diff --git a/zip-0212.html b/zip-0212.html index 9bf760f2..ca8178b5 100644 --- a/zip-0212.html +++ b/zip-0212.html @@ -207,7 +207,14 @@ License: MIT ) this would lead to an instance of key-dependent encryption, which is difficult or perhaps impossible to prove secure using existing security notions. Our approach of using a key derivation, which ultimately queries an oracle, allows a proof for IND-CCA2 security to be written by reprogramming the oracle to return bogus keys when necessary.

Reference Implementation

-

TBD

+

In zcashd:

+ +

In librustzcash:

+

Acknowledgements

The discovery that diversified address unlinkability depended on the zk-SNARK knowledge assumption was made by Sean Bowe and Zooko Wilcox.

diff --git a/zip-0212.rst b/zip-0212.rst index 627fea57..a86a239a 100644 --- a/zip-0212.rst +++ b/zip-0212.rst @@ -253,10 +253,18 @@ existing security notions. Our approach of using a key derivation, which ultimately queries an oracle, allows a proof for IND-CCA2 security to be written by reprogramming the oracle to return bogus keys when necessary. + Reference Implementation ======================== -TBD +In zcashd: + +* https://github.com/zcash/zcash/pull/4578 + +In librustzcash: + +* https://github.com/zcash/librustzcash/pull/258 + Acknowledgements ================ @@ -264,6 +272,7 @@ Acknowledgements The discovery that diversified address unlinkability depended on the zk-SNARK knowledge assumption was made by Sean Bowe and Zooko Wilcox. + References ==========