mirror of https://github.com/zcash/zips.git
The viewing key holder should check epk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
parent
9611e0b35b
commit
f3041d4e07
Binary file not shown.
|
@ -117,6 +117,7 @@
|
|||
\newcommand{\shared}{\mathsf{shared}}
|
||||
\newcommand{\DHSecret}[1]{\mathsf{dhsecret}_{#1}}
|
||||
\newcommand{\EphemeralPublic}{\mathsf{epk}}
|
||||
\newcommand{\EphemeralPublicCompare}{\mathsf{epk}^*}
|
||||
\newcommand{\EphemeralPrivate}{\mathsf{esk}}
|
||||
\newcommand{\TransmitPublic}{\mathsf{pk_{enc}}}
|
||||
\newcommand{\TransmitPublicNew}[1]{\mathsf{pk^{new}_{\enc,\mathnormal{#1}}}}
|
||||
|
@ -1019,11 +1020,13 @@ and $\EphemeralPrivate$ from $\SharedPlaintext{}$.
|
|||
\begin{itemize}
|
||||
\item Let $\CoinPlaintext{i} :=
|
||||
\DecryptCoin(\TransmitKey{i}, \TransmitCiphertext{i}, \cmNew{i})$.
|
||||
\item Let $\EphemeralPublicCompare := \CurveMultiply(\EphemeralPrivate, \CurveBase)$.
|
||||
\item Let $\DHSecret{i} := \CurveMultiply(\EphemeralPrivate, \TransmitPublicNew{i})$.
|
||||
\item Let $\TransmitKeyCompare{i} := \KDF(\DHSecret{i}, \EphemeralPublic,
|
||||
\TransmitPublicNew{i}, i)$.
|
||||
\item If $\CoinPlaintext{i} \neq \bot$ and
|
||||
$\TransmitKeyCompare{i} \neq \TransmitKey{i}$ then set the \memo
|
||||
\item If $\CoinPlaintext{i} \neq \bot$ and either
|
||||
($\TransmitKeyCompare{i} \neq \TransmitKey{i}$ or
|
||||
$\EphemeralPublicCompare \neq \EphemeralPublic$), then set the \memo
|
||||
of $\CoinPlaintext{i}$ to be $\bot$ (indicating that, although this is a valid
|
||||
coin, the recipient would not have been able to decrypt it, and that the \memo
|
||||
cannot be verified).
|
||||
|
|
Loading…
Reference in New Issue