zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,812 Commits 43 Branches 258 Tags 512 MiB
Commit Graph

961 Commits

Author SHA1 Message Date
Daira Hopwood b934946949 Revert "ZIP 207 changes" 
This reverts commit d6ed011d5e.

Co-authored-by: Jack Grigg <jack@z.cash>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-05-01 10:43:05 +01:00
Daira Hopwood 7f17eaaab1 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:28:39 +01:00
Daira Hopwood 395af7f309 Cosmetics and Change History date. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:24:36 +01:00
Daira Hopwood 18184803f4 The block time is not 2.5 minutes after Blossom activation. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:24:16 +01:00
Daira Hopwood 6d714ee508 Add acknowledgement to Mary Maller for the observation that 
diversified address unlinkability can be proven in the same
way as key privacy for ElGamal.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:23:54 +01:00
Daira Hopwood 81b9eaf515 Zerocoin Electric Coin Company -> Electric Coin Company. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:22:46 +01:00
Daira Hopwood 4faaf8d305 Use "ctEdwards" to refer to complete twisted Edwards curves. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:21:22 +01:00
Daira Hopwood b4e384cb22 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:17:05 +01:00
Daira Hopwood e47ed372d4 Add Change History entries for protocol spec README and Makefile. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:06:41 +01:00
Daira Hopwood 3c0fd3f56c Update protocol/README.rst for Blossom changes. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:04:35 +01:00
Daira Hopwood 03e3e19a4f Update git commits for sam2p and pdfsizeopt. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:03:40 +01:00
Daira Hopwood cca702c505 Fix Makefile bugs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-04-18 17:03:25 +01:00
str4d 9c65d64012
Merge pull request #209 from str4d/zips-207-208 
Update protocol spec with ZIPs 207 and 208
 2019-03-08 17:59:17 +13:00
Daira Hopwood ce803ea0b4 Correct generators for BLS12-381. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-24 05:59:14 +00:00
Daira Hopwood 86319cfe89 Address Daira's review comments. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-24 02:06:23 +00:00
Daira Hopwood 5cf59663d9 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-24 02:05:58 +00:00
Daira Hopwood 4284a49a20 Add bibliography entries for ZIPs 207 and 208. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-24 02:02:54 +00:00
Daira Hopwood fa41eae110 Fix a Makefile bug. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-24 02:02:16 +00:00
Jack Grigg d6ed011d5e
ZIP 207 changes 2019-02-23 19:21:19 +00:00
Jack Grigg 2fc1b8cc9c
ZIP 208 changes 
Includes additional changes to constants in sections 7.7 and 7.8 which
are needed to compile, and not part of ZIP 208, but will be altered by
ZIP 207.
 2019-02-23 19:21:17 +00:00
Daira Hopwood 1fa1a91f32 Regenerate PDFs (including the new blossom.pdf). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-22 13:54:50 +00:00
Daira Hopwood 5097fc7c4e Add macros and Makefile support for building the Blossom specification. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-22 13:49:08 +00:00
Daira Hopwood 7f435cd37d Fix a typo in appendix B.2 and clarify the costs of Groth16 batch verification. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-22 13:49:08 +00:00
Daira Hopwood f3c5ed99e2 Remove the rule that miners SHOULD NOT mine blocks that chain to other blocks with version number > 4. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-22 13:49:08 +00:00
Daira Hopwood 06725e94b9 Correct the rule about when a transaction is permitted to have no transparent inputs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-22 13:34:25 +00:00
Daira Hopwood 95d95bc4c4 Clarify which transaction fields are added by Overwinter and Sapling. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-22 13:33:39 +00:00
Daira Hopwood 8e9171d512 Clarify that Equihash is based on a *variation* of the GBP, and cite [AR2017]. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-22 13:17:07 +00:00
Daira Hopwood c57d51d7a0 More references and corrected description of Groth16. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-22 12:49:22 +00:00
Daira Hopwood 0b626b087a Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-10 03:30:26 +00:00
Daira Hopwood ba949107ab Correct isis agora lovecruft's name. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-10 03:20:47 +00:00
Daira Hopwood 2dc3a10bfe Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-09 01:02:01 +00:00
Daira Hopwood 64c268fdd7 Add Eirik Ogilvie-Wigley and Benjamin Winston to acknowledgements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-09 01:00:03 +00:00
Daira Hopwood fb9faa3835 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-09 00:37:00 +00:00
Daira Hopwood 0988966fdc Remaining fixes and clarifications for BCTV14 vulnerability. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-09 00:37:00 +00:00
Daira Hopwood e17905a0a3 Specify the difficulty adjustment change on testnet. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-09 00:37:00 +00:00
Daira Hopwood d4a9158323 Say when Sapling activated, and reference ZIP 205. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-09 00:37:00 +00:00
Daira Hopwood d18edb4abc Rename zk-SNARK Parameters sections according to the proving system. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-08 22:59:38 +00:00
Daira Hopwood 0d8430799c Correct [SBB2019] to [SWB2019], and note that the BCTV14 vulnerability affected Soundness. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-05 19:29:31 +00:00
Daira Hopwood 36eeeba15e Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-05 16:55:42 +00:00
Daira Hopwood 9a7ebd326e Disclose BCTV14 vulnerability. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2019-02-05 16:45:09 +00:00
Daira Hopwood 9515d73aac Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-14 02:05:26 +00:00
Daira Hopwood 680af418cf Fill in another constraint cost. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-14 02:02:17 +00:00
Daira Hopwood af17ba2485 Adjust the notation used for scalar multiplication in Appendix A to allow bit sequences as scalars. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-14 02:01:59 +00:00
Daira Hopwood 9aba6af281 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-14 02:01:01 +00:00
Daira Hopwood 538d1f1eb0 Add a description of the Sapling output circuit. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-14 01:05:39 +00:00
Daira Hopwood 79b3d81e42 Complete the description of the Sapling spend circuit. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-13 23:15:54 +00:00
Daira Hopwood 5531006f08 Fix or complete various calculations of constraint costs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-13 23:11:53 +00:00
Daira Hopwood 7419c0a366 Describe 2-bit window lookup with conditional negation. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-13 23:09:34 +00:00
Daira Hopwood 39b498fed9 Remove a todo. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-13 22:07:18 +00:00
Daira Hopwood 0835c3837e Modify the description of fixed-base scalar multiplication to match sapling-crypto. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-13 22:06:36 +00:00
Daira Hopwood 2f868aca8d Add LEBStoIP. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-11-13 22:00:41 +00:00
Daira Hopwood 43e83effb4 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-24 16:18:39 +01:00
Daira Hopwood e24f7cede5 Clarify the description of the Merkle path check in Appendix A. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-24 16:14:28 +01:00
Daira Hopwood 066d424d3a Correct the input to H⊛ used to derive the nonce r in RedDSA.Sign, from T || M to T || _vk_ || M. 
This matches the sapling-crypto implementation; the spec was unintentionally changed in 2018.0-beta-20.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-24 16:14:28 +01:00
Daira Hopwood 34c6a5c0d6 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 16:47:28 +01:00
Daira Hopwood c04c0542e8 Cosmetics (pagination in Appendix A). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 16:44:31 +01:00
Daira Hopwood bb52ce246c Clarify notation in the proof of A.3.3. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 15:44:11 +01:00
Daira Hopwood 223b8db3a7 Minor tweak to the statement of Theorem A.3.4 to make the contradiction clearer. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 11:22:49 +01:00
Daira Hopwood da7c6fe190 Correct the statement and proof of Theorem A.3.2. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 11:21:02 +01:00
Daira Hopwood 25b64382e4 Clarify the notes concerning domain separation of prefixes for MerkleCRH^Sapling and NoteCommit^Sapling. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 11:00:45 +01:00
Daira Hopwood 2a7002a010 Add the QED-it report to the acknowledgements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 10:45:19 +01:00
Daira Hopwood bc48ebe898 Improved cross-referencing in Pedersen hash section. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 10:43:48 +01:00
Daira Hopwood 74c39f073d Correct a use of \GroupJ that should have been \MontCurve. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 10:34:56 +01:00
Daira Hopwood 691922ebd1 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 10:27:34 +01:00
Daira Hopwood dc81e21c2b Correct uses of LEOS2IP_l in RedDSAVerify and RedDSABatchVerify to ensure l is a multiple of 8. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 10:27:34 +01:00
Daira Hopwood 5524822ed5 Correct some uses of r_J that should have been r_S or q. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 10:27:34 +01:00
Daira Hopwood dc41de37f3 Avoid clashing notation. Refer to the Montgomery form of Jubjub as \mathbb{M}. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-10-01 10:27:34 +01:00
Noah Vesely ace2fbe622
Add missing 'can' 2018-09-10 16:19:53 -07:00
Daira Hopwood 88e255b63f Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-09-02 09:06:22 +01:00
Daira Hopwood 3ecbe6b903 The rest for beta-30 (sorry, I have a flight to catch). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-09-02 09:06:22 +01:00
Daira Hopwood b909f2a482 Add dates to Change History. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-09-02 09:06:22 +01:00
Daira Hopwood a1f90a56cf Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-09-02 09:06:22 +01:00
Daira Hopwood bfc9ba5b21 Add security argument about DiversifyHash. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-09-02 09:06:22 +01:00
Daira Hopwood 5fd898adea Makefile fixes and improvements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-09-02 09:06:22 +01:00
Daira Hopwood 5361fc591e Cosmetics (pagination in Appendix A). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-09-02 09:06:22 +01:00
Daira Hopwood 2cf4dfacef Correct the description of the N-ary AND optimization (not used in Sapling): 
a run of N-1 one bits in c yields an N-ary AND.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-09-02 09:06:22 +01:00
Daira Hopwood 58a12371d1 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-15 15:42:35 +01:00
Daira Hopwood 3049a53843 Remove a resolved TODO. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-15 15:40:35 +01:00
Daira Hopwood 4d1cb63baf Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-15 15:38:15 +01:00
Daira Hopwood 8364aff29c Change the description of BLAKE2s to correct the constraint count and to describe batched equality checks performed by the sapling-crypto implementation. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-15 15:07:23 +01:00
Daira Hopwood ad0479ac77 Finish the description of range checks in Appendix A. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-15 14:52:50 +01:00
Daira Hopwood bc6a430edc Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-14 10:45:52 +01:00
Daira Hopwood 0351335662 Minor corrections to affine Edwards variable-base multiplication in Appendix A. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-14 10:43:05 +01:00
Daira Hopwood 3b16c62958 Finish the Appendix A description of BLAKE2s. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-14 10:41:40 +01:00
Daira Hopwood 5d8fe05d37 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-12 17:21:08 +01:00
Daira Hopwood 10019825e9 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-12 16:57:38 +01:00
Daira Hopwood 324d634a29 Define "represented subgroup". 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-12 16:57:23 +01:00
Daira Hopwood 36bcc8f3f0 Correct the Change History entry of this version for Sprout. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-12 16:57:07 +01:00
Daira Hopwood 745da1e36d Minor improvement to the type of z_j used in RedDSA batch verification. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-12 16:35:58 +01:00
Daira Hopwood a902df4c5c Correct the description of Groth16 batch verification 
to explicitly take account of how verification depends on primary inputs.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-12 16:35:26 +01:00
Daira Hopwood f90012ce5e Clarify order checking for proof elements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-12 16:33:03 +01:00
Daira Hopwood 05d72a4b71 Add Charles Rackoff, Rafail Ostrovsky, and Amit Sahai to the acknowledgements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-12 16:30:21 +01:00
Daira Hopwood 998cb2ff95 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-12 16:28:59 +01:00
Daira Hopwood 81598de991 Notational changes: 
- Use a superscript (r) to mark the subgroup order, instead of a subscript.
- Use G^{(r)∗} for the set of r_G-order points in G.
(r)
- Mark the subgroup order in pairing groups, e.g. use G_1^{(r)} instead of G_1.
- Make the bit-representation indicator (five-pointed star) an affix instead of a superscript.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-12 16:24:15 +01:00
Daira Hopwood b605fe1061 Cosmetics and minor wording improvements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-11 21:09:53 +01:00
Daira Hopwood b2f42d987c Macro simplifications. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-11 21:05:19 +01:00
Daira Hopwood 0a1a01513f Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-05 17:31:42 +01:00
Daira Hopwood ade889eef7 Add an appendix on Groth16 batch verification. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-05 17:30:04 +01:00
Daira Hopwood 2e74200366 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-05 17:29:44 +01:00
Daira Hopwood ef1cee8dcf Regenerate PDFs. Also fix a Makefile problem: protocol.pdf can't be a symlink 
because GitHub doesn't follow symlinks, so links to protocol.pdf would break.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-05 16:05:40 +01:00
Daira Hopwood 34cf757891 Add the hashes of parameter files for Sapling. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-05 10:06:52 +01:00
Daira Hopwood af90f0c4af Add cross references for RedDSA batch verification appendix. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-05 10:06:26 +01:00
Daira Hopwood 7450495335 Cosmetics: fix a warning about Unicode in headings. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-05 10:03:46 +01:00
Daira Hopwood 996045013e Makefile: name the Sprout version as sprout.pdf and link protocol.pdf to the Sapling verison. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-05 10:02:24 +01:00
Daira Hopwood d5c79e2592 Put the change history back in the correct order (beta-23 and -24 were reversed). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-08-05 08:54:03 +01:00
Daira Hopwood ff397a6aff Add a missing consensus rule for v4 transactions: if there are no Sapling spends or outputs, valueBalance MUST be 0. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-31 03:47:26 +01:00
Daira Hopwood 854f6eddcc Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-27 22:05:29 +01:00
Daira Hopwood 2f0c68b616 Add an appendix on RedDSA batch verification. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-27 22:05:29 +01:00
Daira Hopwood 90692541aa Update RedDSA verification to use cofactor multiplication. 
This is necessary in order for the output of batch verification to match unbatched verification in all cases.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-27 22:05:29 +01:00
Daira Hopwood ea61325c25 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood 4d8031f659 Make the Sprout version of the spec say [Sprout] in the version. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood e1ee4e615e Updates to take account that Overwinter has activated. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood 89c05c0303 The recommendation for transactions without JoinSplit descriptions to be v1 
applies only before Overwinter, not before Sapling.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood 71617341c9 Wording improvements for the effect of upgrades on sighash. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood c2b8ba2052 Rename nuzero macro names to overwinter. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood 45f9005714 Add TODO to check whether the circuit sometimes omits curve checks. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood f11a24afc3 Delete or clarify unused optimizations in Appendix A. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood 6e4a9455df Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood 128a4fc862 Cross-reference PRF^ock for Sapling encryption. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood 53e6f29d18 Clarify the selection of ovk in sending Sapling notes. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood 699a78e749 Clarify the use of cv^new and cm^new in sending Sapling notes. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood b0b1f60cc2 Reword the conclusion from theorem A.3.4 for precision. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood 0200f63ace Complete the proof of theorem A.3.4. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood dcd929291a Add note about the nonsmall-order check on rk. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood db3ea270c5 The \difference macro was not used consistently; use \setminus instead. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-07-18 11:20:32 +01:00
Daira Hopwood 45b7cc8047 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:57:30 +01:00
Daira Hopwood 92eb6c5751 Correct the conformance requirement for fOverwintered. 
This addresses a Least Authority issue.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:49 +01:00
Daira Hopwood f3ba658772 Note which conformance requirements of BIP 173 (Bech32) apply. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:49 +01:00
Daira Hopwood da5909bff5 Improve acknowledgements section. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:49 +01:00
Daira Hopwood 911bc3a9ed Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:49 +01:00
Daira Hopwood 52428befa7 Correct an error in RedDSA.Verify: vk is given, not computed from sk. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:49 +01:00
Daira Hopwood 432e39ee4c Correct the argument that the sum of value commitments is in range. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:49 +01:00
Daira Hopwood 001474760a Corrections related to outgoing viewing keys and ciphertexts. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:49 +01:00
Daira Hopwood 398cc64619 Add section on signature hashing, and a note on malleability of proofs. 
Also describe the changes in sighash computation relative to Bitcoin.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:49 +01:00
Daira Hopwood be632b4a21 P2PKH addresses use a hash of a compressed, not an uncompressed ECDSA key representation. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:49 +01:00
Daira Hopwood d1a6e2809d Say that Sprout interstitial treestates form a tree. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:49 +01:00
Daira Hopwood e083d27e82 Add a consensus rule that valueBalance is in the range {-MAX_MONEY..MAX_MONEY}. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:48 +01:00
Daira Hopwood 4525a1fffd Refine the caveat about the claimed security of shielded transactions. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:48 +01:00
Daira Hopwood 7aa8765dc0 Enforce stronger constraints on the types of pk_d, ak, nk, cv, epk, and rk, and ensure esk is not zero when encrypting. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:49:43 +01:00
Daira Hopwood 0617ca2aae Instantiate PRF^ock, and correct some types. Also enforce that esk is canonical. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:48:25 +01:00
Daira Hopwood eb6a8c7d62 Type changes for cmu in an Output description. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:14:27 +01:00
Daira Hopwood 57f16ea6da Refactoring/type changes for commitment randomness and outputs. 
This also affects the type of Sapling note plaintexts.
Includes potential consensus changes (which *should* match the implementation)!

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:14:16 +01:00
Daira Hopwood cb730f241e Wording, cross-referencing, and minor type improvements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:11:46 +01:00
Daira Hopwood 8dd6074164 More cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:11:46 +01:00
Daira Hopwood 1f02902d6e Clarify that the square root notation refers to the positive square root. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:11:46 +01:00
Daira Hopwood 8c80decd3b Group Hash and DiversifyHash refactoring. Also fix an error in the definition of set difference. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:11:30 +01:00
Daira Hopwood f480f351b7 Generalize PRF^expand to accept an arbitrary-length input. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood 0334dde7a2 Resolve a potential ambiguity in use of the ?: notation by adding parentheses. 
This addresses a Least Authority comment.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood a35f4275a1 Clarify the wording of the abstract. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood da298474ea Add Jubjub bird image to the title page and cite Carroll references. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood 4a144dec07 Change the background for the Overwinter and Sapling spec to white, indicating that it is no longer a draft. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood c9f6d7ae07 Change the notation for a multiplication constraint to avoid potential confusion with cartesian product. 
This addresses a Least Authority comment.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood 51c84b7556 Cosmetics, mainly spacing. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood 6199179685 Bibliography cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood 8abebf4296 Type corrections and precision improvements. Also add more cross-references. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood 4035e4c5e0 Correct a reference. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood 11163742b7 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood ce35640ec0 Remove the consensus rule "If nJoinSplit > 0, the transaction MUST NOT use SIGHASH types other than SIGHASH_ALL.", 
which was never implemented.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood 32b696b875 Makefile refinements (have LaTeX halt immediately on error). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-06-22 22:08:45 +01:00
Daira Hopwood 948c910987 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:30:47 +01:00
Daira Hopwood ae491d4a4b cm in an Output description encodes only the u-coordinate of the note commitment, not the full curve point. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:28:08 +01:00
Daira Hopwood 48d9fcbc79 Change the notation H^\star to H^\circledast in the description of RedDSA, to avoid confusion with the ^\star convention for representations of group elements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:26:20 +01:00
Daira Hopwood 1c61ec5cf9 Correct a reference to RedDSA.RandomizePrivate that was intended to be RedDSA.RandomizePublic. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:26:20 +01:00
Daira Hopwood 30f4dfc545 Correct an error in the computation of generators for Pedersen hashes. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:26:20 +01:00
Daira Hopwood 62f0c6a49b Correct the statement about FindGroupHash^J never returning \bot. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:26:20 +01:00
Daira Hopwood b59e8d45b5 Minor improvements to cross-references. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:26:20 +01:00
Daira Hopwood d236700a8d Ensure \AuthSignBase (\mathcal{G}) is defined where used. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:26:13 +01:00
Daira Hopwood df02fcf9ac Make the public key prefix part of the input to the hash function in RedDSA, not part of the message. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:14:07 +01:00
Daira Hopwood 0517e2dc3a Change terminology describing constraint systems. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:14:07 +01:00
Daira Hopwood 05094f8641 Correct a type error in RedDSA.Sign. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:14:07 +01:00
Daira Hopwood 3c0198fb99 Correct a type error in the definition of GroupHash^J. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:14:06 +01:00
Daira Hopwood 5dce44d0a0 Fix the description of the Sapling balancing value. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-22 23:14:06 +01:00
Daira Hopwood 7b6df9f623 Correct the order of arguments to RedDSA.Randomize{Private,Public}. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-18 21:21:41 +01:00
Daira Hopwood f4facef8c8 Add Michael Dixon and Andrew Poelstra to acknowledgements. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-05-18 21:18:40 +01:00
Daira Hopwood 7e0b51011a Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 13:30:20 +01:00
Daira Hopwood 275aee328b Minor clarifications. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 13:28:34 +01:00
Daira Hopwood b6bf914478 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 03:54:04 +01:00
Daira Hopwood 76e1213c8b Remove redundant crossref. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 03:52:08 +01:00
Daira Hopwood 0481da1724 Minor corrections. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 03:43:14 +01:00
Daira Hopwood fdfd9a6760 Cosmetics. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 03:43:13 +01:00
Daira Hopwood a7eda35419 Clarify the security argument for balance in \Sapling. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 03:43:13 +01:00
Daira Hopwood 06b0a6e79f Correct a subtle problem with the type of the value input to ValueCommit. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 03:43:13 +01:00
Daira Hopwood b11064a39c Fix the loss of tightness in the use of PRF^nfSapling by specifying the keyspace more precisely. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 03:43:13 +01:00
Daira Hopwood 62429657d0 Be more careful about which notes are normative. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 03:43:13 +01:00
Daira Hopwood 1ad35c6a59 Correct type ambiguities for rho in Sapling. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 03:43:13 +01:00
Daira Hopwood df2f80f13b Specify the representation of i in group G_2 of BLS-381. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-23 01:42:16 +01:00
Daira Hopwood 8f445e4309 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 12:00:33 +01:00
Daira Hopwood b5effeea70 Cosmetics (pagination). 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 11:57:38 +01:00
Daira Hopwood f41b95b72f Fix a bug in the definition of DefaultDiversifier. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 11:57:00 +01:00
Daira Hopwood 2e2200a0bc Add \maybe macro. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 11:56:12 +01:00
Daira Hopwood 97b3a9be51 Regenerate PDFs. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 08:21:46 +01:00
Daira Hopwood 8ca0f473f5 Type clarification. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 08:19:56 +01:00
Daira Hopwood 80ec1b52ce Clarify the authority obtained by a delegated prover. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 08:19:35 +01:00
Daira Hopwood ab4e2c2f7a [BLS2002] shouldn't be cited only for the Change History in Sprout version of the spec. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 07:37:53 +01:00
Daira Hopwood bf03ab51fc Specify KA^Sapling. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 07:29:14 +01:00
Daira Hopwood 7481181d43 Complete the algorithm for generating dummy Sapling input notes. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 07:29:14 +01:00
Daira Hopwood 8c0e7b85f4 8 -> h_J for Jubjub cofactor. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 07:29:07 +01:00
Daira Hopwood 31578a6f3c bellman uses combined parameter files. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 07:28:03 +01:00
Daira Hopwood 4dfdfd74d4 Corrections and clarifications. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 07:27:55 +01:00
Daira Hopwood b086930d5a Add references for BLS and BN curves. 
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
 2018-04-21 07:25:15 +01:00