mirror of https://github.com/zcash/zips.git
Define how to derive diversifiers from Sapling extended keys
This commit is contained in:
parent
efd68a4474
commit
f07b6d2613
13
zip-0032.rst
13
zip-0032.rst
|
@ -177,6 +177,18 @@ CDKfvk((*ak*\ :sub:`par`\ , *nk*\ :sub:`par`\ , *ovk*\ :sub:`par`\ , *dk*\ :sub:
|
||||||
- *dk*\ :sub:`i` = truncate\ :sub:`32`\ (PRF\ :sup:`expand`\ (*I*\ :sub:`L`\ , [0x16] || *dk*\ :sub:`par`\ ))
|
- *dk*\ :sub:`i` = truncate\ :sub:`32`\ (PRF\ :sup:`expand`\ (*I*\ :sub:`L`\ , [0x16] || *dk*\ :sub:`par`\ ))
|
||||||
- *c*\ :sub:`i` = *I*\ :sub:`R`
|
- *c*\ :sub:`i` = *I*\ :sub:`R`
|
||||||
|
|
||||||
|
Diversifier derivation
|
||||||
|
----------------------
|
||||||
|
|
||||||
|
The 88-bit diversifiers for a Sapling extended key are derived from its diversifier key *dk*\ :sub:`i`\ . In
|
||||||
|
order to reach the maximum possible diversifier range without running into the birthday bound, we use the PRP
|
||||||
|
defined in [#diversifier-prp]_ as follows:
|
||||||
|
|
||||||
|
- Let *j* be the index of the desired diversifier.
|
||||||
|
- *d*\ :sub:`i,j` = PRP(*dk*\ :sub:`i`\ , I2LEOSP\ :sub:`88`\ (*j*))
|
||||||
|
|
||||||
|
The default diversifier for a Sapling extended key is defined to be *d*\ :sub:`i,0`\ .
|
||||||
|
|
||||||
|
|
||||||
Specification: Sprout key derivation
|
Specification: Sprout key derivation
|
||||||
====================================
|
====================================
|
||||||
|
@ -301,5 +313,6 @@ References
|
||||||
.. [#bip-0043] `BIP 43: Purpose Field for Deterministic Wallets <https://github.com/bitcoin/bips/blob/master/bip-0043.mediawiki>`_
|
.. [#bip-0043] `BIP 43: Purpose Field for Deterministic Wallets <https://github.com/bitcoin/bips/blob/master/bip-0043.mediawiki>`_
|
||||||
.. [#bip-0044] `BIP 44: Multi-Account Hierarchy for Deterministic Wallets <https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki>`_
|
.. [#bip-0044] `BIP 44: Multi-Account Hierarchy for Deterministic Wallets <https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki>`_
|
||||||
.. [#slip-0044] `SLIP 44: Registered coin types for BIP-0044 <https://github.com/satoshilabs/slips/blob/master/slip-0044.md>`_
|
.. [#slip-0044] `SLIP 44: Registered coin types for BIP-0044 <https://github.com/satoshilabs/slips/blob/master/slip-0044.md>`_
|
||||||
|
.. [#diversifier-prp] `TODO`_
|
||||||
.. [#sapling-spec] `Zcash Protocol Specification, Version 2018.0-beta-20 [Overwinter+Sapling] <https://github.com/zcash/zips/blob/master/protocol/sapling.pdf>`_
|
.. [#sapling-spec] `Zcash Protocol Specification, Version 2018.0-beta-20 [Overwinter+Sapling] <https://github.com/zcash/zips/blob/master/protocol/sapling.pdf>`_
|
||||||
.. [#sapling-key-components] `Section 4.2.2: Sapling Key Components. Zcash Protocol Specification, Version 2018.0-beta-20 [Overwinter+Sapling] <https://github.com/zcash/zips/blob/master/protocol/sapling.pdf>`_
|
.. [#sapling-key-components] `Section 4.2.2: Sapling Key Components. Zcash Protocol Specification, Version 2018.0-beta-20 [Overwinter+Sapling] <https://github.com/zcash/zips/blob/master/protocol/sapling.pdf>`_
|
||||||
|
|
Loading…
Reference in New Issue