8364aff29c
Change the description of BLAKE2s to correct the constraint count and to describe batched equality checks performed by the sapling-crypto implementation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-15 15:07:23 +01:00
ad0479ac77
Finish the description of range checks in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-15 14:52:50 +01:00
bc6a430edc
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-14 10:45:52 +01:00
0351335662
Minor corrections to affine Edwards variable-base multiplication in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-14 10:43:05 +01:00
3b16c62958
Finish the Appendix A description of BLAKE2s.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-14 10:41:40 +01:00
5d8fe05d37
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 17:21:08 +01:00
10019825e9
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:57:38 +01:00
324d634a29
Define "represented subgroup".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:57:23 +01:00
36bcc8f3f0
Correct the Change History entry of this version for Sprout.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:57:07 +01:00
745da1e36d
Minor improvement to the type of z_j used in RedDSA batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:35:58 +01:00
a902df4c5c
Correct the description of Groth16 batch verification
...
to explicitly take account of how verification depends on primary inputs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:35:26 +01:00
f90012ce5e
Clarify order checking for proof elements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:33:03 +01:00
05d72a4b71
Add Charles Rackoff, Rafail Ostrovsky, and Amit Sahai to the acknowledgements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:30:21 +01:00
998cb2ff95
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:28:59 +01:00
81598de991
Notational changes:
...
- Use a superscript (r) to mark the subgroup order, instead of a subscript.
- Use G^{(r)∗} for the set of r_G-order points in G.
(r)
- Mark the subgroup order in pairing groups, e.g. use G_1^{(r)} instead of G_1.
- Make the bit-representation indicator (five-pointed star) an affix instead of a superscript.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:24:15 +01:00
b605fe1061
Cosmetics and minor wording improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-11 21:09:53 +01:00
b2f42d987c
Macro simplifications.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-11 21:05:19 +01:00
0a1a01513f
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 17:31:42 +01:00
ade889eef7
Add an appendix on Groth16 batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 17:30:04 +01:00
2e74200366
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 17:29:44 +01:00
ef1cee8dcf
Regenerate PDFs. Also fix a Makefile problem: protocol.pdf can't be a symlink
...
because GitHub doesn't follow symlinks, so links to protocol.pdf would break.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 16:05:40 +01:00
34cf757891
Add the hashes of parameter files for Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:06:52 +01:00
af90f0c4af
Add cross references for RedDSA batch verification appendix.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:06:26 +01:00
7450495335
Cosmetics: fix a warning about Unicode in headings.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:03:46 +01:00
996045013e
Makefile: name the Sprout version as sprout.pdf and link protocol.pdf to the Sapling verison.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:02:24 +01:00
d5c79e2592
Put the change history back in the correct order (beta-23 and -24 were reversed).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 08:54:03 +01:00
ff397a6aff
Add a missing consensus rule for v4 transactions: if there are no Sapling spends or outputs, valueBalance MUST be 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-31 03:47:26 +01:00
854f6eddcc
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
2f0c68b616
Add an appendix on RedDSA batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
90692541aa
Update RedDSA verification to use cofactor multiplication.
...
This is necessary in order for the output of batch verification to match unbatched verification in all cases.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
813a8891d1
Rename EncodeFVKParts to EncodeXFVKParts, since its input includes dk which is only part of an extended full viewing key.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 14:48:33 +01:00
511c2eb1e0
Fix a link.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
eb60b41f20
Seeds for Sprout master keys must also be at least 32 bytes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
5cdc69196a
Factor out Sprout a_sk encoding/decoding into helper functions.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
3018efc0f3
Correct the encoding of a_sk,par for Sprout child derivation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
777d82a26f
Factor out the encoding of extended {spending key, full viewing key} parts and make it more precise.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
6f966489b8
Correct the derivation of a Sapling child full viewing key's nk, and define the bases G and H.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
1b04d74cde
Remove unintended addition of a reference to the non-existant (yet) ZIP 173.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
6e9a79604c
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
42506f08bd
Define DiversifyHash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
ebecd8c1ff
Clarify the encoding of a_sk in a Sprout extended spending key. Also exclude lead bytes, and swap ASK and c for consistency with Sapling formats and BIP 32.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
5881d3c211
Define depth, parent tag, and i for master keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
7002be59fa
Clarify the interpretation of I_L in Sprout key derivation.
...
This also fixes a cut-and-paste error (a child chain code is c_i, not c_m).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
ba56f26b4d
Explain that some diversifiers are invalid, and correct the definition of default diversifier.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
5788c120e7
Rename s_m to sk_m.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
633436cff6
Specify that the seed MUST be at least 32 bytes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
d65629f7a1
Clarify the relation to existing use of BIPs 32 & 44.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
0034331888
Add MUST NOT to Terminology.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
918ea38834
Fix a cut-and-paste error.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
b9e6ed7e1a
Another formatting improvement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood