zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,757 Commits 43 Branches 258 Tags 570 MiB
Commit Graph

1107 Commits

Author SHA1 Message Date
Daira Hopwood 4ef578706b In \crossref{internalh}, add a security argument for why the SHA-256-based commitment scheme 
NoteCommit^Sprout is binding and hiding, under reasonable assumptions about SHA256Compress.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-01-19 18:09:23 +00:00
Daira Hopwood 0cdab5071b In \crossref{joinsplit}, clarify that balance for JoinSplit transfers is enforced by the 
JoinSplit statement, and that there is no consensus rule to check it directly.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-01-19 18:09:23 +00:00
Daira Hopwood 02adb44328 Set Change History entry date, and update version year to 2022. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-01-03 22:15:14 +00:00
Daira Hopwood b57f6d1487 Correct the note about domain separators for PRF^expand in \crossref{abstractprfs}, 
and ensure that new domain separators for deriving internal keys from ZIPs 32 and 316 are included.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-01-03 22:15:14 +00:00
Daira Hopwood cf1995c2ed Fix stale links, and correct the accenting of [MÁEÁ2010]. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-01-03 22:15:14 +00:00
Daira Hopwood 59a220d59e Change the types of cm_x, Uncommitted^Orchard, and ak in Orchard to { 0 .. q_P-1 }, 
avoiding type errors and reflecting the implementation in zcashd. This eliminates all uses of P_x
(except that ak in an Orchard full viewing key is still required to be a valid Pallas affine
x-coordinate). Also clarify the coordinate system whenever we refer to coordinates.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-01-03 22:15:14 +00:00
Daira Hopwood b6e00e0d41 Refine the security argument in the note about partitioning oracle attacks. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2022-01-03 22:15:14 +00:00
Daira Hopwood 82c4e49155 Set Change History entry date. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-12-01 18:09:12 +00:00
Daira Hopwood d6a33fc056 Add note about resistance of note encryption to partitioning oracle attacks \cite{LGR2021}. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-12-01 18:09:12 +00:00
Daira Hopwood 67a4b35dcd Add acknowledgement to Sasha Meyer. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-12-01 18:09:12 +00:00
Daira Hopwood eab1ef1a1a Add acknowledgement to Mihir Bellare for contributions to the science of zero-knowledge proofs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-12-01 18:09:12 +00:00
Daira Hopwood 36252cebf6 Add "note commitment scheme" as a term. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-12-01 18:09:12 +00:00
Daira Hopwood 089a9cb8be Make consistent use of "spending authority", and add this term to the index. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-12-01 18:09:12 +00:00
Daira Hopwood 4da403f470 Add notes in each Appendix B that z_j may be sampled from {0 .. 2^{128}-1} instead of {1 .. 2^{128}-1}. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-12-01 18:09:12 +00:00
Daira Hopwood b1a707e963 Set Change History entry date. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-30 16:56:40 +01:00
Daira Hopwood bab61e8ecf Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-30 16:56:40 +01:00
Daira Hopwood 97fa264611 * Witness g_d^new and pk_d^new in Orchard as non-identity Pallas points, rather than witnessing 
their representations as bit sequences.
* Note that ak^P in Orchard cannot be the identity.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-30 16:56:40 +01:00
Daira Hopwood 7bf094e827 * Use complete addition in SinsemillaCommit. 
* Correct the proof of Theorem 5.4.6.
* Change the type of cm_old in Orchard to P rather than P*, i.e. allow the identity point.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-30 16:56:40 +01:00
Daira Hopwood 06706937d5 Change the type of rt^Orchard from P_x to {0..q_P-1}. This reflects the zcashd implementation; 
also checking rt^Orchard \in P_x would require a square root and is unnecessary.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-30 16:56:40 +01:00
Daira Hopwood b8f83aac4b Correct the consensus rule about the maximum value of outputs in a coinbase transaction: 
it should reference the block subsidy rather than the miner subsidy.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-30 16:56:40 +01:00
Daira Hopwood 5688e5cbbd Fix some cross-references. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-30 16:56:40 +01:00
Daira Hopwood c871d448ce Set Change History entry date. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 13:26:34 +01:00
Daira Hopwood 21f384dcda Fix URL links to \cite{BBDP2001} and \cite{BDJR2000}. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 13:26:34 +01:00
Daira Hopwood a5c4f139c9 protocol/links_and_dests.py: Some DOI links (i.e. to https://doi.org/) redirect to link.springer.com 
in a way that requires cookies (booo!). We allow this for DOI links, but for all other links we
simulate a client that never sets cookies.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 13:19:33 +01:00
Daira Hopwood 0d2b01e602 Cosmetics (captialization of ZKProof). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 11:44:16 +01:00
Daira Hopwood b7f0a0bd0d Correct a minor error in the proof of \theoremref{thmsinsemillacr}: 
the condition SinsemillaHashToPoint(D, M) ≠ ⊥ is required in the proof.
(The case SinsemillaHashToPoint(D, M) = ⊥ is covered by \theoremref{thmsinsemillaex}.)
The proof had not been updated correctly when the statement was revised in v2021.2.0.
Also add a missing D argument to SinsemillaHashToPoint in that proof.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 11:44:16 +01:00
Daira Hopwood 324c9ae7b9 Add \zcashdref for referencing zcashd versions (also \zebraref which is currently unused). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 11:44:16 +01:00
Daira Hopwood 7e5272e70b Add \historyref for referencing Change History versions. 
Also fix an incorrect reference to v2019.0-beta-40 that should be v2019.0.0.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-09-01 11:44:16 +01:00
Daira Hopwood 3ebba2652a Set Change History entry date. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-08-12 21:44:17 +01:00
Daira Hopwood 8f8ef49618 Add Change History entry for fixing [ZIP-239] in the References. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-08-12 21:43:39 +01:00
Daira Hopwood 219a4ef253 Clarify wording in the Change History entry for v2021.2.13. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-08-12 21:38:20 +01:00
Daira Hopwood 8718157af0 Reword the reference to a Sapling full viewing key in \crossref{saplingdummynotes} 
(the full viewing key would include ovk, although it is not used in that section).

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-08-12 21:37:35 +01:00
Daira Hopwood 045a3a9e54 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-29 17:30:21 +01:00
Daira Hopwood a6fd0153d2 Add a consensus rule in \crossref{merkletree} that a block MUST NOT add note commitments that 
exceed the capacity of each of the Sprout, Sapling, and Orchard note commitment trees.

Also add a cross-reference for constants used in \crossref{merkletree}.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-29 17:30:21 +01:00
Daira Hopwood 1aefc848bf Change the number of partial rounds, R_P, for Poseidon from 58 to 56. 
This matches the number calculated by `calc_round_numbers.py` (for 128-bit security "with margin")
in Version 1.1 of the Poseidon reference implementation.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-29 15:43:24 +01:00
Daira Hopwood 411f39e231 Change the definition of inputs to the action circuit to split enableSpends and enableOutputs 
into two field elements.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-20 06:00:31 +01:00
Daira Hopwood 36e2059de0 Set Change History entry date. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-13 15:50:46 +01:00
Daira Hopwood ffd97926a8 Clarify in \crossref{transactions} that the remaining value in a transparent transaction value pool 
is only available to miners as a fee in the case of non-coinbase transactions, and that the remaining
value in the transparent transaction value pool of a coinbase transaction is destroyed.

Co-authored-by: Teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-13 15:50:46 +01:00
teor e628134536 Make heightBytes encoding match NU5 coinbase nExpiryHeight 
Since nExpiryHeight is limited to `2^32 - 1`, heightBytes is limited to 5 bytes.

Co-authored-by: Teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-13 15:50:46 +01:00
Daira Hopwood 819761ef67 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-13 15:50:46 +01:00
Daira Hopwood 8c7b2f2a95 Add cross-references for CanopyActivationHeight, ZIP212GracePeriod, and BlockHeight. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-13 15:50:46 +01:00
Daira Hopwood 0ad0d3d57a Clarify that decomposition of scalars for scalar multiplication in the action circuit MUST be canonical, 
unless a non-canonical decomposition can be proven to result in an equivalent statement -- and clarify
for which multiplications the latter case applies.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-13 15:50:46 +01:00
Daira Hopwood f97ef3ae72 Remove a spurious reference to rseed in \crossref{sproutinband}. There were no changes for Sprout in ZIP 212. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-13 15:50:46 +01:00
Daira Hopwood fb83397ad7 Set the Change History entry date. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-01 19:54:54 +01:00
Daira Hopwood 2814e00a1a Cosmetics and cross-referencing improvements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-01 19:54:54 +01:00
Daira Hopwood 4821afe9ba Add a clarification in \crossref{txnconsensus} that after Heartwood and before Canopy activation, 
Sapling outputs of a coinbase transaction MUST have note plaintext lead byte equal to 0x01.
This was implied by the existing rule that such outputs MUST decrypt successfully with an
all-zero outgoing viewing key.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-01 19:54:54 +01:00
Daira Hopwood 172573e686 Correct an erroneous statement in \crossref{transactions} that claimed transaction IDs are not part 
of the consensus protocol.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-01 19:54:54 +01:00
Daira Hopwood 55052e4e54 Add a consensus rule for version 5 or later transactions, that if `nActionsOrchard` > 0 then 
at least one of `enableSpendsOrchard` and `enableOutputsOrchard` MUST be 1.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-01 19:54:54 +01:00
Daira Hopwood 3f9ede243b Replace "must" with "MUST" in two consensus rules specified in \crossref{txnencoding}. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-01 19:54:54 +01:00
Daira Hopwood 7102635fc6 Correct l to l⋆ in two places in \crossref{saplingmerklecrh}. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2021-07-01 19:54:54 +01:00