zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Clarification of another difference from crypto_box_seal. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2016-02-07 21:55:20 +00:00
parent 0329a2e768
commit e30bd3e555
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
protocol/protocol.pdf
View File

Binary file not shown.

4
protocol/protocol.tex
View File

@ -391,7 +391,9 @@ This is a variation on the $\CryptoBoxSeal$ algorithm defined in libsodium
\cite{cryptoboxseal}, but with a single ephemeral key used for all encryptions in a
given \PourDescription, and with the nonce for each ciphertext component depending
on the index $i$. Also, $\CryptoBoxSealHash$ (the full hash, not the compression
function) is used instead of $\mathsf{blake2b}$.
function) is used instead of $\mathsf{blake2b}$. The particular nonce construction
is chosen so that a known-nonce distinguisher for $\mathsf{Salsa20}$ would not
directly lead to a break of the IK-CCA (key privacy) property.
\subsubsection{Coin Commitments}