mirror of https://github.com/zcash/zips.git
Switch from blake2b to SHA-256 for nonce computations.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
3d56cf291a
commit
d8cf2eae83
|
@ -108,7 +108,7 @@
|
|||
\newcommand{\TransmitDecrypt}[1]{\mathsf{Decrypt}_{#1}}
|
||||
\newcommand{\CRH}{\mathsf{CRH}}
|
||||
\newcommand{\CRHbox}[1]{\CRH\left(\;\raisebox{-1.3ex}{\usebox{#1}}\;\right)}
|
||||
\newcommand{\CryptoBoxSealHash}{\mathsf{blake2b}}
|
||||
\newcommand{\CryptoBoxSealHash}{\mathtt{SHA256}}
|
||||
\newcommand{\CryptoBoxSealHashbox}[1]{\CryptoBoxSealHash\left(\;\raisebox{-1.3ex}{\usebox{#1}}\;\right)}
|
||||
\newcommand{\PRF}[2]{\mathsf{{PRF}^{#2}_\mathnormal{#1}}}
|
||||
\newcommand{\PRFaddr}[1]{\PRF{#1}{addr}}
|
||||
|
@ -216,6 +216,7 @@ the leading (initial) $k$ bits of its input.
|
|||
$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function
|
||||
is used which takes a 512-bit block and produces a 256-bit hash. This is
|
||||
different from the $\SHAOrig$ function, which hashes arbitrary-length strings.
|
||||
\cite{sha256}
|
||||
|
||||
$\PRF{x}{}$ is a pseudo-random function seeded by $x$. Three \emph{independent}
|
||||
$\PRF{x}{}$ are needed in our scheme: $\PRFaddr{x}$, $\PRFsn{x}$, and $\PRFpk{x}$.
|
||||
|
@ -369,10 +370,11 @@ ciphertext component as follows:
|
|||
Any ciphertext components that fail to decrypt with a given recipient's private key
|
||||
will be ignored.
|
||||
|
||||
(This is a variation on the $\CryptoBoxSeal$ algorithm defined in libsodium
|
||||
This is a variation on the $\CryptoBoxSeal$ algorithm defined in libsodium
|
||||
\cite{cryptoboxseal}, but with a single ephemeral key used for all encryptions in a
|
||||
given \PourDescription, and with the nonce for each ciphertext component depending
|
||||
on the index $i$.)
|
||||
on the index $i$. Also, $\CryptoBoxSealHash$ (the full hash, not the compression
|
||||
function) is used instead of $\mathsf{blake2b}$.
|
||||
|
||||
\subparagraph{Coin Commitments}
|
||||
|
||||
|
|
|
@ -39,3 +39,12 @@
|
|||
howpublished={\url{https://download.libsodium.org/doc/public-key_cryptography/sealed_boxes.html}},
|
||||
note={Accessed: 2016-02-01}
|
||||
}
|
||||
|
||||
@misc{sha256,
|
||||
author={NIST},
|
||||
title={{FIPS} 180-4: Secure {H}ash {S}tandard ({SHS})},
|
||||
month={August},
|
||||
year={2015},
|
||||
note={DOI: 10.6028/NIST.FIPS.180-4},
|
||||
howpublished={\url{http://csrc.nist.gov/publications/PubsFIPS.html#180-4}}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue