diff --git a/protocol/protocol.pdf b/protocol/protocol.pdf index 1fc752fc..cb22cc0b 100644 Binary files a/protocol/protocol.pdf and b/protocol/protocol.pdf differ diff --git a/protocol/protocol.tex b/protocol/protocol.tex index dfb3672a..cc82c0b4 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -175,8 +175,6 @@ \newcommand{\SHAOrig}{\term{SHA-256}} \newcommand{\cm}{\mathsf{cm}} \newcommand{\cmNew}[1]{\mathsf{{cm}^{new}_\mathnormal{#1}}} -\newcommand{\InternalHashK}{\mathsf{k}} -\newcommand{\InternalHash}{\mathsf{InternalH}} \newcommand{\Leading}[1]{\mathtt{Leading}_{#1}} \newcommand{\ReplacementCharacter}{\textsf{U+FFFD}} \newcommand{\CryptoBoxSeal}{\mathsf{crypto\_box\_seal}} @@ -477,41 +475,20 @@ of $\COMM{\CoinCommitS}$ does not use it. \subsubsection{Coin Commitments} The underlying $\Value$ and $\AuthPublic$ are blinded with $\CoinAddressRand$ -and $\CoinCommitRand$ using the collision-resistant hash function $\CRH$ in a -multi-layered process. The resulting hash $\cm = \CoinCommitment(\Coin{})$. - -\newsavebox{\ihbox} -\begin{lrbox}{\ihbox} -\begin{bytefield}[bitwidth=0.08em]{512} - \bitbox{256}{256 bit $\AuthPublic$} & - \bitbox{256}{256 bit $\CoinAddressRand$} -\end{bytefield} -\end{lrbox} - -\newsavebox{\ihkbox} -\begin{lrbox}{\ihkbox} -\begin{bytefield}[bitwidth=0.08em]{512} - \bitbox{384}{384 bit $\CoinCommitRand$} & - \bitbox{128}{$\Leading{128}(\InternalHash)$} -\end{bytefield} -\end{lrbox} +and $\CoinCommitRand$ using the collision-resistant hash function $\FullHash$. +The resulting hash $\cm = \CoinCommitment(\Coin{})$. \newsavebox{\cmbox} \begin{lrbox}{\cmbox} -\begin{bytefield}[bitwidth=0.08em]{512} - \bitbox{64}{64 bit $\Value$} & - \bitbox{192}{192 bit padding} & - \bitbox{256}{256 bit $\InternalHashK$} +\begin{bytefield}[bitwidth=0.045em]{832} + \bitbox{256}{256 bit $\AuthPublic$} & + \bitbox{96}{64 bit $\Value$} & + \bitbox{256}{256 bit $\CoinAddressRand$} + \bitbox{256}{256 bit $\CoinCommitRand$} & \end{bytefield} \end{lrbox} -\begin{equation*} -\begin{aligned} -\InternalHash &:= \CRHbox{\ihbox} \\ -\InternalHashK &:= \CRHbox{\ihkbox} \\ -\cm &:= \CRHbox{\cmbox} -\end{aligned} -\end{equation*} +$\cm := \FullHashbox{\cmbox}$ \subsubsection{Serial numbers} @@ -1185,13 +1162,13 @@ The raw encoding of a \coinPlaintext $(\AuthPublic, \Value, \CoinAddressRand, \CoinCommitRand, \Memo)$ consists of, in order: \begin{equation*} -\begin{bytefield}[bitwidth=0.03em]{1480} +\begin{bytefield}[bitwidth=0.032em]{1352} \changed{ \bitbox{88}{$\TransmitPlaintextVersionByte$}& \bitbox{256}{$\AuthPublic$ (32 bytes)}& &}\bitbox{168}{$\Value$ (8 bytes)} & \bitbox{256}{$\CoinAddressRand$ (32 bytes)} & - \bitbox{384}{$\CoinCommitRand$ (48 bytes)} & + \bitbox{256}{$\CoinCommitRand$ (32 bytes)} & \changed{\bitbox{512}{$\Memo$ (64 bytes)}} \end{bytefield} \end{equation*} @@ -1204,7 +1181,7 @@ encoding of a \coinPlaintext. } \item 8 bytes specifying a big-endian encoding of $\Value$. \item 32 bytes specifying $\CoinAddressRand$. - \item 48 bytes specifying $\CoinCommitRand$. + \item 32 bytes specifying $\CoinCommitRand$. \changed{ \item 64 bytes specifying $\Memo$. }