublic) = \AuthSignPublic + \scalarmult{\AuthSignRandomizer}{\AuthSignBase}$
|
\item $\SpendAuthSigRandomizePublic(\AuthSignRandomizer, \AuthSignPublic) = \AuthSignPublic + \scalarmult{\AuthSignRandomizer}{\AuthSignBase}$.
|
||||||
where $\AuthSignBase$ is defined in \crossref{saplingkeycomponents}.
|
($\AuthSignBase$ is as defined in \crossref{concretespendauthsig}.)
|
||||||
\end{pnotes}
|
\end{pnotes}
|
||||||
} %sapling
|
} %sapling
|
||||||
|
|
||||||
|
@ -6175,7 +6173,7 @@ $\BindingSig$ and $\SpendAuthSig$.
|
||||||
|
|
||||||
Let $\RedJubjub$ be as defined in \crossref{concreteredjubjub}.
|
Let $\RedJubjub$ be as defined in \crossref{concreteredjubjub}.
|
||||||
|
|
||||||
Let $\AuthSignBase$ be as defined in \crossref{saplingkeycomponents}.
|
Let $\AuthSignBase = \FindGroupJHashOf{\ascii{Zcash\_G\_}, \ascii{}}$.
|
||||||
|
|
||||||
$\SpendAuthSig$ is instantiated as $\RedJubjub$ with key re-randomization, and
|
$\SpendAuthSig$ is instantiated as $\RedJubjub$ with key re-randomization, and
|
||||||
with generator $\GenG{} = \AuthSignBase$.
|
with generator $\GenG{} = \AuthSignBase$.
|
||||||
|
@ -8992,6 +8990,7 @@ found by Brian Warner.
|
||||||
\item Fix the description of the \balancingValue in \crossref{saplingbalance}.
|
\item Fix the description of the \balancingValue in \crossref{saplingbalance}.
|
||||||
\item Correct a type error in \crossref{concretegrouphashjubjub}.
|
\item Correct a type error in \crossref{concretegrouphashjubjub}.
|
||||||
\item Correct a type error in $\RedDSASign{}$ in \crossref{concreteredjubjub}.
|
\item Correct a type error in $\RedDSASign{}$ in \crossref{concreteredjubjub}.
|
||||||
|
\item Ensure $\AuthSignBase$ is defined in \crossref{concretespendauthsig}.
|
||||||
\item Make the public key prefix part of the input to the \hashFunction in $\RedDSA$,
|
\item Make the public key prefix part of the input to the \hashFunction in $\RedDSA$,
|
||||||
not part of the message.
|
not part of the message.
|
||||||
\item Change terminology describing constraint systems.
|
\item Change terminology describing constraint systems.
|
||||||
|
|
Loading…
Reference in New Issue