Daira Hopwood
2f0c68b616
Add an appendix on RedDSA batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
Daira Hopwood
90692541aa
Update RedDSA verification to use cofactor multiplication.
...
This is necessary in order for the output of batch verification to match unbatched verification in all cases.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
Daira Hopwood
ea61325c25
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
4d8031f659
Make the Sprout version of the spec say [Sprout] in the version.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
e1ee4e615e
Updates to take account that Overwinter has activated.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
89c05c0303
The recommendation for transactions without JoinSplit descriptions to be v1
...
applies only before Overwinter, not before Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
71617341c9
Wording improvements for the effect of upgrades on sighash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
c2b8ba2052
Rename nuzero macro names to overwinter.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
45f9005714
Add TODO to check whether the circuit sometimes omits curve checks.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
f11a24afc3
Delete or clarify unused optimizations in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
6e4a9455df
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
128a4fc862
Cross-reference PRF^ock for Sapling encryption.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
53e6f29d18
Clarify the selection of ovk in sending Sapling notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
699a78e749
Clarify the use of cv^new and cm^new in sending Sapling notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
b0b1f60cc2
Reword the conclusion from theorem A.3.4 for precision.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
0200f63ace
Complete the proof of theorem A.3.4.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
dcd929291a
Add note about the nonsmall-order check on rk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
db3ea270c5
The \difference macro was not used consistently; use \setminus instead.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
45b7cc8047
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:57:30 +01:00
Daira Hopwood
92eb6c5751
Correct the conformance requirement for fOverwintered.
...
This addresses a Least Authority issue.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
f3ba658772
Note which conformance requirements of BIP 173 (Bech32) apply.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
da5909bff5
Improve acknowledgements section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
911bc3a9ed
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
52428befa7
Correct an error in RedDSA.Verify: vk is given, not computed from sk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
432e39ee4c
Correct the argument that the sum of value commitments is in range.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
001474760a
Corrections related to outgoing viewing keys and ciphertexts.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
398cc64619
Add section on signature hashing, and a note on malleability of proofs.
...
Also describe the changes in sighash computation relative to Bitcoin.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
be632b4a21
P2PKH addresses use a hash of a compressed, not an uncompressed ECDSA key representation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
d1a6e2809d
Say that Sprout interstitial treestates form a tree.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
e083d27e82
Add a consensus rule that valueBalance is in the range {-MAX_MONEY..MAX_MONEY}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:48 +01:00
Daira Hopwood
4525a1fffd
Refine the caveat about the claimed security of shielded transactions.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:48 +01:00
Daira Hopwood
7aa8765dc0
Enforce stronger constraints on the types of pk_d, ak, nk, cv, epk, and rk, and ensure esk is not zero when encrypting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:43 +01:00
Daira Hopwood
0617ca2aae
Instantiate PRF^ock, and correct some types. Also enforce that esk is canonical.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:48:25 +01:00
Daira Hopwood
eb6a8c7d62
Type changes for cmu in an Output description.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:14:27 +01:00
Daira Hopwood
57f16ea6da
Refactoring/type changes for commitment randomness and outputs.
...
This also affects the type of Sapling note plaintexts.
Includes potential consensus changes (which *should* match the implementation)!
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:14:16 +01:00
Daira Hopwood
cb730f241e
Wording, cross-referencing, and minor type improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:11:46 +01:00
Daira Hopwood
8dd6074164
More cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:11:46 +01:00
Daira Hopwood
1f02902d6e
Clarify that the square root notation refers to the positive square root.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:11:46 +01:00
Daira Hopwood
8c80decd3b
Group Hash and DiversifyHash refactoring. Also fix an error in the definition of set difference.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:11:30 +01:00
Daira Hopwood
f480f351b7
Generalize PRF^expand to accept an arbitrary-length input.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
0334dde7a2
Resolve a potential ambiguity in use of the ?: notation by adding parentheses.
...
This addresses a Least Authority comment.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
a35f4275a1
Clarify the wording of the abstract.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
da298474ea
Add Jubjub bird image to the title page and cite Carroll references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
4a144dec07
Change the background for the Overwinter and Sapling spec to white, indicating that it is no longer a draft.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
c9f6d7ae07
Change the notation for a multiplication constraint to avoid potential confusion with cartesian product.
...
This addresses a Least Authority comment.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
51c84b7556
Cosmetics, mainly spacing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
6199179685
Bibliography cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
8abebf4296
Type corrections and precision improvements. Also add more cross-references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
4035e4c5e0
Correct a reference.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
11163742b7
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
ce35640ec0
Remove the consensus rule "If nJoinSplit > 0, the transaction MUST NOT use SIGHASH types other than SIGHASH_ALL.",
...
which was never implemented.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
32b696b875
Makefile refinements (have LaTeX halt immediately on error).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:08:45 +01:00
Daira Hopwood
948c910987
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:30:47 +01:00
Daira Hopwood
ae491d4a4b
cm in an Output description encodes only the u-coordinate of the note commitment, not the full curve point.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:28:08 +01:00
Daira Hopwood
48d9fcbc79
Change the notation H^\star to H^\circledast in the description of RedDSA, to avoid confusion with the ^\star convention for representations of group elements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:20 +01:00
Daira Hopwood
1c61ec5cf9
Correct a reference to RedDSA.RandomizePrivate that was intended to be RedDSA.RandomizePublic.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:20 +01:00
Daira Hopwood
30f4dfc545
Correct an error in the computation of generators for Pedersen hashes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:20 +01:00
Daira Hopwood
62f0c6a49b
Correct the statement about FindGroupHash^J never returning \bot.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:20 +01:00
Daira Hopwood
b59e8d45b5
Minor improvements to cross-references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:20 +01:00
Daira Hopwood
d236700a8d
Ensure \AuthSignBase (\mathcal{G}) is defined where used.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:26:13 +01:00
Daira Hopwood
df02fcf9ac
Make the public key prefix part of the input to the hash function in RedDSA, not part of the message.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:14:07 +01:00
Daira Hopwood
0517e2dc3a
Change terminology describing constraint systems.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:14:07 +01:00
Daira Hopwood
05094f8641
Correct a type error in RedDSA.Sign.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:14:07 +01:00
Daira Hopwood
3c0198fb99
Correct a type error in the definition of GroupHash^J.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:14:06 +01:00
Daira Hopwood
5dce44d0a0
Fix the description of the Sapling balancing value.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-22 23:14:06 +01:00
Daira Hopwood
7b6df9f623
Correct the order of arguments to RedDSA.Randomize{Private,Public}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-18 21:21:41 +01:00
Daira Hopwood
f4facef8c8
Add Michael Dixon and Andrew Poelstra to acknowledgements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-05-18 21:18:40 +01:00
Daira Hopwood
7e0b51011a
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 13:30:20 +01:00
Daira Hopwood
275aee328b
Minor clarifications.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 13:28:34 +01:00
Daira Hopwood
b6bf914478
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 03:54:04 +01:00
Daira Hopwood
76e1213c8b
Remove redundant crossref.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 03:52:08 +01:00
Daira Hopwood
0481da1724
Minor corrections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 03:43:14 +01:00
Daira Hopwood
fdfd9a6760
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 03:43:13 +01:00
Daira Hopwood
a7eda35419
Clarify the security argument for balance in \Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 03:43:13 +01:00
Daira Hopwood
06b0a6e79f
Correct a subtle problem with the type of the value input to ValueCommit.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 03:43:13 +01:00
Daira Hopwood
b11064a39c
Fix the loss of tightness in the use of PRF^nfSapling by specifying the keyspace more precisely.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 03:43:13 +01:00
Daira Hopwood
62429657d0
Be more careful about which notes are normative.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 03:43:13 +01:00
Daira Hopwood
1ad35c6a59
Correct type ambiguities for rho in Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 03:43:13 +01:00
Daira Hopwood
df2f80f13b
Specify the representation of i in group G_2 of BLS-381.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-23 01:42:16 +01:00
Daira Hopwood
8f445e4309
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 12:00:33 +01:00
Daira Hopwood
b5effeea70
Cosmetics (pagination).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 11:57:38 +01:00
Daira Hopwood
f41b95b72f
Fix a bug in the definition of DefaultDiversifier.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 11:57:00 +01:00
Daira Hopwood
2e2200a0bc
Add \maybe macro.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 11:56:12 +01:00
Daira Hopwood
97b3a9be51
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 08:21:46 +01:00
Daira Hopwood
8ca0f473f5
Type clarification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 08:19:56 +01:00
Daira Hopwood
80ec1b52ce
Clarify the authority obtained by a delegated prover.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 08:19:35 +01:00
Daira Hopwood
ab4e2c2f7a
[BLS2002] shouldn't be cited only for the Change History in Sprout version of the spec.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:37:53 +01:00
Daira Hopwood
bf03ab51fc
Specify KA^Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:29:14 +01:00
Daira Hopwood
7481181d43
Complete the algorithm for generating dummy Sapling input notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:29:14 +01:00
Daira Hopwood
8c0e7b85f4
8 -> h_J for Jubjub cofactor.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:29:07 +01:00
Daira Hopwood
31578a6f3c
bellman uses combined parameter files.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:28:03 +01:00
Daira Hopwood
4dfdfd74d4
Corrections and clarifications.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:27:55 +01:00
Daira Hopwood
b086930d5a
Add references for BLS and BN curves.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:25:15 +01:00
Daira Hopwood
34714e064c
Add DefaultDiversifier.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:25:15 +01:00
Daira Hopwood
741fb7a4be
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:25:15 +01:00
Daira Hopwood
60a43d3894
Acknowledge Brian Warner, Mary Maller, and Least Authority.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:25:14 +01:00
Daira Hopwood
65c6bef43a
OutputIndex is no longer needed.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-21 07:25:14 +01:00
Daira Hopwood
b447deaac8
Correct an error in the specifications of the G1/2 generators.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:44:16 +01:00
Daira Hopwood
95193a22df
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:44:16 +01:00
Daira Hopwood
25ed3f0043
Overwinter consensus cleanups.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:23:20 +01:00
Daira Hopwood
5b54c35a41
Add Sprout block chain scanning algorithm.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:23:20 +01:00
Daira Hopwood
6a5e901530
Add circuit constraint section on conditional equality.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:23:20 +01:00
Daira Hopwood
633ca00f25
Specify the randomness beacon.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:23:20 +01:00
Daira Hopwood
3909fe6897
Specify support for BIP 111 (NODE_BLOOM service bit).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:23:20 +01:00
Daira Hopwood
49ab63e322
Correct explanation of commitments in overview to apply to Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:23:20 +01:00
Daira Hopwood
9cfe4b9243
Move the section on Sprout dummy notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:23:20 +01:00
Daira Hopwood
69762401ec
Caveat the claim about note traceability set in the overview.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:23:20 +01:00
Daira Hopwood
fa9bd00e49
Explicitly note that outputs from coinbase transactions include Founders' Reward outputs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:22:06 +01:00
Daira Hopwood
36cfb95cec
Sprout only -> Pre-Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:22:06 +01:00
Daira Hopwood
1a383e60f7
Sapling consensus changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:22:06 +01:00
Daira Hopwood
6e6704411d
Curve25519 -> \KASproutCurve; Ed25519 clarifications.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-20 04:19:28 +01:00
Daira Hopwood
7234e33f21
References for optimal ate pairings.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-19 18:53:52 +01:00
Daira Hopwood
07221bc89c
Change citation keys to abbreviate fewer author names; other minor bibliography fixes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-19 18:49:29 +01:00
Daira Hopwood
2bb48c67eb
Cosmetics and minor corrections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-19 18:03:52 +01:00
Daira Hopwood
34181a7701
Refactor signature definitions and add public-to-private key homomorphism abstraction.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-12 22:26:09 +01:00
Daira Hopwood
1fe6f0a0b1
Make the Description columns of tables ragged-right.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-11 07:46:34 +01:00
Daira Hopwood
052188d218
Move some of the LaTeX hacks around to put potentially document-independent stuff first.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-11 07:41:02 +01:00
Daira Hopwood
cda5339eba
Correct an error in the Montgomery addition formulae (the constraints were correct).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-10 21:48:35 +01:00
Daira Hopwood
2109a721e6
Cosmetics and trivial corrections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-10 21:46:19 +01:00
Daira Hopwood
9d18ef7fe8
Bibliography cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-07 18:57:50 +01:00
Daira Hopwood
b95eaf6889
Makefile improvements to ensure optimized PDFs are only written once.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-05 16:07:36 +01:00
Daira Hopwood
a5408376bd
Tweaks to pdfsizeopt options.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-05 16:07:36 +01:00
Daira Hopwood
cfa437b3e8
Tweaks to HTML generation options and documentation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-05 16:07:36 +01:00
Daira Hopwood
c3fae92bb4
Support for building size-optimized PDFs, and other Makefile and README improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-04-05 16:07:36 +01:00
Daira Hopwood
0ce9a44e66
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-19 00:03:39 +00:00
Daira Hopwood
40ec72bb46
Add specification of Output statement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-19 00:01:25 +00:00
Daira Hopwood
d029d67779
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 23:57:09 +00:00
Daira Hopwood
fc71b29163
Minor clarifications.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 23:54:36 +00:00
Daira Hopwood
bffc16b0ee
Updates to transaction format and consensus rules for Overwinter and Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 22:02:42 +00:00
Daira Hopwood
a6245e3f68
Clarify conversions between bit and byte sequences.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 21:45:27 +00:00
Daira Hopwood
9498de38f9
Updates to Sapling construction, changing how the nullifier is computed and separating it from the randomized spend verifying key (rk).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 21:43:57 +00:00
Daira Hopwood
9d96abe629
Change MerkleDepth^Sapling from 29 to 32. Fixes #143
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 21:00:17 +00:00
Daira Hopwood
d63c0f5f0f
Clarify bit ordering of SHA-256 and SHA256Compress.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 21:00:17 +00:00
Daira Hopwood
5cac8e9b6a
The first rule of Fork Club is: We don't talk about "forks".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 21:00:17 +00:00
Daira Hopwood
108fa4daa0
Add DiversifyHash, and change the type of diversifiers to a bit sequence.
...
Fix the generation of diversified addresses to repeatedly try diversifiers.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 21:00:17 +00:00
Daira Hopwood
752156da97
Minor corrections and improvements; add missing notation definitions.
...
Remove things from Sprout spec that shouldn't be there.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 21:00:17 +00:00
Daira Hopwood
a8052562e4
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 21:00:16 +00:00
Daira Hopwood
b19733320c
Replace \nstrut hack (for consistent spacing in table of contents) with a better, less intrusive hack.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 21:00:16 +00:00
Daira Hopwood
6995ada467
Makefile improvements to avoid a reload for each run of pdflatex (and occasional hangs due to a partially written PDF), in PDF readers that monitor files.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-18 21:00:16 +00:00
Daira Hopwood
58fe013949
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 21:46:11 +00:00
Daira Hopwood
aeab72d534
Update Change History.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 21:36:55 +00:00
Daira Hopwood
2fa37c1f1f
Improve security definitions for signatures.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 21:31:33 +00:00
Daira Hopwood
cd930a18be
Clean up diversification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 21:31:18 +00:00
Daira Hopwood
de01f6ed18
Various minor improvements and cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 21:29:49 +00:00
Daira Hopwood
877ce30283
Simplify FindGroupHash to use a single-byte index.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 21:22:53 +00:00
Daira Hopwood
b44beb7141
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 17:44:17 +00:00
Daira Hopwood
38b460aa6f
Appendix A updates:
...
* categorize components into larger sections
* fill in the [de]compression and validation algorithm
* more precisely state the assumptions for inputs and outputs
* delete not-all-one component which is no longer needed
* factor out xor into its own component
* specify [un]packing more precisely; separate it from boolean constraints
* optimize checking for non-small order
* notation in variable-base multiplication algorithm.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 17:42:49 +00:00
Daira Hopwood
1b1acc05d7
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 17:27:43 +00:00
Daira Hopwood
4443e647ec
fixup
2018-03-11 17:09:42 +00:00
Daira Hopwood
618e6ebf37
Change Uncommitted^Sapling to be a u-coordinate for which there is no point on the curve.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 17:09:32 +00:00
Daira Hopwood
f55ad120ff
Minor corrections and improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 14:02:22 +00:00
Daira Hopwood
7cde004f83
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 14:00:00 +00:00
Daira Hopwood
96cfbe9232
Cosmetics: use 'Of' macros.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 12:49:42 +00:00
Daira Hopwood
03918a759c
Don't use cofactor multiplication in derivation of nf.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 12:49:42 +00:00
Daira Hopwood
757cc5b7b4
negligible -> insignificant. refs #92
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 12:49:42 +00:00
Daira Hopwood
87efd20a9c
Change PRF^nr to produce computationally uniform output.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 12:49:42 +00:00
Daira Hopwood
82d794060d
Change how (ask, rsk) are derived from sk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-11 12:49:42 +00:00
Daira Hopwood
963987d5cd
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-10 21:06:47 +00:00
Daira Hopwood
678ec1043f
Bitbox cosmetics (use \strut to ensure consistent vertical alignment).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-10 21:00:27 +00:00
Daira Hopwood
ebd2a5964e
Macro refactoring.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-10 20:47:34 +00:00
Daira Hopwood
76f3b1d0fd
Add comments at closing braces saying which construct is being closed.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-10 04:11:23 +00:00
Daira Hopwood
2924ff85e1
Add space between bibliography entries.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-10 04:03:29 +00:00
Daira Hopwood
cda5cd5c7b
Use less distracting colours for hyperlinks.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-10 04:03:08 +00:00
Daira Hopwood
f27f528724
Update PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
19cd38b782
Update Change History for 2018.0-beta-12.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
cf0c5a47e6
Update Merkle hashes, add unused layer argument to MerkleHash^Sprout.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
39780602bf
WIP on Sapling statements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
a6b342f22e
Additions to Appendix A: packing modulo the field size, and range checks.
...
Also update some notes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
b198e08388
Rename "raw" to "homomorphic" Pedersen commitments
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
77ee3b4fc4
Update algorithm for variable-base scalar multiplication to what is
...
implemented in sapling-crypto.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
34bae57edb
Add definition of PRF^nr.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
79c5c67906
Add re-randomizable signature section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
e6c507c995
Cosmetic bibliography changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
bb79519d1b
Add Overwinter ZIPs and update section on Overwinter/Sapling transitions.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
e21a090af8
Add references [FKMSSS2016] and [CDG1987].
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
63843cf2d3
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-03-06 23:09:15 +00:00
Daira Hopwood
7c3e4a765e
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-26 11:50:00 +00:00
Daira Hopwood
2b2238b0b5
Minor improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-26 11:44:33 +00:00
Daira Hopwood
8d9b9a00b8
Fix range of ivk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-26 11:44:01 +00:00
Daira Hopwood
9f67a5d977
Cosmetics and trivial fixes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-26 11:42:52 +00:00
Daira Hopwood
625d35fce7
Add sections on Spend and Output descriptions.
...
Swap order of cv and rt in a Spend description for consistency.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-26 11:41:15 +00:00
Daira Hopwood
c16011243b
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-26 09:45:44 +00:00
Daira Hopwood
977d881064
Work in progress.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-26 09:44:19 +00:00
Daira Hopwood
a626f28117
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-24 03:15:09 +00:00
Daira Hopwood
59331fca67
SHA fixup
2018-02-24 02:08:14 +00:00
Daira Hopwood
bf9bd313a2
Add BLAKE2 section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-24 02:05:09 +00:00
Daira Hopwood
9ee098adda
Add SHA-256 section; clarify the definition of SHA256Compress.
...
Rename SHA-256 and hash-box macros.
fixes #100
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-24 01:56:32 +00:00
Daira Hopwood
e1ac22992d
Add fact[s] macros.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-14 08:04:45 +00:00
Daira Hopwood
518c7da42d
Add a macro for cross-referencing theorems.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-14 08:02:10 +00:00
Daira Hopwood
efd8551ddf
Fill in Appendix A description of Pedersen hashes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-12 13:21:21 +00:00
Daira Hopwood
ce5b24f72f
WIP for commitments in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-12 13:21:21 +00:00
Daira Hopwood
99ad9689e9
Generalize Pedersen hash spec to make chunks per segment variable.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-12 13:21:21 +00:00
Daira Hopwood
0325aa2fd6
Generalize the distinct-x proof to allow negative indices.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-12 13:21:21 +00:00
Daira Hopwood
25fd603a7e
Notation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-12 13:16:36 +00:00
Daira Hopwood
eefd9052d6
Nicer notation for selection of u and v.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-12 13:16:36 +00:00
Daira Hopwood
50720eadb6
Change hex integers to mathtt font (to enable length comparison).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-12 13:16:36 +00:00
Daira Hopwood
d1ead6560d
Correct an error in the Pedersen hash specification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-12 13:16:36 +00:00
Daira Hopwood
a5759a0c04
PRF^nr must be collision-resistant.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-12 13:16:36 +00:00
Daira Hopwood
002983854a
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-10 11:32:08 +00:00
Daira Hopwood
04aa3a5350
Bibliography cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-02-10 11:30:52 +00:00