Daira Hopwood
560bdec627
[protocol spec] Remove a calculation of cv in \crossref{orcharddummynotes}
...
that is not applicable to Orchard (since cv for an Action Description
depends on both the spent and output notes).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-09-01 00:57:05 +01:00
Daira Hopwood
277291a8ca
[protocol spec] Correct Kexin Hu's name.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-09-01 00:57:05 +01:00
Daira Hopwood
524c8ad70a
Regenerate PDFs.
2022-08-26 00:39:02 +01:00
Daira Hopwood
43be154e37
[protocol spec] Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-08-26 00:39:02 +01:00
Daira Hopwood
513d9dc161
[protocol spec] \crossref{concretecrhivk} incorrectly cross-referenced BLAKE2b-256
...
rather than BLAKE2s-256. The actual specification was correct.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-08-26 00:39:01 +01:00
Daira Hopwood
e2b93341ae
[protocol spec] ZIP 244 is not modified by ZIP 225
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-08-26 00:39:01 +01:00
Daira Hopwood
5980676b05
Regenerate PDFs.
2022-06-22 19:06:53 +01:00
Daira Hopwood
87c5aca5f3
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-22 18:44:40 +01:00
Daira Hopwood
69939334f0
Cosmetics (don't include "No changes before" lines in Change History entries unless needed).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-22 18:44:40 +01:00
Daira Hopwood
5618352447
Document in \crossref{concreteed25519} that a full validator implementation that
...
checkpoints on the Canopy activation block MAY validate Ed25519 signatures using
the post-Canopy rules for the whole chain.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-22 18:44:40 +01:00
Daira Hopwood
e2ccfc11b2
Update references for \cite{ECCZF2019} and \cite{ZIP-302} and \cite{ZIP-252}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-22 18:44:37 +01:00
Daira Hopwood
43c9df8ba6
Regenerate PDFs.
2022-06-22 13:48:23 +01:00
Daira Hopwood
57f2abf5bd
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-21 17:19:36 +01:00
Daira Hopwood
b4761037a4
In \crossref{networks}, update the settled activation block hashes to be those for NU5
...
on Mainnet and Testnet.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-21 17:19:36 +01:00
Daira Hopwood
1be8793401
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-21 17:19:36 +01:00
Daira Hopwood
9db08c218f
In \crossref{sproutspendingkeyencoding}, remove the statement that future key representations
...
might use the padding bits of Sprout spending keys.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-21 17:19:36 +01:00
Daira Hopwood
adce640cb0
Rename ExcludedPointEncodings to PreCanopyExcludedPointEncodings.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-21 17:19:36 +01:00
Daira Hopwood
7fe898c231
Give a full-text URL for \cite{Nakamoto2008}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-21 17:19:36 +01:00
Daira Hopwood
a02401a61e
Correct the history entry for v2022.3.2 to include the entry about `sizeProofsOrchard`.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-21 17:19:36 +01:00
Daira Hopwood
e84ce9423f
Regenerate PDFs.
2022-06-06 20:30:40 +01:00
Daira Hopwood
840674803f
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-06 20:25:53 +01:00
Daira Hopwood
984c14da9e
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-06 20:22:40 +01:00
Daira Hopwood
8bc9244a47
Correction in \crossref{constants}: Uncommitted^Orchard is not a bit sequence.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-06 20:18:56 +01:00
Daira Hopwood
8d9b70b0e4
Cosmetics (spacing in v5 transaction encoding table).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-06 20:18:56 +01:00
Daira Hopwood
2336f6f345
Make \crossref{overview} more precise about chain value pools.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-06 20:18:56 +01:00
Daira Hopwood
b12bb61103
An [NU5 onward] consensus rule requiring the `nConsensusBranchId` field to match
...
the consensus branch ID used for SIGHASH transaction hashes, should apply only
when effectiveVersion ≥ 5 (since v4 transactions did not explicitly encode the
`nConsensusBranchId` field.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-06 20:18:56 +01:00
Daira Hopwood
17042258cd
Correct and improve presentation of \crossref{networkupgrades}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-06-06 20:18:56 +01:00
Jack Grigg
a0767f42fe
Add value of sizeProofsOrchard to protocol spec §7.1 and ZIP 225
2022-06-06 10:17:33 -04:00
Kris Nuttycombe
32870a93af
Fix rendering issue.
2022-05-11 21:03:29 -07:00
Kris Nuttycombe
a25f2b92a7
Set NU5 activation height in the protocol specification.
2022-05-11 14:31:54 -07:00
Daira Hopwood
aec1fef7cd
Regenerate PDFs.
2022-04-28 20:39:30 +01:00
Daira Hopwood
ed82b5bf85
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-04-28 20:34:21 +01:00
Daira Hopwood
be7df83b10
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-04-28 20:33:57 +01:00
Daira Hopwood
2d2508d06c
In \crossref{orchardkeycomponents}, do not allow construction of Orchard
...
spending keys such that the corresponding internal incoming viewing key is 0
or ⊥. (This was already specified for the external incoming viewing key.)
Similarly in \crossref{orchardfullviewingkeyencoding}, do not consider a
decoded key valid if either its external or internal incoming viewing key
would be 0 or ⊥.
fixes #598
2022-04-28 20:33:06 +01:00
Daira Hopwood
dbd7339c3f
Cleanup: remove duplicate macro \CommitIvkRandom in favour of \CommitIvkRand.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-04-28 20:28:07 +01:00
Daira Hopwood
0c53d8815f
Clarify how to determine which table in \crossref{txnencoding} to use for transaction parsing,
...
depending on the effectiveVersion as determined by the `header` field. fixes #603
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-04-28 20:28:07 +01:00
Daira Hopwood
9000614a63
Add an acknowledgement to Mary Maller for reviewing the Halo 2 security proofs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-04-28 20:27:15 +01:00
Daira Hopwood
11b44b4490
Cosmetic indexing fixes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-04-28 20:27:15 +01:00
Daira Hopwood
3c3da6d6dc
Correct "block chain branch" to "consensus branch" to match ZIP 200.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-04-28 20:27:15 +01:00
Daira Hopwood
deafb410de
Add an acknowledgement to Josh Cincinnati for discussions on the Zcash protocol,
...
and to more people associated with the ZK Podcast.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-04-28 20:27:15 +01:00
Daira Hopwood
6b8fca949c
Regenerate PDFs.
2022-03-18 08:54:50 +00:00
Daira Hopwood
634e274df6
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-03-18 08:49:31 +00:00
Daira Hopwood
c7ad527f38
Fix an undefined reference in the history entry for 2021.2.17, in pre-Canopy versions.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-03-18 08:49:31 +00:00
Daira Hopwood
5d3b4ef038
NU5 proposal -> NU5
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-03-18 01:51:34 +00:00
Daira Hopwood
e381ded490
\crossref{coinbasetransactions} effectively defined a coinbase transaction as the first
...
transaction in a block. This wording was copied from the Bitcoin Developer Reference
(https://developer.bitcoin.org/reference/transactions.html#coinbase-input-the-input-of-the-first-transaction-in-a-block ),
but it does not match the implementation in zcashd that was inherited from Bitcoin Core.
Instead, a coinbase transaction should be, and now is, defined as a transaction with a
single null prevout. The specifications of consensus rules have been clarified and adjusted
(without any actual consensus change) to take this into account, as follows:
* a block MUST have at least one transaction;
* the first transaction in a block MUST be a coinbase transaction, and subsequent
transactions MUST NOT be coinbase transactions;
* a transparent input in a non-coinbase transaction MUST NOT have a null prevout;
* every non-null prevout MUST point to a unique UTXO in either a preceding block, or a
*previous* transaction in the same block (this rule was previously not given explicitly
because it was assumed to be inherited from Bitcoin);
* the rule that "A coinbase transaction MUST NOT have any transparent inputs with non-null
prevout fields" is removed as an explicit consensus rule because it is implied by the
corrected definition of coinbase transaction.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-03-18 01:51:33 +00:00
Daira Hopwood
e123584794
Document the consensus rule that coinbase script length MUST be {2..100} bytes. fixes #589
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-03-18 01:09:11 +00:00
Daira Hopwood
c506a972ac
Cosmetics and improvements to indexing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-03-18 01:02:24 +00:00
Daira Hopwood
8f77f6f1df
Acknowledge the developers of Bitcoin Core (as distinct from the designers of the
...
Bitcoin protocol).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-03-18 00:58:54 +00:00
Daira Hopwood
27f5bb1e68
Correct a type error in the usage of Commit^ivk: the output type Commit^ivk.Output includes 0,
...
but the type of incoming viewing keys should not include 0 because KA^Orchard.Private does not.
This is now handled by explicitly rejecting 0 as output from Commit^ivk when generating ivk
in \crossref{orchardkeycomponents}.
An encoding of ivk as 0 is also rejected in \crossref{orchardinviewingkeyencoding} when parsing
an incoming viewing key.
The action circuit needed no changes because pk_d already could not be the zero point, and
therefore the 'Diversified address integrity' condition fails when ivk = 0.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-03-18 00:56:59 +00:00
Daira Hopwood
5c7c728e63
In \crossref{blockchain}, define what a settled network upgrade is, specify requirements
...
for checkpointing, and allow nodes to impose a limitation on rollback depth. Also in
\crossref{bctv}, note that this checkpointing requirement mitigates the risks of not
performing BCTV14 zk proof verification.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-03-18 00:50:06 +00:00
github-actions
ba9137def1
Commit from GitHub Actions (Render pdfs)
2022-02-09 21:46:28 +00:00
Daira Hopwood
82c59282fe
Regenerate PDFs.
2022-01-19 18:16:51 +00:00
Daira Hopwood
81858fff41
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
Daira Hopwood
6c32c7c7ea
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
Daira Hopwood
dcc5532d61
In \crossref{sighash}, add a consensus rule that SIGHASH type encodings MUST be canonical
...
for v5 transactions.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
Daira Hopwood
24cfab0b55
Add reference to [BCGGMTV2014] when discussing an example of an incorrect security claim.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
Daira Hopwood
4ef578706b
In \crossref{internalh}, add a security argument for why the SHA-256-based commitment scheme
...
NoteCommit^Sprout is binding and hiding, under reasonable assumptions about SHA256Compress.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
Daira Hopwood
0cdab5071b
In \crossref{joinsplit}, clarify that balance for JoinSplit transfers is enforced by the
...
JoinSplit statement, and that there is no consensus rule to check it directly.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
Daira Hopwood
8572075604
Regenerate PDFs.
2022-01-03 22:20:04 +00:00
Daira Hopwood
02adb44328
Set Change History entry date, and update version year to 2022.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-03 22:15:14 +00:00
Daira Hopwood
b57f6d1487
Correct the note about domain separators for PRF^expand in \crossref{abstractprfs},
...
and ensure that new domain separators for deriving internal keys from ZIPs 32 and 316 are included.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-03 22:15:14 +00:00
Daira Hopwood
cf1995c2ed
Fix stale links, and correct the accenting of [MÁEÁ2010].
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-03 22:15:14 +00:00
Daira Hopwood
59a220d59e
Change the types of cm_x, Uncommitted^Orchard, and ak in Orchard to { 0 .. q_P-1 },
...
avoiding type errors and reflecting the implementation in zcashd. This eliminates all uses of P_x
(except that ak in an Orchard full viewing key is still required to be a valid Pallas affine
x-coordinate). Also clarify the coordinate system whenever we refer to coordinates.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-03 22:15:14 +00:00
Daira Hopwood
b6e00e0d41
Refine the security argument in the note about partitioning oracle attacks.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-03 22:15:14 +00:00
Daira Hopwood
c3dac4e458
Regenerate PDFs.
2021-12-01 18:16:14 +00:00
Daira Hopwood
82c4e49155
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
Daira Hopwood
d6a33fc056
Add note about resistance of note encryption to partitioning oracle attacks \cite{LGR2021}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
Daira Hopwood
67a4b35dcd
Add acknowledgement to Sasha Meyer.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
Daira Hopwood
eab1ef1a1a
Add acknowledgement to Mihir Bellare for contributions to the science of zero-knowledge proofs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
Daira Hopwood
36252cebf6
Add "note commitment scheme" as a term.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
Daira Hopwood
089a9cb8be
Make consistent use of "spending authority", and add this term to the index.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
Daira Hopwood
4da403f470
Add notes in each Appendix B that z_j may be sampled from {0 .. 2^{128}-1} instead of {1 .. 2^{128}-1}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
Daira Hopwood
1ac6d917b8
Regenerate PDFs.
2021-09-30 17:03:08 +01:00
Daira Hopwood
feb864b672
protocol/Makefile: fix `release` target to use `main` branch rather than `master`.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
Daira Hopwood
b1a707e963
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
Daira Hopwood
bab61e8ecf
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
Daira Hopwood
97fa264611
* Witness g_d^new and pk_d^new in Orchard as non-identity Pallas points, rather than witnessing
...
their representations as bit sequences.
* Note that ak^P in Orchard cannot be the identity.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
Daira Hopwood
7bf094e827
* Use complete addition in SinsemillaCommit.
...
* Correct the proof of Theorem 5.4.6.
* Change the type of cm_old in Orchard to P rather than P*, i.e. allow the identity point.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
Daira Hopwood
06706937d5
Change the type of rt^Orchard from P_x to {0..q_P-1}. This reflects the zcashd implementation;
...
also checking rt^Orchard \in P_x would require a square root and is unnecessary.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
Daira Hopwood
b8f83aac4b
Correct the consensus rule about the maximum value of outputs in a coinbase transaction:
...
it should reference the block subsidy rather than the miner subsidy.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
Daira Hopwood
5688e5cbbd
Fix some cross-references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
Daira Hopwood
195b8147eb
Update links_and_dests.py to support HTML files and rate limiting (part 2).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-09 14:58:42 +01:00
Daira Hopwood
4af8a9684d
Update links_and_dests.py to support HTML files and rate limiting (part 1).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-09 14:57:51 +01:00
Daira Hopwood
dcb4c4e89a
Regenerate PDFs.
2021-09-01 13:43:18 +01:00
Daira Hopwood
c871d448ce
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 13:26:34 +01:00
Daira Hopwood
21f384dcda
Fix URL links to \cite{BBDP2001} and \cite{BDJR2000}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 13:26:34 +01:00
Daira Hopwood
a5c4f139c9
protocol/links_and_dests.py: Some DOI links (i.e. to https://doi.org/ ) redirect to link.springer.com
...
in a way that requires cookies (booo!). We allow this for DOI links, but for all other links we
simulate a client that never sets cookies.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 13:19:33 +01:00
Daira Hopwood
a918bbc6d7
protocol/Makefile: add `discard` target, and make the `linkcheck` target depend on `all-specs`.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 13:17:06 +01:00
Daira Hopwood
0d2b01e602
Cosmetics (captialization of ZKProof).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 11:44:16 +01:00
Daira Hopwood
b7f0a0bd0d
Correct a minor error in the proof of \theoremref{thmsinsemillacr}:
...
the condition SinsemillaHashToPoint(D, M) ≠ ⊥ is required in the proof.
(The case SinsemillaHashToPoint(D, M) = ⊥ is covered by \theoremref{thmsinsemillaex}.)
The proof had not been updated correctly when the statement was revised in v2021.2.0.
Also add a missing D argument to SinsemillaHashToPoint in that proof.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 11:44:16 +01:00
Daira Hopwood
324c9ae7b9
Add \zcashdref for referencing zcashd versions (also \zebraref which is currently unused).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 11:44:16 +01:00
Daira Hopwood
7e5272e70b
Add \historyref for referencing Change History versions.
...
Also fix an incorrect reference to v2019.0-beta-40 that should be v2019.0.0.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 11:44:16 +01:00
Daira Hopwood
b5e5276c4a
Regenerate PDFs.
2021-08-12 21:48:43 +01:00
Daira Hopwood
3ebba2652a
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:44:17 +01:00
Daira Hopwood
8f8ef49618
Add Change History entry for fixing [ZIP-239] in the References.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:43:39 +01:00
Marek
01dbecefea
Fix a typo in bibliography.
2021-08-12 21:40:29 +01:00
Daira Hopwood
219a4ef253
Clarify wording in the Change History entry for v2021.2.13.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:38:20 +01:00
Daira Hopwood
8718157af0
Reword the reference to a Sapling full viewing key in \crossref{saplingdummynotes}
...
(the full viewing key would include ovk, although it is not used in that section).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:37:35 +01:00
Daira Hopwood
0ae051226e
Regenerate PDFs.
2021-07-29 17:35:14 +01:00
Daira Hopwood
045a3a9e54
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-29 17:30:21 +01:00