zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,956 Commits 39 Branches 260 Tags 754 MiB
Commit Graph

1218 Commits

Author SHA1 Message Date
Daira-Emma Hopwood b6ba06a082 Fix typos. The protocol spec will be rendered later. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2025-04-28 19:28:46 +01:00
Daira-Emma Hopwood 0265e077f1 Dark mode fix: make links from the dark mode spec reference the correct PDF. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-11-08 12:57:00 +00:00
Daira-Emma Hopwood 9a45d6be16 [protocol spec] Add dark mode. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-11-01 20:39:52 +00:00
Daira-Emma Hopwood 0e313c8a9f [protocol spec] Clarify \crossref{transactions} taking into account NU6 
consensus changes from ZIP 236.

Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-10-31 13:53:56 +00:00
Daira-Emma Hopwood a6710837c0 Set Change History date for v2024.5.1. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:48:45 +01:00
Daira-Emma Hopwood 3ba2c74a5e Protocol spec: say explicitly that there are no changes to the block format 
in NU6.

Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood e4e29d7486 Protocol spec: refactor section 4.10 (SIGHASH). 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood dd4629de12 Protocol spec and ZIPs 214 and 1015: swap the order of ``FS_DEFERRED`` and ``FS_FPF_ZCG`` 
to match the code in `zcashd`.

Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood d4f1e7324c Set NU6 Mainnet activation height. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood 8e04f130e7 Protocol spec: update acknowledgements. 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood d034d3d6f2 Protocol spec: definition of total issued supply. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood ce330463a8 Cosmetics, and renaming $\mathsf{PoolValue}_Deferred$ to 
$\mathsf{ChainValuePoolBalance^{Deferred}}$.

Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood 8a15a1635d Protocol spec: clarify the section on sighash algorithms, and which ZIPs 
describe NU6. Also say that additional rationale for Canopy is given in
ZIP 1014.

Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood b3876ede52 Apply changes from ZIP 236 to the protocol spec. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood cfba30f1b8 Apply changes from ZIP 2001 to ZIP 207 and the protocol spec. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood 6c793a8784 Protocol spec: refactor the descriptions of Chain Value Pool Balances into 
their own section.

Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood c3a3de1608 Protocol spec: rename ``FS_ZIP214_ECC`` to ``FS_ZIP214_BP``, consistent 
with ZIP 214.

Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood 91900f589c Protocol spec: cosmetics and indexing. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-09-26 07:40:39 +01:00
Daira-Emma Hopwood 815b38cf50 Set Change History date for 2024.5.0. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-08-28 15:04:09 +01:00
Daira-Emma Hopwood a20fcbeff0 Boilerplate for NU6 (orginally based on Kris' branch 'protocol_nu6_boilerplate'). 
Author: Kris Nuttycombe <kris@nutty.land>
Co-authored-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-08-28 15:03:43 +01:00
Daira-Emma Hopwood c204c8f700 Acknowledge Conrado Gouvea. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-07-01 16:39:48 +01:00
Daira-Emma Hopwood a1657b29c3 In \crossref{concretesinsemillahash}, declare use of LEBS2IP instead of LEOS2IP. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-07-01 16:39:48 +01:00
Daira-Emma Hopwood be1b95e76e Protocol spec: cosmetics and improved indexing. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-07-01 16:39:48 +01:00
Daira-Emma Hopwood ccd3a109aa Daira [Emma] -> Daira-Emma. Also correct some author lists and prevent line-breaking of given names or surnames in the spec. 
Signed-off-by: Daira-Emma Hopwood <daira@jacaranda.org>
 2024-07-01 16:39:48 +01:00
Daira Emma Hopwood 18a7b531c7 Set Change History entry date. 
Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood cb48a537a0 Acknowledge the font designers Pablo Impallari and Morris Fuller. 
Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood a77e74ffb6 Cosmetics: improve the appearance of italic bold. 
Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood 477fd91493 Initial attempt at making the document work with screen readers 
(this doesn't work very well yet, and it may be a hopeless task).

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood dcd81b5a85 Document that Zooko came up with the name "Faerie Gold". 
Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood 95493805de Sort out the mess with $\mathsf{PRF^{expand}}$ domain separators. 
Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood 2a08f7be78 Add reference to my "Explaining the Security of Zcash" talk at Zcon3. 
Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood f0457c0668 Cosmetics. 
Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood 4a61f37072 Explain the note decryption soft fork at block height 2121200. 
Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood f24a4befab In \crossref{outputstatement}, say why $\mathsf{pk★_d}$ is typed as a 
bit sequence rather than as a point.

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood 2ee72c97b7 In the table of \crossref{blockheader}, clarify that `hashLightClientRoot` 
is used in Heartwood and Canopy, but not in NU5 or later.

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood b83c7625cf Move a note about the order of arguments to NoteCommit^Orchard to a more 
relevant place.

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood e1ae36d208 Add notes in \crossref{spenddesc}, \crossref{outputdesc}, and 
\crossref{concretehomomorphiccommit} saying that an implementation of
HomomorphicPedersenCommit^Sapling MAY resample the commitment trapdoor
until the resulting commitment is not the zero point, in order to avoid
it being rejected as the cv field of a Spend description or Output
description.

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood cd9371b0ee Delete a confusing claim in \crossref{spenddesc} that "The check that rk 
is not of small order is technically redundant with a check in the Spend
circuit ...". The small-order check excludes the zero point, which the
Spend authority check that this claim was intending to reference does not.

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood d56323956b Document that the attacks in \cite{DKLS2020} are no better than brute force 
key search against FF1-AES256 as specified in \crossref{concreteprps}.

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood 3b799127d1 Acknowledge Greg Pfeil as a co-designer of the Zcash protocol. 
Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood aa2d9a4802 The abstract no longer describes the NU5 version of the specification as 
a draft.

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood ae88944e8c * Rename the section "Note Commitments and Nullifiers" to "Computing ρ 
values and Nullifiers" to more accurately reflect its contents.
* Split some of the content of the section "Notes" into subsections
  "Note Commitments" and "Nullifiers". Make the descriptions of how
  note commitments and nullifiers are used more precise and explicit,
  and add forward references where helpful.
* Remove redundancy in the definition of note plaintexts between
  \crossref{noteptconcept} and \crossref{noteptencoding}.

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood b4e3edbb8c The uses of inputs [4] and [5] to PRF^{expand}_{rseed} (or first bytes 
of the input in case of Orchard), were accidentally swapped in the
protocol specification relative to ZIP 212. The implementation in zcashd
correctly followed ZIP 212, using [4] to derive rcm and [5] to derive esk.

[Note added 2023-12-07: This commit, which is between spec versions
2022.3.8 and 2023.4.0, does not accurately reflect what was deployed.
In fact the domain separators for Sapling were implemented according to
ZIP 212, but the ones for Orchard were implemented according to the spec,
i.e. swapped relative to Sapling. This has been documented in spec
version 2023.4.0.]

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood 04db180f3c The return type of $GroupHash^{\mathbb{J}^{(r)*}}$ in \crossref{concretegrouphashjubjub} 
was incorrectly given as $\mathbb{J}^{(r)*}$, rather than the correct
$\mathbb{J}^{(r)*} \cup \{\bot\}$.

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood 5f0bed973e In the discussion of partitioning oracle attacks on note encryption in 
\crossref{inbandrationale}, we now use the fact that g_d has order greater
than the maximum value of ivk, rather than assuming that g_d is a non-zero
point in the prime-order subgroup. (In the case of Sapling, the circuits
only enforce that g_d is not a small-order point, not that it is in the
prime-order subgroup. It is true that honestly generated addresses have
prime-order g_d which would have been sufficient for the security argument
against this class of attacks, but the chosen fix is more direct.)

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Daira Emma Hopwood f0ef9cf1f1 Add a Change History entry "Change Daira Emma Hopwood's name.", and change the 
name in bibliography entries (the changes in `protocol.tex` were made in
8ea921667d).

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-12-19 17:43:09 +00:00
Kris Nuttycombe 80d66d1876 Protocol spec: Add macro and Makefile support for NU6 2023-12-01 18:24:52 -07:00
Andrew Arnott 4ebc0f7629
Fix identification of HRP for full viewing keys 
This was likely a copy-paste error with the section above it, which is very similar but presents the human-readable part of *incoming* viewing keys.
 2023-07-31 07:13:11 -06:00
Daira Emma Hopwood 8ea921667d Daira Hopwood -> Daira Emma Hopwood. 
Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>
 2023-03-02 12:13:07 +00:00
teor 0f33bb41a2 Fix a MUST -> MUSTNOT typo 2022-11-09 16:03:37 -05:00