mirror of https://github.com/zcash/zips.git
Correct the statement and proof of Theorem A.3.2.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
25b64382e4
commit
da7c6fe190
|
@ -9791,6 +9791,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
|
|||
\item Improved cross-referencing in \crossref{concretepedersenhash}.
|
||||
\item Clarify the notes concerning domain separation of prefixes in
|
||||
\crossref{saplingmerklecrh} and \crossref{concretesaplingnotecommit}.
|
||||
\item Correct the statement and proof of \theoremref{thmconversiontomontnoexcept}.
|
||||
\end{itemize}
|
||||
} %sapling
|
||||
\item Add the QED-it report to the acknowledgements.
|
||||
|
@ -11250,16 +11251,15 @@ enumerate all exceptional inputs that may violate the side-conditions.
|
|||
|
||||
\vspace{1ex}
|
||||
\begin{theorem} \label{thmconversiontomontnoexcept}
|
||||
Let $(u, \varv)$ be an affine point on a complete twisted Edwards curve.
|
||||
Then the only points with $u \neq 0$ or $\varv \neq 0$
|
||||
are $(0, 1) = \ZeroJ$; $(0, -1)$ of order $2$; and
|
||||
$\left(\pm\, 1/\!\ssqrt{\ParamJ{a}}, 0\right)$ of order $4$.
|
||||
Let $(u, \varv)$ be an affine point on a complete twisted Edwards curve $\Edwards{a,d}$.
|
||||
Then the only points with $u = 0$ or $1 - \varv = 0$ are $(0, 1) = \ZeroJ$, and
|
||||
$(0, -1)$ of order $2$.
|
||||
\end{theorem}
|
||||
|
||||
\begin{proof}
|
||||
Straightforward from the curve equation. (The fact that the points
|
||||
$\left(\pm\, 1/\!\ssqrt{\ParamJ{a}}, 0\right)$ are of order $4$
|
||||
can be inferred by applying the doubling formula.)
|
||||
The curve equation is $a \smult u^2 + \varv^2 = 1 + d \smult u^2 \smult \varv^2$
|
||||
with $a \neq d$ (see \cite[Definition 2.1]{BBJLP2008}). By substituting $u = 0$ we
|
||||
obtain $\varv = \pm 1$, and by substituting $\varv = 1$ and using $a \neq d$ we obtain $u = 0$.
|
||||
\end{proof}
|
||||
|
||||
\vspace{0.5ex}
|
||||
|
|
Loading…
Reference in New Issue