mirror of https://github.com/zcash/zips.git
Clarification of another difference from crypto_box_seal.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
0329a2e768
commit
e30bd3e555
Binary file not shown.
|
@ -391,7 +391,9 @@ This is a variation on the $\CryptoBoxSeal$ algorithm defined in libsodium
|
|||
\cite{cryptoboxseal}, but with a single ephemeral key used for all encryptions in a
|
||||
given \PourDescription, and with the nonce for each ciphertext component depending
|
||||
on the index $i$. Also, $\CryptoBoxSealHash$ (the full hash, not the compression
|
||||
function) is used instead of $\mathsf{blake2b}$.
|
||||
function) is used instead of $\mathsf{blake2b}$. The particular nonce construction
|
||||
is chosen so that a known-nonce distinguisher for $\mathsf{Salsa20}$ would not
|
||||
directly lead to a break of the IK-CCA (key privacy) property.
|
||||
|
||||
\subsubsection{Coin Commitments}
|
||||
|
||||
|
|
Loading…
Reference in New Issue