zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

The viewing key holder should check epk. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2016-02-27 21:14:39 +00:00
parent 9611e0b35b
commit f3041d4e07
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
protocol/protocol.pdf
View File

Binary file not shown.

7
protocol/protocol.tex
View File

@ -117,6 +117,7 @@
\newcommand{\shared}{\mathsf{shared}}
\newcommand{\DHSecret}[1]{\mathsf{dhsecret}_{#1}}
\newcommand{\EphemeralPublic}{\mathsf{epk}}
\newcommand{\EphemeralPublicCompare}{\mathsf{epk}^*}
\newcommand{\EphemeralPrivate}{\mathsf{esk}}
\newcommand{\TransmitPublic}{\mathsf{pk_{enc}}}
\newcommand{\TransmitPublicNew}[1]{\mathsf{pk^{new}_{\enc,\mathnormal{#1}}}}
@ -1019,11 +1020,13 @@ and $\EphemeralPrivate$ from $\SharedPlaintext{}$.
\begin{itemize}
\item Let $\CoinPlaintext{i} :=
\DecryptCoin(\TransmitKey{i}, \TransmitCiphertext{i}, \cmNew{i})$.
\item Let $\EphemeralPublicCompare := \CurveMultiply(\EphemeralPrivate, \CurveBase)$.
\item Let $\DHSecret{i} := \CurveMultiply(\EphemeralPrivate, \TransmitPublicNew{i})$.
\item Let $\TransmitKeyCompare{i} := \KDF(\DHSecret{i}, \EphemeralPublic,
\TransmitPublicNew{i}, i)$.
\item If $\CoinPlaintext{i} \neq \bot$ and
$\TransmitKeyCompare{i} \neq \TransmitKey{i}$ then set the \memo
\item If $\CoinPlaintext{i} \neq \bot$ and either
($\TransmitKeyCompare{i} \neq \TransmitKey{i}$ or
$\EphemeralPublicCompare \neq \EphemeralPublic$), then set the \memo
of $\CoinPlaintext{i}$ to be $\bot$ (indicating that, although this is a valid
coin, the recipient would not have been able to decrypt it, and that the \memo
cannot be verified).