zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,225 Commits 41 Branches 258 Tags 1.2 GiB
Commit Graph

99 Commits

Author SHA1 Message Date
Jack Grigg 606abd14e2
Be explicit about supported range for the Sapling key path 2018-09-18 11:40:19 +01:00
Jack Grigg 44e9c03d45
dk_i -> dk in "Diversifier derivation" section 2018-09-18 11:39:52 +01:00
Jack Grigg 1f7b5120f1
Clarify that dk is not part of the standard Sapling derivation 2018-09-18 11:38:54 +01:00
Jack Grigg a414e4e7d3
Pull in definition of hardened notation 2018-09-18 11:37:55 +01:00
Jack Grigg 55e3cd177e
Clarify wording about default payment addresses 2018-09-18 11:25:12 +01:00
Daira Hopwood 2eec56d936 Add specification for seed fingerprints. 2018-09-01 18:39:41 +01:00
Daira Hopwood 08b8427e91 Don't use 'X' to abbreviate 'extended', since it is ambiguous with 'expanded'. 2018-09-01 18:39:08 +01:00
Daira Hopwood 2aee30ca10 Use the same notation for r_J as the spec. 2018-09-01 18:36:39 +01:00
Daira Hopwood 813a8891d1 Rename EncodeFVKParts to EncodeXFVKParts, since its input includes dk which is only part of an extended full viewing key. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 14:48:33 +01:00
Daira Hopwood 511c2eb1e0 Fix a link. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood eb60b41f20 Seeds for Sprout master keys must also be at least 32 bytes. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 5cdc69196a Factor out Sprout a_sk encoding/decoding into helper functions. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 3018efc0f3 Correct the encoding of a_sk,par for Sprout child derivation. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 777d82a26f Factor out the encoding of extended {spending key, full viewing key} parts and make it more precise. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 6f966489b8 Correct the derivation of a Sapling child full viewing key's nk, and define the bases G and H. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 1b04d74cde Remove unintended addition of a reference to the non-existant (yet) ZIP 173. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 6e9a79604c Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 42506f08bd Define DiversifyHash. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood ebecd8c1ff Clarify the encoding of a_sk in a Sprout extended spending key. Also exclude lead bytes, and swap ASK and c for consistency with Sapling formats and BIP 32. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 5881d3c211 Define depth, parent tag, and i for master keys. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 7002be59fa Clarify the interpretation of I_L in Sprout key derivation. 
This also fixes a cut-and-paste error (a child chain code is c_i, not c_m).

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood ba56f26b4d Explain that some diversifiers are invalid, and correct the definition of default diversifier. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 5788c120e7 Rename s_m to sk_m. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 633436cff6 Specify that the seed MUST be at least 32 bytes. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood d65629f7a1 Clarify the relation to existing use of BIPs 32 & 44. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 0034331888 Add MUST NOT to Terminology. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 918ea38834 Fix a cut-and-paste error. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood b9e6ed7e1a Another formatting improvement. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 3e884f9579 Fix formatting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 52eac8c2c1 Put human-readable parts in monospace. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 0fc7c704a7 Add specifications of key fingerprints, tags, and encodings. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 6f85acb9b1 Specify the range of j when generating diversifiers. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood b3c051eb4f Say that ZIP 32 does not supplant the use of BIPs 32 & 44 for transparent addresses. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 8a49de84f6 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood de065cf344 Update another reference to the Sapling spec version. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood ff5affbc77 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood f94b9a4c67 Define r_J. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 1b3ea422fe Reference version 2018.0-beta-21 or later of the Sapling protocol spec. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Daira Hopwood 3f2815838e Cosmetic improvements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
Jack Grigg da683d31b9 Remove hardening from example public-key HD path 
Hardened derivation is undefined for an extended FVK
 2018-07-25 00:32:43 +01:00
Daira Hopwood 9596aedaa0 ZIP 32: use FF1-AES256 as the PRP. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-25 00:32:43 +01:00
str4d a01dbbbcbc Note that ZIP 32 is consistently little-endian 2018-07-25 00:32:43 +01:00
str4d f07b6d2613 Define how to derive diversifiers from Sapling extended keys 2018-07-25 00:32:43 +01:00
str4d efd68a4474 Define I2LEOSP_l(k) and use it to encode the child key indices 
Note that this means they are encoded in little-endian order, which is the
opposite of BIP 32.
 2018-07-25 00:32:43 +01:00
str4d aa36706f38 Fix usage of LEOS2IP in definition of ToScalar 2018-07-25 00:32:43 +01:00
str4d c73733ae13 Define a diversifier key dk 2018-07-25 00:32:43 +01:00
str4d 4ed0316834 Use byte sequences for constant single-byte inputs to PRF_expand 2018-07-25 00:32:43 +01:00
str4d a5309ed60e Address Daira's comments 2018-07-25 00:32:43 +01:00
str4d 9a87098e0c ZIP 32: Shielded Hierarchical Deterministic Wallets 2018-07-25 00:32:43 +01:00