Merge branch '738.fix-internalh-collision.0' into 406.viewing-keys.1

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -175,8 +175,6 @@
 \newcommand{\SHAOrig}{\term{SHA-256}}
 \newcommand{\cm}{\mathsf{cm}}
 \newcommand{\cmNew}[1]{\mathsf{{cm}^{new}_\mathnormal{#1}}}
-\newcommand{\InternalHashK}{\mathsf{k}}
-\newcommand{\InternalHash}{\mathsf{InternalH}}
 \newcommand{\Leading}[1]{\mathtt{Leading}_{#1}}
 \newcommand{\ReplacementCharacter}{\textsf{U+FFFD}}
 \newcommand{\CryptoBoxSeal}{\mathsf{crypto\_box\_seal}}
@@ -477,41 +475,20 @@ of $\COMM{\CoinCommitS}$ does not use it.
 \subsubsection{Coin Commitments}
 
 The underlying $\Value$ and $\AuthPublic$ are blinded with $\CoinAddressRand$
-and $\CoinCommitRand$ using the collision-resistant hash function $\CRH$ in a
-multi-layered process. The resulting hash $\cm = \CoinCommitment(\Coin{})$.
-
-\newsavebox{\ihbox}
-\begin{lrbox}{\ihbox}
-\begin{bytefield}[bitwidth=0.08em]{512}
-	\bitbox{256}{256 bit $\AuthPublic$} &
-	\bitbox{256}{256 bit $\CoinAddressRand$}
-\end{bytefield}
-\end{lrbox}
-
-\newsavebox{\ihkbox}
-\begin{lrbox}{\ihkbox}
-\begin{bytefield}[bitwidth=0.08em]{512}
-	\bitbox{384}{384 bit $\CoinCommitRand$} &
-	\bitbox{128}{$\Leading{128}(\InternalHash)$}
-\end{bytefield}
-\end{lrbox}
+and $\CoinCommitRand$ using the collision-resistant hash function $\FullHash$.
+The resulting hash $\cm = \CoinCommitment(\Coin{})$.
 
 \newsavebox{\cmbox}
 \begin{lrbox}{\cmbox}
-\begin{bytefield}[bitwidth=0.08em]{512}
-	\bitbox{64}{64 bit $\Value$} &
-	\bitbox{192}{192 bit padding} &
-	\bitbox{256}{256 bit $\InternalHashK$}
+\begin{bytefield}[bitwidth=0.045em]{832}
+	\bitbox{256}{256 bit $\AuthPublic$} &
+	\bitbox{96}{64 bit $\Value$} &
+	\bitbox{256}{256 bit $\CoinAddressRand$}
+	\bitbox{256}{256 bit $\CoinCommitRand$} &
 \end{bytefield}
 \end{lrbox}
 
-\begin{equation*}
-\begin{aligned}
-\InternalHash  &:= \CRHbox{\ihbox}  \\
-\InternalHashK &:= \CRHbox{\ihkbox} \\
-\cm            &:= \CRHbox{\cmbox}
-\end{aligned}
-\end{equation*}
+$\cm := \FullHashbox{\cmbox}$
 
 \subsubsection{Serial numbers}
 
@@ -1185,13 +1162,13 @@ The raw encoding of a \coinPlaintext $(\AuthPublic, \Value, \CoinAddressRand,
 \CoinCommitRand, \Memo)$ consists of, in order:
 
 \begin{equation*}
-\begin{bytefield}[bitwidth=0.03em]{1480}
+\begin{bytefield}[bitwidth=0.032em]{1352}
 \changed{
     \bitbox{88}{$\TransmitPlaintextVersionByte$}&
     \bitbox{256}{$\AuthPublic$ (32 bytes)}&
   &}\bitbox{168}{$\Value$ (8 bytes)} &
     \bitbox{256}{$\CoinAddressRand$ (32 bytes)} &
-    \bitbox{384}{$\CoinCommitRand$ (48 bytes)} &
+    \bitbox{256}{$\CoinCommitRand$ (32 bytes)} &
     \changed{\bitbox{512}{$\Memo$ (64 bytes)}}
 \end{bytefield}
 \end{equation*}
@@ -1204,7 +1181,7 @@ encoding of a \coinPlaintext.
 }
     \item 8 bytes specifying a big-endian encoding of $\Value$.
     \item 32 bytes specifying $\CoinAddressRand$.
-    \item 48 bytes specifying $\CoinCommitRand$.
+    \item 32 bytes specifying $\CoinCommitRand$.
 \changed{
     \item 64 bytes specifying $\Memo$.
 }