Daira Hopwood
|
8a49de84f6
|
Cosmetics.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-25 00:32:43 +01:00 |
Daira Hopwood
|
de065cf344
|
Update another reference to the Sapling spec version.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-25 00:32:43 +01:00 |
Daira Hopwood
|
ff5affbc77
|
Cosmetics.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-25 00:32:43 +01:00 |
Daira Hopwood
|
f94b9a4c67
|
Define r_J.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-25 00:32:43 +01:00 |
Daira Hopwood
|
1b3ea422fe
|
Reference version 2018.0-beta-21 or later of the Sapling protocol spec.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-25 00:32:43 +01:00 |
Daira Hopwood
|
3f2815838e
|
Cosmetic improvements.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-25 00:32:43 +01:00 |
Jack Grigg
|
da683d31b9
|
Remove hardening from example public-key HD path
Hardened derivation is undefined for an extended FVK
|
2018-07-25 00:32:43 +01:00 |
Daira Hopwood
|
9596aedaa0
|
ZIP 32: use FF1-AES256 as the PRP.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-25 00:32:43 +01:00 |
str4d
|
a01dbbbcbc
|
Note that ZIP 32 is consistently little-endian
|
2018-07-25 00:32:43 +01:00 |
str4d
|
f07b6d2613
|
Define how to derive diversifiers from Sapling extended keys
|
2018-07-25 00:32:43 +01:00 |
str4d
|
efd68a4474
|
Define I2LEOSP_l(k) and use it to encode the child key indices
Note that this means they are encoded in little-endian order, which is the
opposite of BIP 32.
|
2018-07-25 00:32:43 +01:00 |
str4d
|
aa36706f38
|
Fix usage of LEOS2IP in definition of ToScalar
|
2018-07-25 00:32:43 +01:00 |
str4d
|
c73733ae13
|
Define a diversifier key dk
|
2018-07-25 00:32:43 +01:00 |
str4d
|
4ed0316834
|
Use byte sequences for constant single-byte inputs to PRF_expand
|
2018-07-25 00:32:43 +01:00 |
str4d
|
a5309ed60e
|
Address Daira's comments
|
2018-07-25 00:32:43 +01:00 |
str4d
|
9a87098e0c
|
ZIP 32: Shielded Hierarchical Deterministic Wallets
|
2018-07-25 00:32:43 +01:00 |
Daira Hopwood
|
ea61325c25
|
Regenerate PDFs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
4d8031f659
|
Make the Sprout version of the spec say [Sprout] in the version.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
e1ee4e615e
|
Updates to take account that Overwinter has activated.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
89c05c0303
|
The recommendation for transactions without JoinSplit descriptions to be v1
applies only before Overwinter, not before Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
71617341c9
|
Wording improvements for the effect of upgrades on sighash.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
c2b8ba2052
|
Rename nuzero macro names to overwinter.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
45f9005714
|
Add TODO to check whether the circuit sometimes omits curve checks.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
f11a24afc3
|
Delete or clarify unused optimizations in Appendix A.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
6e4a9455df
|
Cosmetics.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
128a4fc862
|
Cross-reference PRF^ock for Sapling encryption.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
53e6f29d18
|
Clarify the selection of ovk in sending Sapling notes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
699a78e749
|
Clarify the use of cv^new and cm^new in sending Sapling notes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
b0b1f60cc2
|
Reword the conclusion from theorem A.3.4 for precision.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
0200f63ace
|
Complete the proof of theorem A.3.4.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
dcd929291a
|
Add note about the nonsmall-order check on rk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Daira Hopwood
|
db3ea270c5
|
The \difference macro was not used consistently; use \setminus instead.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-07-18 11:20:32 +01:00 |
Jack Grigg
|
22338aa775
|
ZIP 143: Update test vectors to match generator output
|
2018-07-06 15:08:14 +01:00 |
Jack Grigg
|
868b619a2f
|
ZIP 143: rST bugfixes
|
2018-07-06 14:41:53 +01:00 |
Daira Hopwood
|
a633149c5d
|
Merge pull request #160 from str4d/140-zip-0143-examples
Add examples from ZIP 143 test vectors
|
2018-07-06 02:18:53 +01:00 |
Daira Hopwood
|
268f9c8cba
|
Minor fixes to ZIPs 143, 201, 203 and 243.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:58:28 +01:00 |
Daira Hopwood
|
45b7cc8047
|
Regenerate PDFs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:57:30 +01:00 |
Daira Hopwood
|
92eb6c5751
|
Correct the conformance requirement for fOverwintered.
This addresses a Least Authority issue.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:49 +01:00 |
Daira Hopwood
|
f3ba658772
|
Note which conformance requirements of BIP 173 (Bech32) apply.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:49 +01:00 |
Daira Hopwood
|
da5909bff5
|
Improve acknowledgements section.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:49 +01:00 |
Daira Hopwood
|
911bc3a9ed
|
Cosmetics.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:49 +01:00 |
Daira Hopwood
|
52428befa7
|
Correct an error in RedDSA.Verify: vk is given, not computed from sk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:49 +01:00 |
Daira Hopwood
|
432e39ee4c
|
Correct the argument that the sum of value commitments is in range.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:49 +01:00 |
Daira Hopwood
|
001474760a
|
Corrections related to outgoing viewing keys and ciphertexts.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:49 +01:00 |
Daira Hopwood
|
398cc64619
|
Add section on signature hashing, and a note on malleability of proofs.
Also describe the changes in sighash computation relative to Bitcoin.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:49 +01:00 |
Daira Hopwood
|
be632b4a21
|
P2PKH addresses use a hash of a compressed, not an uncompressed ECDSA key representation.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:49 +01:00 |
Daira Hopwood
|
d1a6e2809d
|
Say that Sprout interstitial treestates form a tree.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:49 +01:00 |
Daira Hopwood
|
e083d27e82
|
Add a consensus rule that valueBalance is in the range {-MAX_MONEY..MAX_MONEY}.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:48 +01:00 |
Daira Hopwood
|
4525a1fffd
|
Refine the caveat about the claimed security of shielded transactions.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:48 +01:00 |
Daira Hopwood
|
7aa8765dc0
|
Enforce stronger constraints on the types of pk_d, ak, nk, cv, epk, and rk, and ensure esk is not zero when encrypting.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
|
2018-06-22 22:49:43 +01:00 |