Daira Hopwood
7f435cd37d
Fix a typo in appendix B.2 and clarify the costs of Groth16 batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-22 13:49:08 +00:00
Daira Hopwood
f3c5ed99e2
Remove the rule that miners SHOULD NOT mine blocks that chain to other blocks with version number > 4.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-22 13:49:08 +00:00
Daira Hopwood
06725e94b9
Correct the rule about when a transaction is permitted to have no transparent inputs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-22 13:34:25 +00:00
Daira Hopwood
95d95bc4c4
Clarify which transaction fields are added by Overwinter and Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-22 13:33:39 +00:00
Daira Hopwood
8e9171d512
Clarify that Equihash is based on a *variation* of the GBP, and cite [AR2017].
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-22 13:17:07 +00:00
Daira Hopwood
c57d51d7a0
More references and corrected description of Groth16.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-22 12:49:22 +00:00
Daira Hopwood
0b626b087a
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-10 03:30:26 +00:00
Daira Hopwood
ba949107ab
Correct isis agora lovecruft's name.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-10 03:20:47 +00:00
Daira Hopwood
2dc3a10bfe
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-09 01:02:01 +00:00
Daira Hopwood
64c268fdd7
Add Eirik Ogilvie-Wigley and Benjamin Winston to acknowledgements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-09 01:00:03 +00:00
Daira Hopwood
fb9faa3835
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-09 00:37:00 +00:00
Daira Hopwood
0988966fdc
Remaining fixes and clarifications for BCTV14 vulnerability.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-09 00:37:00 +00:00
Daira Hopwood
e17905a0a3
Specify the difficulty adjustment change on testnet.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-09 00:37:00 +00:00
Daira Hopwood
d4a9158323
Say when Sapling activated, and reference ZIP 205.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-09 00:37:00 +00:00
Daira Hopwood
d18edb4abc
Rename zk-SNARK Parameters sections according to the proving system.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-08 22:59:38 +00:00
Daira Hopwood
0d8430799c
Correct [SBB2019] to [SWB2019], and note that the BCTV14 vulnerability affected Soundness.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-05 19:29:31 +00:00
Daira Hopwood
36eeeba15e
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-05 16:55:42 +00:00
Daira Hopwood
9a7ebd326e
Disclose BCTV14 vulnerability.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2019-02-05 16:45:09 +00:00
Daira Hopwood
9515d73aac
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-14 02:05:26 +00:00
Daira Hopwood
680af418cf
Fill in another constraint cost.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-14 02:02:17 +00:00
Daira Hopwood
af17ba2485
Adjust the notation used for scalar multiplication in Appendix A to allow bit sequences as scalars.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-14 02:01:59 +00:00
Daira Hopwood
9aba6af281
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-14 02:01:01 +00:00
Daira Hopwood
538d1f1eb0
Add a description of the Sapling output circuit.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-14 01:05:39 +00:00
Daira Hopwood
79b3d81e42
Complete the description of the Sapling spend circuit.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-13 23:15:54 +00:00
Daira Hopwood
5531006f08
Fix or complete various calculations of constraint costs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-13 23:11:53 +00:00
Daira Hopwood
7419c0a366
Describe 2-bit window lookup with conditional negation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-13 23:09:34 +00:00
Daira Hopwood
39b498fed9
Remove a todo.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-13 22:07:18 +00:00
Daira Hopwood
0835c3837e
Modify the description of fixed-base scalar multiplication to match sapling-crypto.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-13 22:06:36 +00:00
Daira Hopwood
2f868aca8d
Add LEBStoIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-11-13 22:00:41 +00:00
Daira Hopwood
43e83effb4
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-24 16:18:39 +01:00
Daira Hopwood
e24f7cede5
Clarify the description of the Merkle path check in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-24 16:14:28 +01:00
Daira Hopwood
066d424d3a
Correct the input to H⊛ used to derive the nonce r in RedDSA.Sign, from T || M to T || _vk_ || M.
...
This matches the sapling-crypto implementation; the spec was unintentionally changed in 2018.0-beta-20.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-24 16:14:28 +01:00
Daira Hopwood
34c6a5c0d6
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 16:47:28 +01:00
Daira Hopwood
c04c0542e8
Cosmetics (pagination in Appendix A).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 16:44:31 +01:00
Daira Hopwood
bb52ce246c
Clarify notation in the proof of A.3.3.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 15:44:11 +01:00
Daira Hopwood
223b8db3a7
Minor tweak to the statement of Theorem A.3.4 to make the contradiction clearer.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 11:22:49 +01:00
Daira Hopwood
da7c6fe190
Correct the statement and proof of Theorem A.3.2.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 11:21:02 +01:00
Daira Hopwood
25b64382e4
Clarify the notes concerning domain separation of prefixes for MerkleCRH^Sapling and NoteCommit^Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 11:00:45 +01:00
Daira Hopwood
2a7002a010
Add the QED-it report to the acknowledgements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 10:45:19 +01:00
Daira Hopwood
bc48ebe898
Improved cross-referencing in Pedersen hash section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 10:43:48 +01:00
Daira Hopwood
74c39f073d
Correct a use of \GroupJ that should have been \MontCurve.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 10:34:56 +01:00
Daira Hopwood
691922ebd1
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 10:27:34 +01:00
Daira Hopwood
dc81e21c2b
Correct uses of LEOS2IP_l in RedDSAVerify and RedDSABatchVerify to ensure l is a multiple of 8.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 10:27:34 +01:00
Daira Hopwood
5524822ed5
Correct some uses of r_J that should have been r_S or q.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 10:27:34 +01:00
Daira Hopwood
dc41de37f3
Avoid clashing notation. Refer to the Montgomery form of Jubjub as \mathbb{M}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-10-01 10:27:34 +01:00
Noah Vesely
ace2fbe622
Add missing 'can'
2018-09-10 16:19:53 -07:00
Daira Hopwood
88e255b63f
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-09-02 09:06:22 +01:00
Daira Hopwood
3ecbe6b903
The rest for beta-30 (sorry, I have a flight to catch).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-09-02 09:06:22 +01:00
Daira Hopwood
b909f2a482
Add dates to Change History.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-09-02 09:06:22 +01:00
Daira Hopwood
a1f90a56cf
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-09-02 09:06:22 +01:00
Daira Hopwood
bfc9ba5b21
Add security argument about DiversifyHash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-09-02 09:06:22 +01:00
Daira Hopwood
5fd898adea
Makefile fixes and improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-09-02 09:06:22 +01:00
Daira Hopwood
5361fc591e
Cosmetics (pagination in Appendix A).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-09-02 09:06:22 +01:00
Daira Hopwood
2cf4dfacef
Correct the description of the N-ary AND optimization (not used in Sapling):
...
a run of N-1 one bits in c yields an N-ary AND.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-09-02 09:06:22 +01:00
Daira Hopwood
58a12371d1
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-15 15:42:35 +01:00
Daira Hopwood
3049a53843
Remove a resolved TODO.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-15 15:40:35 +01:00
Daira Hopwood
4d1cb63baf
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-15 15:38:15 +01:00
Daira Hopwood
8364aff29c
Change the description of BLAKE2s to correct the constraint count and to describe batched equality checks performed by the sapling-crypto implementation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-15 15:07:23 +01:00
Daira Hopwood
ad0479ac77
Finish the description of range checks in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-15 14:52:50 +01:00
Daira Hopwood
bc6a430edc
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-14 10:45:52 +01:00
Daira Hopwood
0351335662
Minor corrections to affine Edwards variable-base multiplication in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-14 10:43:05 +01:00
Daira Hopwood
3b16c62958
Finish the Appendix A description of BLAKE2s.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-14 10:41:40 +01:00
Daira Hopwood
5d8fe05d37
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 17:21:08 +01:00
Daira Hopwood
10019825e9
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:57:38 +01:00
Daira Hopwood
324d634a29
Define "represented subgroup".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:57:23 +01:00
Daira Hopwood
36bcc8f3f0
Correct the Change History entry of this version for Sprout.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:57:07 +01:00
Daira Hopwood
745da1e36d
Minor improvement to the type of z_j used in RedDSA batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:35:58 +01:00
Daira Hopwood
a902df4c5c
Correct the description of Groth16 batch verification
...
to explicitly take account of how verification depends on primary inputs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:35:26 +01:00
Daira Hopwood
f90012ce5e
Clarify order checking for proof elements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:33:03 +01:00
Daira Hopwood
05d72a4b71
Add Charles Rackoff, Rafail Ostrovsky, and Amit Sahai to the acknowledgements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:30:21 +01:00
Daira Hopwood
998cb2ff95
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:28:59 +01:00
Daira Hopwood
81598de991
Notational changes:
...
- Use a superscript (r) to mark the subgroup order, instead of a subscript.
- Use G^{(r)∗} for the set of r_G-order points in G.
(r)
- Mark the subgroup order in pairing groups, e.g. use G_1^{(r)} instead of G_1.
- Make the bit-representation indicator (five-pointed star) an affix instead of a superscript.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:24:15 +01:00
Daira Hopwood
b605fe1061
Cosmetics and minor wording improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-11 21:09:53 +01:00
Daira Hopwood
b2f42d987c
Macro simplifications.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-11 21:05:19 +01:00
Daira Hopwood
0a1a01513f
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 17:31:42 +01:00
Daira Hopwood
ade889eef7
Add an appendix on Groth16 batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 17:30:04 +01:00
Daira Hopwood
2e74200366
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 17:29:44 +01:00
Daira Hopwood
ef1cee8dcf
Regenerate PDFs. Also fix a Makefile problem: protocol.pdf can't be a symlink
...
because GitHub doesn't follow symlinks, so links to protocol.pdf would break.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 16:05:40 +01:00
Daira Hopwood
34cf757891
Add the hashes of parameter files for Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:06:52 +01:00
Daira Hopwood
af90f0c4af
Add cross references for RedDSA batch verification appendix.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:06:26 +01:00
Daira Hopwood
7450495335
Cosmetics: fix a warning about Unicode in headings.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:03:46 +01:00
Daira Hopwood
996045013e
Makefile: name the Sprout version as sprout.pdf and link protocol.pdf to the Sapling verison.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:02:24 +01:00
Daira Hopwood
d5c79e2592
Put the change history back in the correct order (beta-23 and -24 were reversed).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 08:54:03 +01:00
Daira Hopwood
ff397a6aff
Add a missing consensus rule for v4 transactions: if there are no Sapling spends or outputs, valueBalance MUST be 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-31 03:47:26 +01:00
Daira Hopwood
854f6eddcc
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
Daira Hopwood
2f0c68b616
Add an appendix on RedDSA batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
Daira Hopwood
90692541aa
Update RedDSA verification to use cofactor multiplication.
...
This is necessary in order for the output of batch verification to match unbatched verification in all cases.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
Daira Hopwood
ea61325c25
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
4d8031f659
Make the Sprout version of the spec say [Sprout] in the version.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
e1ee4e615e
Updates to take account that Overwinter has activated.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
89c05c0303
The recommendation for transactions without JoinSplit descriptions to be v1
...
applies only before Overwinter, not before Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
71617341c9
Wording improvements for the effect of upgrades on sighash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
c2b8ba2052
Rename nuzero macro names to overwinter.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
45f9005714
Add TODO to check whether the circuit sometimes omits curve checks.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
f11a24afc3
Delete or clarify unused optimizations in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
6e4a9455df
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
128a4fc862
Cross-reference PRF^ock for Sapling encryption.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
53e6f29d18
Clarify the selection of ovk in sending Sapling notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
699a78e749
Clarify the use of cv^new and cm^new in sending Sapling notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
b0b1f60cc2
Reword the conclusion from theorem A.3.4 for precision.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
0200f63ace
Complete the proof of theorem A.3.4.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
dcd929291a
Add note about the nonsmall-order check on rk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
db3ea270c5
The \difference macro was not used consistently; use \setminus instead.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
45b7cc8047
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:57:30 +01:00
Daira Hopwood
92eb6c5751
Correct the conformance requirement for fOverwintered.
...
This addresses a Least Authority issue.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
f3ba658772
Note which conformance requirements of BIP 173 (Bech32) apply.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
da5909bff5
Improve acknowledgements section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
911bc3a9ed
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
52428befa7
Correct an error in RedDSA.Verify: vk is given, not computed from sk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
432e39ee4c
Correct the argument that the sum of value commitments is in range.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
001474760a
Corrections related to outgoing viewing keys and ciphertexts.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
398cc64619
Add section on signature hashing, and a note on malleability of proofs.
...
Also describe the changes in sighash computation relative to Bitcoin.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
be632b4a21
P2PKH addresses use a hash of a compressed, not an uncompressed ECDSA key representation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
d1a6e2809d
Say that Sprout interstitial treestates form a tree.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
e083d27e82
Add a consensus rule that valueBalance is in the range {-MAX_MONEY..MAX_MONEY}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:48 +01:00
Daira Hopwood
4525a1fffd
Refine the caveat about the claimed security of shielded transactions.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:48 +01:00
Daira Hopwood
7aa8765dc0
Enforce stronger constraints on the types of pk_d, ak, nk, cv, epk, and rk, and ensure esk is not zero when encrypting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:43 +01:00
Daira Hopwood
0617ca2aae
Instantiate PRF^ock, and correct some types. Also enforce that esk is canonical.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:48:25 +01:00
Daira Hopwood
eb6a8c7d62
Type changes for cmu in an Output description.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:14:27 +01:00
Daira Hopwood
57f16ea6da
Refactoring/type changes for commitment randomness and outputs.
...
This also affects the type of Sapling note plaintexts.
Includes potential consensus changes (which *should* match the implementation)!
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:14:16 +01:00
Daira Hopwood
cb730f241e
Wording, cross-referencing, and minor type improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:11:46 +01:00
Daira Hopwood
8dd6074164
More cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:11:46 +01:00
Daira Hopwood
1f02902d6e
Clarify that the square root notation refers to the positive square root.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:11:46 +01:00
Daira Hopwood
8c80decd3b
Group Hash and DiversifyHash refactoring. Also fix an error in the definition of set difference.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:11:30 +01:00
Daira Hopwood
f480f351b7
Generalize PRF^expand to accept an arbitrary-length input.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
0334dde7a2
Resolve a potential ambiguity in use of the ?: notation by adding parentheses.
...
This addresses a Least Authority comment.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
a35f4275a1
Clarify the wording of the abstract.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
da298474ea
Add Jubjub bird image to the title page and cite Carroll references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
4a144dec07
Change the background for the Overwinter and Sapling spec to white, indicating that it is no longer a draft.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
c9f6d7ae07
Change the notation for a multiplication constraint to avoid potential confusion with cartesian product.
...
This addresses a Least Authority comment.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
51c84b7556
Cosmetics, mainly spacing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
6199179685
Bibliography cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
8abebf4296
Type corrections and precision improvements. Also add more cross-references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
4035e4c5e0
Correct a reference.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
11163742b7
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
ce35640ec0
Remove the consensus rule "If nJoinSplit > 0, the transaction MUST NOT use SIGHASH types other than SIGHASH_ALL.",
...
which was never implemented.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
32b696b875
Makefile refinements (have LaTeX halt immediately on error).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
948c910987
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:30:47 +01:00
Daira Hopwood
ae491d4a4b
cm in an Output description encodes only the u-coordinate of the note commitment, not the full curve point.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:28:08 +01:00
Daira Hopwood
48d9fcbc79
Change the notation H^\star to H^\circledast in the description of RedDSA, to avoid confusion with the ^\star convention for representations of group elements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:20 +01:00
Daira Hopwood
1c61ec5cf9
Correct a reference to RedDSA.RandomizePrivate that was intended to be RedDSA.RandomizePublic.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:20 +01:00
Daira Hopwood
30f4dfc545
Correct an error in the computation of generators for Pedersen hashes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:20 +01:00
Daira Hopwood
62f0c6a49b
Correct the statement about FindGroupHash^J never returning \bot.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:20 +01:00
Daira Hopwood
b59e8d45b5
Minor improvements to cross-references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:20 +01:00
Daira Hopwood
d236700a8d
Ensure \AuthSignBase (\mathcal{G}) is defined where used.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:13 +01:00
Daira Hopwood
df02fcf9ac
Make the public key prefix part of the input to the hash function in RedDSA, not part of the message.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:14:07 +01:00
Daira Hopwood
0517e2dc3a
Change terminology describing constraint systems.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:14:07 +01:00
Daira Hopwood
05094f8641
Correct a type error in RedDSA.Sign.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:14:07 +01:00
Daira Hopwood
3c0198fb99
Correct a type error in the definition of GroupHash^J.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:14:06 +01:00
Daira Hopwood
5dce44d0a0
Fix the description of the Sapling balancing value.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:14:06 +01:00