Daira Hopwood
46fefcaf56
Update all references to https URLs (and the year of the Unicode Standard to 2020).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 21:44:19 +01:00
Daira Hopwood
404248cb92
Regenerate PDFs.
2021-04-01 02:19:32 +01:00
Daira Hopwood
a0d048ed1e
Update Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
417076e50d
Make a note in \crossref{inbandrationale} of the divergence of ivk from a uniform scalar.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
1eec1f9832
Remove anchorSapling field when there are no Spends.
...
This corresponds to e0b08fd576
in ZIP 225.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
49f3b206f5
Fix type error in kdfinput for KDF^{Sapling,Orchard} (`ephemeralKey` is already a byte sequence).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
41580ec06d
Cosmetics in Sapling Output statement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
c367a22098
Explicitly note that the end of the ZIP 212 grace period precedes NU5 activation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
3a312dc5a9
Expand the set of ZIPs associated with NU5 in \crossref{networkupgrades}, and reference the Orchard and halo2 books there.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
6c3099843d
Add a caveat about reuse of rivk between PRF^expand and Commit^ivk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
3826d43930
Correct the set of inputs to PRF^expand used for ZIP 32 and Orchard in \crossref{abstractprfs}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
de0bc97bb2
Cosmetics (page breaking).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
bb985e039a
Section \crossref{concreteorchardkdf} should be in the NU5 colour (slate blue).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Deirdre Connolly
ec6c10fc5c
Add a note to the Sending Notes (Orchard) section about using a dummy note for ρ.
...
Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
6c8f9fb478
Update the Sprout key component diagram in \crossref{addressesandkeys} to remove magenta highlighting.Remove magenta highlighting
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
e1f105eaa1
Add note about use of big-endian order in the encoding of BLS12-381 points.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
3a55af9b1f
Cosmetics and indexing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
7bfdce2d6a
Write caution about linkage between the abstract and concrete protocols in \crossref{cautionlinkage}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
1097313feb
Fix errors in the Sinsemilla proofs:
...
* SinsemillaHash is defined in terms of SinsemillaHashToPoint, which also takes the D argument.
* correct errors due to 1-based indexing.
* the argument for exceptional cases got the scalars and range of j wrong.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
cce172ace8
Cosmetics (page breaking).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
Daira Hopwood
f45b6b5d66
Add Action Statement ref to flags note
...
This change makes it clearer that the note spend and creation
rules are implemented as part of the proof.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
teor
ecb2ccd3f4
Copy outCiphertext description to the encoding tables
2021-04-01 02:11:35 +01:00
Daira Hopwood
0f427feb5b
Regenerate PDFs.
2021-03-26 19:45:47 +00:00
Daira Hopwood
f66887cdee
Fix an off-by-one error.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 19:40:57 +00:00
Daira Hopwood
3898e2f571
Regenerate PDFs.
2021-03-26 19:38:49 +00:00
Daira Hopwood
b4aac633f4
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 19:31:45 +00:00
Daira Hopwood
2f246ce24d
Other fixes to the Orchard specification, including generation of dummy notes and output notes.
...
fixes #465
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 19:17:33 +00:00
Daira Hopwood
aa86282e16
Change the specifications of note decryption to return the note and memo, rather than a note plaintext.
...
Generalize the specification of block chain scanning to support Orchard.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
c50bdbd9ce
Delete a confusing part of the definition of concatbits that we don't rely on.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
b27213dfd3
Move the definition of ⊥ to before its first use.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
cd1b4de8f9
Update the hashFinalSaplingRoot/hashLightClientRoot/hashBlockCommitments field for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
74dfa80194
Fix errors in Orchard due to cut-and-paste from Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
4d3204b8e1
Describe the recommended way to encode a Sapling or unified payment address as a QR code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
bbc6131f29
Update specification of Poseidon.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
Daira Hopwood
212fdc8752
Add references for the halo2 book.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
5e55821889
NCC audit: Make the description of when fields are included in v5 transactions consistent
...
between the protocol specification and ZIP 225. Also regenerate the HTML for ZIP 225.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
55af963e53
NCC audit: Add a definition for the section symbol in \crossref{introduction}, before its first use.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
5fef9270e2
NCC audit: Correct the sizes of SpendDescriptionV5 and OutputDescriptionV5 in the version transaction format.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
bfc6a8e33c
NCC audit: Document the limitation on the domain separation string for the group hash into Pallas/Vesta.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
a68c7d24d0
NCC audit: Document that the choice of nonsquare for λ_G in \crossref{concretegrouphashpallasandvesta} makes no difference
...
to the output of map_to_curve_simple_swu.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
fa2b1c6ce9
Correct the output type of sqrt_ratio.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
ab0e248036
NCC audit: Document that the use of k = 256 in hash_to_field is intentional,
...
despite the Pallas curve only having 126-bit conjectured security against generic attacks.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
9d62142142
NCC audit: Fix a discrepancy between \crossref{concretegrouphashpallasandvesta} and \cite{ID-hashtocurve}.
...
The zero padding in expand_message_xmd should be 128 bytes (matching the input block size of
BLAKE2b), rather than 64 bytes.
See also https://github.com/zcash/pasta/pull/2 and https://github.com/zcash/pasta_curves/issues/7
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
5d15a3d91e
NCC audit: Fix type confusion between integers and field elements (including additional cases
...
not found in the audit, involving nullifiers and cm_x).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
7ccbf44c30
NCC audit: Define \mathbb{G} in \crossref{concretegrouphashpallasandvesta}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
4d983aa855
NCC audit: Make the naming of enableSpends and enableOutputs consistent.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
e5336bb536
Various rationale updates for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
8f1ff76417
Add proof of collision resistance for Sinsemilla.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
591c7e45cc
NCC audit: Restrict the definition of a short Weierstrass elliptic curve
...
to base fields of characteristic greater than 3.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
2e50a09e97
NCC audit: Correct the definition of PRFnf^Orchard by changing Poseidon to PoseidonHash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
b7d61884e1
NCC audit: Propagate \bot from the inputs of MerkleCRH^Orchard to its output, and add an explicit
...
consensus rule that rt^Orchard computed from appending a note commitment is not \bot.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
c11c329beb
NCC audit: Propagate \bot intermediate results to the output of Sinsemilla primitives.
...
Change the output types of NoteCommitAlg^Orchard and CommitIvkAlg to reflect that these can
return \bot, and change the action statement to be satisfied if they do.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
20478ae40d
Credit Eirik Ogilvie-Wigley as a designer of the Zcash protocol. Add Andre Serrano, Brad Miller,
...
Charlie O'Keefe, David Campbell, Elena Giralt, Francisco Gindre, Joseph Van~Geffen, Josh Swihart,
Kevin Gorham, Larry Ruane, Marshall Gaucher, and Ryan Taylor to the acknowledgements.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
b14c332910
NCC audit: Correct the definition of c in \crossref{concretesinsemillahash}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:51 +00:00
Daira Hopwood
54a0894acf
NCC audit: fix 'reasonable' typo.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:22:50 +00:00
Daira Hopwood
02db965036
Cosmetics and trivial changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:22:50 +00:00
Daira Hopwood
44c45004df
Cosmetics and trivial changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-23 20:01:13 +00:00
Daira Hopwood
218196f8dd
Output ciphertext -> outgoing ciphertext.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-23 19:27:47 +00:00
Daira Hopwood
e1bdfce3bc
Remove specification of memo contents, which will be in ZIP 302.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-23 19:21:56 +00:00
Deirdre Connolly
75a8a944d4
s/enableSpendsOrchard/enableOutputsOrchard/ re: no new notes
2021-03-19 15:14:26 +00:00
Daira Hopwood
a859014b98
Correct the description of `length` in \crossref{unifiedpaymentaddrencoding}.
...
(It is the length of `addr`, not the length of the raw encoding; they differ for t-addrs.)
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
Daira Hopwood
781ec6896d
Correct the type signature of DiversifyHash^Orchard in \crossref{abstracthashes}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
Daira Hopwood
3e160d6ecb
2^16 -> 2^{16}. fixes #461
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
Daira Hopwood
9af5978852
Remove magenta highlighting of differences from Zerocash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
Daira Hopwood
78e3d68539
Remove support for generating the Sprout-only specification (sprout.pdf).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 14:00:19 +00:00
Daira Hopwood
ebe3800b2b
Regenerate PDFs.
2021-03-17 20:00:51 +00:00
Daira Hopwood
f0fa13761e
Regenerate PDFs.
2021-03-17 19:55:50 +00:00
Daira Hopwood
3b558b2146
Set date in Change History entry for v2021.1.19.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:49 +00:00
Daira Hopwood
c5c34cf93c
Cosmetics (spacing).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:49 +00:00
Daira Hopwood
0b8a4b3d90
Correct the range of input to ValueCommit^Orchard in the action statement, and the corresponding security argument in \crossref{orchardbalance}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
Daira Hopwood
e31f33c678
Fix a type error in the non-normative note at the end of \crossref{concretesinsemillacommit}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
Daira Hopwood
867d0cc712
Make DiversifyHash^Orchard total, by replacing an output of the zero point with another base.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
Daira Hopwood
c9b918a654
Fix a typo: 2^16 -> 2^{16}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
Daira Hopwood
17518632e1
Update the consensus rules that prevent trivial transactions (with no inputs or outputs)
...
to take into account action transfers in the v5 transaction format.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
Daira Hopwood
cec8b904c5
Regenerate PDFs.
2021-03-17 02:11:38 +00:00
Daira Hopwood
36074af67b
Version 2021.1.18:
...
* Define unified payment addresses in place of the Bech32 form of Orchard addresses.
* Remove Sprout-specific fields from the v5 transaction format.
* The rho value for an Orchard output note was incorrectly described as being derived from
rseed, instead of being set to the nullifier from the same action description as intended
(fixes #459 ).
* The psi value is now derived using the PRF^expand input [9], instead of [10] (refs #459 ).
* Correct a note about the range of the Merkle hash inputs in \crossref{actionstatement}.
* Correct the validity condition for ak in \crossref{orchardfullviewingkeyencoding}.
* Add a definition for K^Orchard in \crossref{commitmentsandnullifiers} (fixes #460 ).
* Correct the number of full and partial rounds for Poseidon.
* Add a note explaining the origin of the 2^{65} constant in the definition of PoseidonHash.
2021-03-17 02:06:38 +00:00
Daira Hopwood
27a39088d6
Regenerate PDFs.
2021-03-15 16:27:53 +00:00
Daira Hopwood
ad032d456a
More WIP:
...
* fix the use of inputs to PRF^expand in Orchard note encryption;
* rename "hash extractor" to "coordinate extractor";
* miscellaneous minor fixes;
* set date of Change History entry.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
37d8221c4d
Mainly fixes to the Action statement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
d79de34b4a
Update key components diagram.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
7cc31111bb
Yet more WIP. Nullifier derivation for Orchard is correct now.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
f6fb3c80d7
More WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
6ac5901a42
More WIP, and rename orchard.pdf to nu5.pdf.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
dae8852187
More Orchard WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
e62d57959e
More WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
6453611314
* More Orchard WIP;
...
* The definition of a represented group abstraction function incorrectly required canonicity;
* Note about non-canonical encodings in the Jubjub gave incorrect values for encodings of the point of order 2;
* Change the spec of decryption with ovk to match zcashd (by adding \bot and subgroup checks);
* Add a note saying that a node impl that checkpoints on Sapling can omit verifying BCTV14 proofs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
68cb4c6d5f
Font hack to make sure that italic bold is not too wide.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
a81cfdb693
More WIP!
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
ad9c631ee0
More WIP for Orchard, including hashing to Pallas and Vesta.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
6215dce577
More WIP
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
0b6faf673d
Update spec for Orchard up to and including section 3 (Concepts).
...
This includes the key derivation diagram in section 3.1.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
300df42bf3
More WIP for Orchard
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
c2c4160151
WIP: Orchard
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
7e21ab57ac
Push draft of NU5 spec.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-04 03:27:02 +00:00
Alessandro Coglio
08fcc0c1f0
Add a paragraph break
...
It seems that this should get its own paragraph, for symmetry with nearby paragraphs.
2021-01-15 18:09:09 -08:00
Daira Hopwood
4f1ce394fe
Regenerate PDFs.
2021-01-11 00:15:27 +00:00
Daira Hopwood
894c979a3d
protocol/Makefile: add new .pdf files if needed.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-11 00:10:37 +00:00
Daira Hopwood
adced97391
Update Change History version and date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-11 00:08:20 +00:00
Daira Hopwood
6dc375e9ec
Add (experimental, unused) support for linking consensus rules with the corresponding code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:56:30 +00:00
Daira Hopwood
9bc9823a23
Add macros and Makefile support for building the Orchard draft specification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:56:30 +00:00
Daira Hopwood
3751c9973d
QED-it changed the spelling of their company name to QEDIT.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:46:24 +00:00
Daira Hopwood
a5b78961f4
Clarify the encoding of block heights for the "height in coinbase" rule.
...
The description of this rule has also moved from 'Block Header Encoding and Consensus' to
'Transaction Encoding and Consensus'.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:45:53 +00:00
Daira Hopwood
0bd8580d1a
Include the activation dates of Heartwood and Canopy in 'Network Upgrades'.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:40:03 +00:00
Daira Hopwood
1ddc19ffaa
Section links in the Heartwood and Canopy versions of the specification now go to the correct document URL.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:37:16 +00:00
Daira Hopwood
34de56533f
Protocol spec: use cmap package to attempt to improve search/copy-paste on some PDF readers.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:32:54 +00:00
Daira Hopwood
c136527758
Regenerate PDFs.
2020-11-06 01:09:37 +00:00
Daira Hopwood
3274aa10de
Avoid undefined references when building sprout.pdf.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
9a8f72c5e3
Add release date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
7999296d7d
Minor corrections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
6e3c173538
Update a comment about BIPs (which is not in the rendered document).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
c278c2f93a
Reserve transaction version 0x7FFFFFFF and version group ID 0xFFFFFFFF for experimental use.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
9257be1d1f
Add a consensus rule that the (zero-valued) coinbase transaction output of the genesis block cannot be spent.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
917dbf5c46
Add a missing consensus rule that has always been implemented in zcashd: there must be at
...
least one transparent output, Sapling output, or JoinSplit in a transaction.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
94ec65564c
Define Sprout/Sapling chain value pool balances, and include consensus rules from ZIP 209.
...
This includes updates to ZIPs 209 and 211 for consistency of terminology (also addressing
a nit from the NCC Canopy report).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
71cee89a18
Corrections to note decryption algorithms:
...
* ephemeralKey is kept as a byte sequence rather than immediately converted to a curve point;
this matters because of non-canonical encoding.
* The representation of pk_d in a note plaintext may also be non-canonical and need not be in the
prime subgroup.
* Move checking of cm_u in decryption with ivk to the end of the algorithm, to more closely match
the implementation.
* The note about decryption of outputs in mempool transactions should have been normative.
Also change ZIP 212 to say that it is aligned with this version of the protocol spec.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
775b5f3b5d
Use "let mutable" to introduce mutable variables in algorithms.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
9c9ad74fad
Acknowledge Alexandra Elbakyan for her work on Sci-Hub.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
0ed38ec775
Acknowledge Izaak Meckler, Zac Williamson, and Vitalik Buterin for discussions of the protocol.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
a5db85828c
Acknowledge Jack Gavigan as a co-designer of Sapling and of the Zcash protocol.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
924fd97422
Remove a statement that the language consisting of key and address encoding possibilities is prefix-free
...
(the raw encodings are not).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
85b8f1647b
Include a reference to [BFIJSV2010] for batch pairing verification techniques.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
Daira Hopwood
36b35dbf4a
Regenerate PDFs.
2020-08-30 21:12:40 +01:00
Daira Hopwood
906838f3b6
Minor fixes to Change History.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-30 21:07:46 +01:00
Daira Hopwood
4d00112f5d
Explicitly state the consensus rule that a coinbase transaction must not spend more than is available from the block subsidy and transaction fees.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-30 21:07:34 +01:00
Daira Hopwood
c7180872a3
Specify where PRF^expand is used and with what inputs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-30 21:06:29 +01:00
Daira Hopwood
ea59cda07f
Fix a type error in the output of PRF^nfSapling; a Sapling nullifier is a sequence of 32 bytes, not a bit sequence.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-30 21:01:51 +01:00
Daira Hopwood
b3da7a14ee
Remove a silly comment from the LaTeX source.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-30 21:01:51 +01:00
Daira Hopwood
87a0670225
protocol/Makefile: ensure that we don't release from a branch other than master or a dirty working tree.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-30 21:01:50 +01:00
Daira Hopwood
639226dd50
Regenerate PDFs.
2020-08-19 22:03:26 +01:00
Daira Hopwood
b2a7e1deb0
Fix a type error in the output of PRF^nfSapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-17 21:33:05 +01:00
Daira Hopwood
850e7ea019
Correct an off-by-one in an expression used in the definition of c for windowed Pedersen commitments
...
(this does not change the value of c).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-17 21:32:15 +01:00
Daira Hopwood
b83f2b9542
Regenerate PDFs.
2020-08-11 14:44:38 +01:00
Daira Hopwood
e1cac0c48a
Make the Canopy specification the default.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 13:56:46 +01:00
Daira Hopwood
19ba684f2c
Minor wording improvement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 13:56:19 +01:00
Daira Hopwood
55c51715b5
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 13:56:08 +01:00
Daira Hopwood
7032c07fb8
Make Halving(height) return 0 (rather than -1) for height < SlowStartShift.
...
This has no effect on consensus since the Halving function is not used in that case,
but it makes the definition match the intuitive meaning of the function.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 13:55:38 +01:00
Daira Hopwood
d117273977
Refine the domain of HeightForHalving from N to N^+.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 13:54:06 +01:00
Daira Hopwood
9dbac78f29
Rename some section titles under 'Consensus Changes from Bitcoin' to use 'Encoding and Consensus'.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 13:52:58 +01:00
Daira Hopwood
6fbe17da59
Updates to reflect ZIP 211: add a consensus rule on v^pub_old, and a rule about node and wallet support for sending to Sprout addresses.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 13:49:36 +01:00
Daira Hopwood
1d71f6cb31
Rename the type of Sapling transmission keys from KA^Sapling.PublicPrimeOrder to KA^Sapling.PublicPrimeSubgroup.
...
This type is defined as J^(r), which reflects the implementation in zcashd (subject to the point below);
it was never enforced that a transmission key (pk_d) cannot be the zero point.
Add a non-normative note saying that zcashd does not fully conform to the requirement to treat
transmission keys not in KA^Sapling.PublicPrimeSubgroup as invalid when importing payment addresses.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 13:43:00 +01:00
Daira Hopwood
e1037ff046
Wording improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 01:57:49 +01:00
Daira Hopwood
d11304c7d1
Add indexing for "halving".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 01:54:48 +01:00
Daira Hopwood
a651ad7fe7
Modify funding stream tables and notes to reflect changes in ZIP 214.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 01:52:06 +01:00
Daira Hopwood
fd2416d9ea
Set CanopyActivationHeight for Testnet.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-11 01:48:59 +01:00
Daira Hopwood
fb64b2e430
Regenerate PDFs.
2020-08-03 12:19:11 +01:00
Daira Hopwood
17def33bf8
Use abstBytes_{Ed25519} and reprBytes_{Ed25519} for conversions in Ed25519 batch signature validation, and
...
fix a missing requirement that S_j < \ell for all signatures.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-03 12:14:34 +01:00
Daira Hopwood
ff3c7c2bce
Move the footnote about (x, y) notation for Ed25519 to where this notation is first used.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-03 12:11:08 +01:00
Daira Hopwood
13b6f0e120
Delete a potentially misleading Sprout-specific comment.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-03 12:10:20 +01:00
Daira Hopwood
31b844c37c
Give a definition for SHA-512. Also some refactoring of hash macros.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-03 12:09:33 +01:00
Daira Hopwood
6a4b1f5f6c
Add a reference to [BCCGLRT2014].
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-03 12:05:33 +01:00
Daira Hopwood
1e6b2f8815
Regenerate PDFs.
2020-07-13 18:54:03 +01:00
Daira Hopwood
b2f033f84d
Add spec changes for ZIPs 207 and 214.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-13 18:45:16 +01:00
Daira Hopwood
bc809dae5d
Add note about full viewing key decryption of mempool transactions.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-13 18:45:16 +01:00
Daira Hopwood
0248a44a05
Change instances of "the production network" to "Mainnet", and "the test network" to "Testnet".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-13 18:45:16 +01:00
Daira Hopwood
baad229598
Update stale references to Bitcoin documentation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-13 18:45:16 +01:00
Daira Hopwood
5d2a48ce9d
Regenerate PDFs.
2020-07-07 00:25:02 +01:00
Daira Hopwood
a67b74aede
Corrections to a note in section 'Ed25519'.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-07 00:21:14 +01:00
Daira Hopwood
9473b9d4af
Regenerate PDFs.
2020-07-06 23:10:15 +01:00
Daira Hopwood
0bfbbd54e2
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-06 22:58:29 +01:00
Daira Hopwood
4d148920ae
Add a missing cross reference for Jubjub.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-06 22:58:29 +01:00
Daira Hopwood
5e8ae9bb89
Precisely specify the encoding and decoding of Ed25519 points.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-06 22:58:29 +01:00
Daira Hopwood
3e3bf8a79b
Add 'Mainnet and Testnet' section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-06 22:58:29 +01:00
Daira Hopwood
e87177f97f
Add end comments for conditional blocks in history entries.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-06 22:58:29 +01:00
Daira Hopwood
3f41a13087
Corrections to the specification of \abstJ and the security argument for GroupHash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-06 22:58:29 +01:00
Daira Hopwood
32a55b0939
Add Jane Lusby and Teor to acknowledgements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-06 22:58:29 +01:00
Daira Hopwood
5504c17ab0
Make duplicate labels work as intended.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-06 22:58:29 +01:00
Daira Hopwood
9acf1b6667
Makefiles: add 'release' targets that perform a protocol spec release.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-05 17:27:20 +01:00
Daira Hopwood
b398183fb0
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-04 04:02:54 +01:00
Daira Hopwood
9321a0d9fc
Arguments to PRF^expand don't need to be specified as hex.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-04 03:59:17 +01:00
Daira Hopwood
553be0f9eb
In RedDSA verification, clarify that \underline{R} used as part of the input to H^\ast must be exactly as encoded in the signature.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-04 03:59:17 +01:00
Daira Hopwood
cbf4cb52f1
Adjust the order of operations in Sapling decryption to more closely match the implementation, and improve the notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-04 03:59:17 +01:00
Daira Hopwood
47a2c78990
Correct a bug: esk is only to be checked against ToScalar(PRF^expand_rseed([4])) when the lead byte != 0x01.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-04 03:28:36 +01:00
Daira Hopwood
5689d59d32
Specify that shielded outputs of coinbase transactions MUST use v2 note plaintexts after Canopy activation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-04 03:28:36 +01:00
Daira Hopwood
9b55332fc2
Add Ying Tong Lai and Kris Nuttycombe as Zcash protocol designers.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-04 03:18:52 +01:00
Daira Hopwood
b915222d96
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-04 03:18:16 +01:00
Daira Hopwood
154da511c6
Specify \abstJ to be as implemented, and adjust the security argument for \GroupJHash.
...
Also modify \exclusivefun to take an excluded set rather than a single element.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-04 03:17:49 +01:00
Daira Hopwood
a7f7befe24
Add \optsqrt macro for "arbitrary square root".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-04 03:12:00 +01:00
Daira Hopwood
e4315ad6a7
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-07-01 19:22:38 +01:00
Daira Hopwood
03932d2335
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-26 21:24:41 +01:00
Daira Hopwood
a333649a4e
Cosmetic change to the 2020.1.6 history entry.
2020-06-26 20:57:39 +01:00
Daira Hopwood
3ce9bd9823
Replace the block interval 32256 with the constant ZIP212GracePeriod.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-26 20:57:39 +01:00
Daira Hopwood
66acf80d18
Other cosmetic changes to the batch validation equations.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-26 20:57:39 +01:00
Daira Hopwood
45c2b616e2
Fix sign errors in the fixed-base terms of the batch validation equations in Appendices B.1 and B.3.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-26 20:57:39 +01:00
Daira Hopwood
3e98e63a6c
For Sprout, add an explicit lead byte field to note plaintexts.
...
For Sapling, define note plaintext lead bytes as just bytes (so that decoding always succeeds and error handling is more explicit).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-26 20:47:32 +01:00
Daira Hopwood
a3e4403f50
Delete some 'new' superscripts that only added notational clutter.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-26 18:58:17 +01:00
Daira Hopwood
3567634837
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-17 23:32:25 +01:00
Daira Hopwood
af41efa40c
Protocol spec: ZIP 212 changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-17 23:28:27 +01:00
Daira Hopwood
eb222b4fe0
Remove some unused macros.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-17 23:01:13 +01:00
Daira Hopwood
8ccd4e656b
Add an appendix on Ed25519 batch validation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-17 23:01:13 +01:00
Daira Hopwood
6e781c5905
Ed25519 updates. This corrects an error in the specification of valid public keys
...
(they are not checked against ExcludedPointEncodings), and includes changes for Canopy.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-17 23:01:13 +01:00
Daira Hopwood
ec5eda1d9c
Better positive square root symbol.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-17 23:01:13 +01:00
Daira Hopwood
43e4e71989
Corrections to ZIP references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-17 23:01:13 +01:00
Daira Hopwood
4f063850d5
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-17 23:01:13 +01:00
Daira Hopwood
1a24d6232c
Consistently use "signing key" and "validating key" for signatures.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-17 23:01:13 +01:00
Daira Hopwood
f1a4631b9f
protocol/Makefile: remove dependency on awk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-15 14:04:24 +01:00
Daira Hopwood
564d7f630e
Protocol spec: regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-02 18:35:15 +01:00
Daira Hopwood
b9fb26f5d5
Protocol spec: fix undefined references for sprout.pdf.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-02 18:35:13 +01:00
Daira Hopwood
e61e2460a0
Protocol spec: improve index; cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-02 18:35:13 +01:00
Daira Hopwood
9bac0682c3
Protocol spec: NU4 -> Canopy; ZIPs 211 and 212 are now published.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-02 18:35:13 +01:00
Daira Hopwood
d53ab5fcbc
Protocol spec: reference ZIP 173 instead of BIP 173.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-06-02 18:35:13 +01:00