From dcd929291a9f124cb3d3992f66c34c5be8d46b01 Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Wed, 18 Jul 2018 05:38:30 +0100
Subject: [PATCH] Add note about the nonsmall-order check on rk.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 protocol/protocol.tex | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index e2d693d8..1e69ce37 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -3893,6 +3893,9 @@ where
         using $\AuthSignRandomizedPublic$ as the public key ---
         i.e.\ $\SpendAuthSigVerify{\AuthSignRandomizedPublic}(\SigHash, \spendAuthSig) = 1$.
 \end{consensusrules}
+
+\nnote{The check that $\AuthSignRandomizedPublic$ is not of small order is technically redundant with
+a check in the \spendCircuit, but it is simple and cheap to also check this outside the circuit.}
 } %sapling
 
 
@@ -9536,6 +9539,16 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
 \intropart
 \section{Change History}
 
+\subparagraph{2018.0-beta-22}
+
+\begin{itemize}
+    \item No changes to \Sprout.
+\sapling{
+    \item Add a note about redundancy in the nonsmall-order checking of $\AuthSignRandomizedPublic$.
+} %sapling
+\end{itemize}
+
+\introlist
 \subparagraph{2018.0-beta-21}
 
 \begin{itemize}