mirror of https://github.com/zcash/zips.git
Merge branch '738.fix-internalh-collision.0' into 406.viewing-keys.1
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
commit
f0c24c113e
Binary file not shown.
|
@ -175,8 +175,6 @@
|
||||||
\newcommand{\SHAOrig}{\term{SHA-256}}
|
\newcommand{\SHAOrig}{\term{SHA-256}}
|
||||||
\newcommand{\cm}{\mathsf{cm}}
|
\newcommand{\cm}{\mathsf{cm}}
|
||||||
\newcommand{\cmNew}[1]{\mathsf{{cm}^{new}_\mathnormal{#1}}}
|
\newcommand{\cmNew}[1]{\mathsf{{cm}^{new}_\mathnormal{#1}}}
|
||||||
\newcommand{\InternalHashK}{\mathsf{k}}
|
|
||||||
\newcommand{\InternalHash}{\mathsf{InternalH}}
|
|
||||||
\newcommand{\Leading}[1]{\mathtt{Leading}_{#1}}
|
\newcommand{\Leading}[1]{\mathtt{Leading}_{#1}}
|
||||||
\newcommand{\ReplacementCharacter}{\textsf{U+FFFD}}
|
\newcommand{\ReplacementCharacter}{\textsf{U+FFFD}}
|
||||||
\newcommand{\CryptoBoxSeal}{\mathsf{crypto\_box\_seal}}
|
\newcommand{\CryptoBoxSeal}{\mathsf{crypto\_box\_seal}}
|
||||||
|
@ -477,41 +475,20 @@ of $\COMM{\CoinCommitS}$ does not use it.
|
||||||
\subsubsection{Coin Commitments}
|
\subsubsection{Coin Commitments}
|
||||||
|
|
||||||
The underlying $\Value$ and $\AuthPublic$ are blinded with $\CoinAddressRand$
|
The underlying $\Value$ and $\AuthPublic$ are blinded with $\CoinAddressRand$
|
||||||
and $\CoinCommitRand$ using the collision-resistant hash function $\CRH$ in a
|
and $\CoinCommitRand$ using the collision-resistant hash function $\FullHash$.
|
||||||
multi-layered process. The resulting hash $\cm = \CoinCommitment(\Coin{})$.
|
The resulting hash $\cm = \CoinCommitment(\Coin{})$.
|
||||||
|
|
||||||
\newsavebox{\ihbox}
|
|
||||||
\begin{lrbox}{\ihbox}
|
|
||||||
\begin{bytefield}[bitwidth=0.08em]{512}
|
|
||||||
\bitbox{256}{256 bit $\AuthPublic$} &
|
|
||||||
\bitbox{256}{256 bit $\CoinAddressRand$}
|
|
||||||
\end{bytefield}
|
|
||||||
\end{lrbox}
|
|
||||||
|
|
||||||
\newsavebox{\ihkbox}
|
|
||||||
\begin{lrbox}{\ihkbox}
|
|
||||||
\begin{bytefield}[bitwidth=0.08em]{512}
|
|
||||||
\bitbox{384}{384 bit $\CoinCommitRand$} &
|
|
||||||
\bitbox{128}{$\Leading{128}(\InternalHash)$}
|
|
||||||
\end{bytefield}
|
|
||||||
\end{lrbox}
|
|
||||||
|
|
||||||
\newsavebox{\cmbox}
|
\newsavebox{\cmbox}
|
||||||
\begin{lrbox}{\cmbox}
|
\begin{lrbox}{\cmbox}
|
||||||
\begin{bytefield}[bitwidth=0.08em]{512}
|
\begin{bytefield}[bitwidth=0.045em]{832}
|
||||||
\bitbox{64}{64 bit $\Value$} &
|
\bitbox{256}{256 bit $\AuthPublic$} &
|
||||||
\bitbox{192}{192 bit padding} &
|
\bitbox{96}{64 bit $\Value$} &
|
||||||
\bitbox{256}{256 bit $\InternalHashK$}
|
\bitbox{256}{256 bit $\CoinAddressRand$}
|
||||||
|
\bitbox{256}{256 bit $\CoinCommitRand$} &
|
||||||
\end{bytefield}
|
\end{bytefield}
|
||||||
\end{lrbox}
|
\end{lrbox}
|
||||||
|
|
||||||
\begin{equation*}
|
$\cm := \FullHashbox{\cmbox}$
|
||||||
\begin{aligned}
|
|
||||||
\InternalHash &:= \CRHbox{\ihbox} \\
|
|
||||||
\InternalHashK &:= \CRHbox{\ihkbox} \\
|
|
||||||
\cm &:= \CRHbox{\cmbox}
|
|
||||||
\end{aligned}
|
|
||||||
\end{equation*}
|
|
||||||
|
|
||||||
\subsubsection{Serial numbers}
|
\subsubsection{Serial numbers}
|
||||||
|
|
||||||
|
@ -1185,13 +1162,13 @@ The raw encoding of a \coinPlaintext $(\AuthPublic, \Value, \CoinAddressRand,
|
||||||
\CoinCommitRand, \Memo)$ consists of, in order:
|
\CoinCommitRand, \Memo)$ consists of, in order:
|
||||||
|
|
||||||
\begin{equation*}
|
\begin{equation*}
|
||||||
\begin{bytefield}[bitwidth=0.03em]{1480}
|
\begin{bytefield}[bitwidth=0.032em]{1352}
|
||||||
\changed{
|
\changed{
|
||||||
\bitbox{88}{$\TransmitPlaintextVersionByte$}&
|
\bitbox{88}{$\TransmitPlaintextVersionByte$}&
|
||||||
\bitbox{256}{$\AuthPublic$ (32 bytes)}&
|
\bitbox{256}{$\AuthPublic$ (32 bytes)}&
|
||||||
&}\bitbox{168}{$\Value$ (8 bytes)} &
|
&}\bitbox{168}{$\Value$ (8 bytes)} &
|
||||||
\bitbox{256}{$\CoinAddressRand$ (32 bytes)} &
|
\bitbox{256}{$\CoinAddressRand$ (32 bytes)} &
|
||||||
\bitbox{384}{$\CoinCommitRand$ (48 bytes)} &
|
\bitbox{256}{$\CoinCommitRand$ (32 bytes)} &
|
||||||
\changed{\bitbox{512}{$\Memo$ (64 bytes)}}
|
\changed{\bitbox{512}{$\Memo$ (64 bytes)}}
|
||||||
\end{bytefield}
|
\end{bytefield}
|
||||||
\end{equation*}
|
\end{equation*}
|
||||||
|
@ -1204,7 +1181,7 @@ encoding of a \coinPlaintext.
|
||||||
}
|
}
|
||||||
\item 8 bytes specifying a big-endian encoding of $\Value$.
|
\item 8 bytes specifying a big-endian encoding of $\Value$.
|
||||||
\item 32 bytes specifying $\CoinAddressRand$.
|
\item 32 bytes specifying $\CoinAddressRand$.
|
||||||
\item 48 bytes specifying $\CoinCommitRand$.
|
\item 32 bytes specifying $\CoinCommitRand$.
|
||||||
\changed{
|
\changed{
|
||||||
\item 64 bytes specifying $\Memo$.
|
\item 64 bytes specifying $\Memo$.
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue