zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ZIP 32: Expose DeriveInternalFVK^Orchard for use by the protocol spec. 

refs #598

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2022-04-28 16:17:48 +01:00
parent b870363ae6
commit fb223c206d
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
zip-0032.html
View File

@ -624,6 +624,9 @@ License: MIT</pre>
be the spend authorizing key if available, and let
<span class="math">\((\mathsf{ak}, \mathsf{nk}, \mathsf{rivk})\)</span>
be the corresponding external full viewing key, obtained as specified in <a id="id23" class="footnote_reference" href="#protocol-orchardkeycomponents">12</a>.</p>
<p>Define
<span class="math">\(\mathsf{DeriveInternalFVK^{Orchard}}(\mathsf{ak}, \mathsf{nk}, \mathsf{rivk})\)</span>
as follows:</p>
<ul>
<li>Let
<span class="math">\(K = \mathsf{I2LEBSP}_{256}(\mathsf{rivk})\)</span>
@ -631,12 +634,15 @@ License: MIT</pre>
<li>Let
<span class="math">\(\mathsf{rivk_{internal}} = \mathsf{ToScalar^{Orchard}}(\mathsf{PRF^{expand}}(K, [\mathtt{0x83}] \,||\, \mathsf{I2LEOSP_{256}}(\mathsf{ak}) \,||\, \mathsf{I2LEOSP_{256}}(\mathsf{nk}))\)</span>
.</li>
<li>Return
<span class="math">\((\mathsf{ak}, \mathsf{nk}, \mathsf{rivk_{internal}})\)</span>
.</li>
</ul>
<p>Then the expanded internal spending key is
<p>The result of applying
<span class="math">\(\mathsf{DeriveInternalFVK^{Orchard}}\)</span>
to the external full viewing key is the internal full viewing key. The corresponding expanded internal spending key is
<span class="math">\((\mathsf{ask}, \mathsf{nk}, \mathsf{rivk_{internal}})\)</span>
, and the internal full viewing key is
<span class="math">\((\mathsf{ak}, \mathsf{nk}, \mathsf{rivk_{internal}})\)</span>
.</p>
,</p>
<p>Unlike <a href="#sapling-internal-key-derivation">Sapling internal key derivation</a>, we do not base this internal key derivation procedure on non-hardened derivation, which is not defined for Orchard. We can obtain the desired separation of viewing authority by modifying only the
<span class="math">\(\mathsf{rivk_{internal}}\)</span>
field relative to the external full viewing key, which results in different

9
zip-0032.rst
View File

@ -390,11 +390,16 @@ Let :math:`\mathsf{ask}` be the spend authorizing key if available, and
let :math:`(\mathsf{ak}, \mathsf{nk}, \mathsf{rivk})` be the corresponding external full
viewing key, obtained as specified in [#protocol-orchardkeycomponents]_.
Define :math:`\mathsf{DeriveInternalFVK^{Orchard}}(\mathsf{ak}, \mathsf{nk}, \mathsf{rivk})`
as follows:
- Let :math:`K = \mathsf{I2LEBSP}_{256}(\mathsf{rivk})`.
- Let :math:`\mathsf{rivk_{internal}} = \mathsf{ToScalar^{Orchard}}(\mathsf{PRF^{expand}}(K, [\mathtt{0x83}] \,||\, \mathsf{I2LEOSP_{256}}(\mathsf{ak}) \,||\, \mathsf{I2LEOSP_{256}}(\mathsf{nk}))`.
- Return :math:`(\mathsf{ak}, \mathsf{nk}, \mathsf{rivk_{internal}})`.
Then the expanded internal spending key is :math:`(\mathsf{ask}, \mathsf{nk}, \mathsf{rivk_{internal}})`,
and the internal full viewing key is :math:`(\mathsf{ak}, \mathsf{nk}, \mathsf{rivk_{internal}})`.
The result of applying :math:`\mathsf{DeriveInternalFVK^{Orchard}}` to the external full viewing
key is the internal full viewing key. The corresponding expanded internal spending key is
:math:`(\mathsf{ask}, \mathsf{nk}, \mathsf{rivk_{internal}})`,
Unlike `Sapling internal key derivation`_, we do not base this internal key derivation
procedure on non-hardened derivation, which is not defined for Orchard. We can obtain the