zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

The viewing key holder should check epk. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2016-02-27 21:14:39 +00:00
parent 9611e0b35b
commit f3041d4e07
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
protocol/protocol.pdf
View File

Binary file not shown.

7
protocol/protocol.tex
View File

@ -117,6 +117,7 @@
\newcommand{\shared}{\mathsf{shared}} \newcommand{\shared}{\mathsf{shared}}
\newcommand{\DHSecret}[1]{\mathsf{dhsecret}_{#1}} \newcommand{\DHSecret}[1]{\mathsf{dhsecret}_{#1}}
\newcommand{\EphemeralPublic}{\mathsf{epk}} \newcommand{\EphemeralPublic}{\mathsf{epk}}
\newcommand{\EphemeralPublicCompare}{\mathsf{epk}^*}
\newcommand{\EphemeralPrivate}{\mathsf{esk}} \newcommand{\EphemeralPrivate}{\mathsf{esk}}
\newcommand{\TransmitPublic}{\mathsf{pk_{enc}}} \newcommand{\TransmitPublic}{\mathsf{pk_{enc}}}
\newcommand{\TransmitPublicNew}[1]{\mathsf{pk^{new}_{\enc,\mathnormal{#1}}}} \newcommand{\TransmitPublicNew}[1]{\mathsf{pk^{new}_{\enc,\mathnormal{#1}}}}
@ -1019,11 +1020,13 @@ and $\EphemeralPrivate$ from $\SharedPlaintext{}$.
\begin{itemize} \begin{itemize}
\item Let $\CoinPlaintext{i} := \item Let $\CoinPlaintext{i} :=
\DecryptCoin(\TransmitKey{i}, \TransmitCiphertext{i}, \cmNew{i})$. \DecryptCoin(\TransmitKey{i}, \TransmitCiphertext{i}, \cmNew{i})$.
\item Let $\EphemeralPublicCompare := \CurveMultiply(\EphemeralPrivate, \CurveBase)$.
\item Let $\DHSecret{i} := \CurveMultiply(\EphemeralPrivate, \TransmitPublicNew{i})$. \item Let $\DHSecret{i} := \CurveMultiply(\EphemeralPrivate, \TransmitPublicNew{i})$.
\item Let $\TransmitKeyCompare{i} := \KDF(\DHSecret{i}, \EphemeralPublic, \item Let $\TransmitKeyCompare{i} := \KDF(\DHSecret{i}, \EphemeralPublic,
\TransmitPublicNew{i}, i)$. \TransmitPublicNew{i}, i)$.
\item If $\CoinPlaintext{i} \neq \bot$ and \item If $\CoinPlaintext{i} \neq \bot$ and either
$\TransmitKeyCompare{i} \neq \TransmitKey{i}$ then set the \memo ($\TransmitKeyCompare{i} \neq \TransmitKey{i}$ or
$\EphemeralPublicCompare \neq \EphemeralPublic$), then set the \memo
of $\CoinPlaintext{i}$ to be $\bot$ (indicating that, although this is a valid of $\CoinPlaintext{i}$ to be $\bot$ (indicating that, although this is a valid
coin, the recipient would not have been able to decrypt it, and that the \memo coin, the recipient would not have been able to decrypt it, and that the \memo
cannot be verified). cannot be verified).