Daira Hopwood
44ad348ce6
Regenerate PDFs.
2021-05-20 22:27:53 +01:00
Daira Hopwood
c3f48359e6
Clarify that v4 transactions continue to use the ZIP 243 SIGHASH algorithm after NU5 activation.
...
fixes #510
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 22:23:19 +01:00
Daira Hopwood
572a0d6e4f
Regenerate PDFs.
2021-05-20 22:02:23 +01:00
Daira Hopwood
0ab0bcb7cb
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:57:49 +01:00
Daira Hopwood
eb5a018396
Note that [JT2020] proves a tight reduction from finding a nontrivial discrete log relation to DLP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:57:03 +01:00
Daira Hopwood
b6e50f8252
Clarify the distinction between Orchard incoming viewing keys and KA^Orchard private keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:47:34 +01:00
Daira Hopwood
e7ec658413
Cosmetics and indexing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:45:59 +01:00
Daira Hopwood
c90528fa5c
Change the notation \mathcal{I}^D_i for a Sapling Pedersen generator to \mathcal{I}(D, i).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 21:11:09 +01:00
Daira Hopwood
9f948307cf
Change the type of Orchard Merkle hashes to \mathbb{P}_x, with a corresponding change to the
...
signature of MerkleCRH^Orchard. Add a note to \crossref{merklepath} clarifying that non-canonical
encodings are allowed as input to MerkleCRH^Orchard.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 21:07:10 +01:00
Daira Hopwood
67cea8589a
Add a note to \crossref{merklepath} clarifying the encoding of rt^Sapling as a primary input to
...
the Sapling spend circuit, and that non-canonical encodings are allowed as input to MerkleCRH^Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 20:39:42 +01:00
Daira Hopwood
c5589648c1
Cosmetics (vertical spacing for the non-NU5 spec).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 15:37:06 +01:00
Daira Hopwood
79d1a477db
Add Change History entry for the correction to the size of vActionsOrchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 15:37:06 +01:00
teor
3f3195eb5c
Fix Orchard Action byte size
...
Since the signature is now separate, the size is 64 bytes smaller.
2021-05-18 15:37:06 +01:00
Daira Hopwood
e9430c3752
Regenerate PDFs.
2021-05-07 16:41:22 +01:00
Daira Hopwood
74c83f6d59
Set history entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:22 +01:00
Daira Hopwood
205b2f5861
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:22 +01:00
Daira Hopwood
d0caaa2ee9
Clarify that transparent inputs are prohibited in coinbase transactions only if they have a non-null `prevout` field. closes #498
...
Co-authored-by: teor <teor@riseup.net>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:13 +01:00
teor
330254c9ca
Add ZIP-244 block commitments as a consensus rule. closes #499
...
It's currently just a note, which makes it look like the Heartwood rule might still apply.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:34:36 +01:00
Daira Hopwood
296b8e6543
Make "Discrete Logarithm Problem" and "Decisional Diffie–Hellman Problem" indexed terms.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
1db1224657
Unlinkability of diversified addresses depends on DDH, not DLP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
4353accc0e
Add [Canopy onward] and [NU5 onward] to a couple of notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
e4af6e42a0
State explicitly that valueBalanceOrchard can only be negative in a coinbase transaction if
...
it has ZIP 213 shielded outputs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
639a554a04
Change the statement of Theorem 5.4.3 to exclude ⊥ outputs from SinsemillaHashToPoint.
...
Previously the proof did not match the statement.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
d7bd67900a
Update the list of ZIPs relevant to NU5 in \crossref{networkupgrades}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
00c39b73e0
Delegate to ZIP 316 for the specification of unified payment addresses and unified viewing keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
38b740aad2
Caveat how the result of \cite{GG2015} applies to analysis of PRF^nfOrchard in \crossref{concreteprfs}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
4804f6040e
Add a paragraph to \crossref{truncation} covering Orchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
748e6f8f37
Typo.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
35c8af6e47
DJB's "High-speed cryptography" book seems completely stalled.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
58add67726
* Specify that diversifier indices for Orchard should be chosen uniquely, not randomly.
...
* Vanity diversifiers are not an issue for Orchard given that it does not have its own
payment address format, and given the use of "jumbling" (ZIP 316) in unified addresses.
Remove the corresponding note from \crossref{orchardkeycomponents}.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
2cf14204ae
Clarify the definition of pad in \crossref{concretesinsemillahash} by disambiguating M^pieces from M^padded.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
ac16945288
Clarify notation by changing ℓ_rcm to ℓ^Sprout_rcm.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
3034a2a662
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
adc28d2bb1
Include ρ as an input to the derivation of ψ, esk, and rcm in Orchard.
...
This was originally intended and as described in Section 3.5 of the Orchard Book.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
76c8a4689a
Regenerate PDFs.
2021-04-23 22:39:41 +01:00
Daira Hopwood
71a19e7484
Clarify that only an outgoing cipher key is strictly needed to decrypt an outgoing ciphertext.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
Daira Hopwood
27aa7c484a
Remove an unused precomputation in \crossref{concretegrouphashpallasandvesta}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
Daira Hopwood
ecba2451bc
Include the diversifier key in an encoded Orchard Incoming Viewing Key.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
Daira Hopwood
4dbf2f02d4
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
Daira Hopwood
710fee607a
Add the nConsensusBranchId field to v5 transactions, matching the consensus branch ID
...
used for SIGHASH transaction hashes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
Daira Hopwood
10710d92a6
Explicitly say that coinbase transactions MUST NOT have transparent inputs
...
(this is a consensus rule inherited from Bitcoin which has been present since launch).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
Daira Hopwood
2e6cdb3945
Regenerate PDFs.
2021-04-19 00:36:48 +01:00
teor
0cfeea2ecb
Use a different symbol for each v5 Sapling field cardinality rule.
...
Currently, the spec uses the double dagger symbol for both:
* present if and only if `nSpendsSapling + nOutputsSapling > 0`;
* present if and only if `nSpendsSapling > 0`.
To avoid confusion, use dagger for the first rule, and double dagger for the second rule.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:32:00 +01:00
Daira Hopwood
1c46e9aa5d
Add Change History entries for already committed changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:18:47 +01:00
Daira Hopwood
c4d7331191
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
Daira Hopwood
65590101a8
When creating Orchard notes, repeat with another rseed if cm is \bot.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
Daira Hopwood
3d230f8d26
Type corrections for Orchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
Daira Hopwood
15d59f11c4
Add note about non-uniformity of Orchard ivk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
Daira Hopwood
119abe37c3
ExtractP(\ZeroP) should be 0, and ExtractP^\bot(\bot) should be \bot.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
Daira Hopwood
1df0f60deb
Add support for link checking to protocol/links_and_dests.py and protocol/Makefile.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00