ba9137def1
Commit from GitHub Actions (Render pdfs)
2022-02-09 21:46:28 +00:00
82c59282fe
Regenerate PDFs.
2022-01-19 18:16:51 +00:00
81858fff41
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
6c32c7c7ea
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
dcc5532d61
In \crossref{sighash}, add a consensus rule that SIGHASH type encodings MUST be canonical
...
for v5 transactions.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
24cfab0b55
Add reference to [BCGGMTV2014] when discussing an example of an incorrect security claim.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
4ef578706b
In \crossref{internalh}, add a security argument for why the SHA-256-based commitment scheme
...
NoteCommit^Sprout is binding and hiding, under reasonable assumptions about SHA256Compress.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
0cdab5071b
In \crossref{joinsplit}, clarify that balance for JoinSplit transfers is enforced by the
...
JoinSplit statement, and that there is no consensus rule to check it directly.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-19 18:09:23 +00:00
8572075604
Regenerate PDFs.
2022-01-03 22:20:04 +00:00
02adb44328
Set Change History entry date, and update version year to 2022.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-03 22:15:14 +00:00
b57f6d1487
Correct the note about domain separators for PRF^expand in \crossref{abstractprfs},
...
and ensure that new domain separators for deriving internal keys from ZIPs 32 and 316 are included.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-03 22:15:14 +00:00
cf1995c2ed
Fix stale links, and correct the accenting of [MÁEÁ2010].
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-03 22:15:14 +00:00
59a220d59e
Change the types of cm_x, Uncommitted^Orchard, and ak in Orchard to { 0 .. q_P-1 },
...
avoiding type errors and reflecting the implementation in zcashd. This eliminates all uses of P_x
(except that ak in an Orchard full viewing key is still required to be a valid Pallas affine
x-coordinate). Also clarify the coordinate system whenever we refer to coordinates.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-03 22:15:14 +00:00
b6e00e0d41
Refine the security argument in the note about partitioning oracle attacks.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2022-01-03 22:15:14 +00:00
c3dac4e458
Regenerate PDFs.
2021-12-01 18:16:14 +00:00
82c4e49155
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
d6a33fc056
Add note about resistance of note encryption to partitioning oracle attacks \cite{LGR2021}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
67a4b35dcd
Add acknowledgement to Sasha Meyer.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
eab1ef1a1a
Add acknowledgement to Mihir Bellare for contributions to the science of zero-knowledge proofs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
36252cebf6
Add "note commitment scheme" as a term.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
089a9cb8be
Make consistent use of "spending authority", and add this term to the index.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
4da403f470
Add notes in each Appendix B that z_j may be sampled from {0 .. 2^{128}-1} instead of {1 .. 2^{128}-1}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-12-01 18:09:12 +00:00
1ac6d917b8
Regenerate PDFs.
2021-09-30 17:03:08 +01:00
feb864b672
protocol/Makefile: fix `release` target to use `main` branch rather than `master`.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
b1a707e963
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
bab61e8ecf
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
97fa264611
* Witness g_d^new and pk_d^new in Orchard as non-identity Pallas points, rather than witnessing
...
their representations as bit sequences.
* Note that ak^P in Orchard cannot be the identity.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
7bf094e827
* Use complete addition in SinsemillaCommit.
...
* Correct the proof of Theorem 5.4.6.
* Change the type of cm_old in Orchard to P rather than P*, i.e. allow the identity point.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
06706937d5
Change the type of rt^Orchard from P_x to {0..q_P-1}. This reflects the zcashd implementation;
...
also checking rt^Orchard \in P_x would require a square root and is unnecessary.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
b8f83aac4b
Correct the consensus rule about the maximum value of outputs in a coinbase transaction:
...
it should reference the block subsidy rather than the miner subsidy.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
5688e5cbbd
Fix some cross-references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-30 16:56:40 +01:00
195b8147eb
Update links_and_dests.py to support HTML files and rate limiting (part 2).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-09 14:58:42 +01:00
4af8a9684d
Update links_and_dests.py to support HTML files and rate limiting (part 1).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-09 14:57:51 +01:00
dcb4c4e89a
Regenerate PDFs.
2021-09-01 13:43:18 +01:00
c871d448ce
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 13:26:34 +01:00
21f384dcda
Fix URL links to \cite{BBDP2001} and \cite{BDJR2000}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 13:26:34 +01:00
a5c4f139c9
protocol/links_and_dests.py: Some DOI links (i.e. to https://doi.org/ ) redirect to link.springer.com
...
in a way that requires cookies (booo!). We allow this for DOI links, but for all other links we
simulate a client that never sets cookies.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 13:19:33 +01:00
a918bbc6d7
protocol/Makefile: add `discard` target, and make the `linkcheck` target depend on `all-specs`.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 13:17:06 +01:00
0d2b01e602
Cosmetics (captialization of ZKProof).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 11:44:16 +01:00
b7f0a0bd0d
Correct a minor error in the proof of \theoremref{thmsinsemillacr}:
...
the condition SinsemillaHashToPoint(D, M) ≠ ⊥ is required in the proof.
(The case SinsemillaHashToPoint(D, M) = ⊥ is covered by \theoremref{thmsinsemillaex}.)
The proof had not been updated correctly when the statement was revised in v2021.2.0.
Also add a missing D argument to SinsemillaHashToPoint in that proof.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 11:44:16 +01:00
324c9ae7b9
Add \zcashdref for referencing zcashd versions (also \zebraref which is currently unused).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 11:44:16 +01:00
7e5272e70b
Add \historyref for referencing Change History versions.
...
Also fix an incorrect reference to v2019.0-beta-40 that should be v2019.0.0.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-09-01 11:44:16 +01:00
b5e5276c4a
Regenerate PDFs.
2021-08-12 21:48:43 +01:00
3ebba2652a
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:44:17 +01:00
8f8ef49618
Add Change History entry for fixing [ZIP-239] in the References.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:43:39 +01:00
01dbecefea
Fix a typo in bibliography.
2021-08-12 21:40:29 +01:00
219a4ef253
Clarify wording in the Change History entry for v2021.2.13.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:38:20 +01:00
8718157af0
Reword the reference to a Sapling full viewing key in \crossref{saplingdummynotes}
...
(the full viewing key would include ovk, although it is not used in that section).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:37:35 +01:00
0ae051226e
Regenerate PDFs.
2021-07-29 17:35:14 +01:00
045a3a9e54
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-29 17:30:21 +01:00
a6fd0153d2
Add a consensus rule in \crossref{merkletree} that a block MUST NOT add note commitments that
...
exceed the capacity of each of the Sprout, Sapling, and Orchard note commitment trees.
Also add a cross-reference for constants used in \crossref{merkletree}.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-29 17:30:21 +01:00
8b8761b302
Regenerate PDFs.
2021-07-29 15:48:31 +01:00
1aefc848bf
Change the number of partial rounds, R_P, for Poseidon from 58 to 56.
...
This matches the number calculated by `calc_round_numbers.py` (for 128-bit security "with margin")
in Version 1.1 of the Poseidon reference implementation.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-29 15:43:24 +01:00
cecfb9b0e4
Regenerate PDFs.
2021-07-20 06:05:58 +01:00
411f39e231
Change the definition of inputs to the action circuit to split enableSpends and enableOutputs
...
into two field elements.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-20 06:00:31 +01:00
8c510a1415
Regenerate PDFs.
2021-07-13 15:55:15 +01:00
36e2059de0
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
ffd97926a8
Clarify in \crossref{transactions} that the remaining value in a transparent transaction value pool
...
is only available to miners as a fee in the case of non-coinbase transactions, and that the remaining
value in the transparent transaction value pool of a coinbase transaction is destroyed.
Co-authored-by: Teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
e628134536
Make heightBytes encoding match NU5 coinbase nExpiryHeight
...
Since nExpiryHeight is limited to `2^32 - 1`, heightBytes is limited to 5 bytes.
Co-authored-by: Teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
819761ef67
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
8c7b2f2a95
Add cross-references for CanopyActivationHeight, ZIP212GracePeriod, and BlockHeight.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
0ad0d3d57a
Clarify that decomposition of scalars for scalar multiplication in the action circuit MUST be canonical,
...
unless a non-canonical decomposition can be proven to result in an equivalent statement -- and clarify
for which multiplications the latter case applies.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
f97ef3ae72
Remove a spurious reference to rseed in \crossref{sproutinband}. There were no changes for Sprout in ZIP 212.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
f0858810a2
Regenerate PDFs.
2021-07-01 20:01:41 +01:00
fb83397ad7
Set the Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
2814e00a1a
Cosmetics and cross-referencing improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
4821afe9ba
Add a clarification in \crossref{txnconsensus} that after Heartwood and before Canopy activation,
...
Sapling outputs of a coinbase transaction MUST have note plaintext lead byte equal to 0x01.
This was implied by the existing rule that such outputs MUST decrypt successfully with an
all-zero outgoing viewing key.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
172573e686
Correct an erroneous statement in \crossref{transactions} that claimed transaction IDs are not part
...
of the consensus protocol.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
55052e4e54
Add a consensus rule for version 5 or later transactions, that if `nActionsOrchard` > 0 then
...
at least one of `enableSpendsOrchard` and `enableOutputsOrchard` MUST be 1.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
3f9ede243b
Replace "must" with "MUST" in two consensus rules specified in \crossref{txnencoding}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
7102635fc6
Correct l to l⋆ in two places in \crossref{saplingmerklecrh}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
3159602dfc
Fix a typo in the Security Requirements for \crossref{orchardmerklecrh}: the length of the input
...
to SinsemillaHash is 10 + 2·ℓ^Orchard_Merkle bits, not 6 + 2·ℓ^Orchard_Merkle bits.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
1ed8e47d56
Allow the Merkle path validity check in the Action circuit to pass if any output of
...
MerkleCRH^Orchard is 0, and add a note in \crossref{merklepath} arguing that this is safe.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
0b7aeae33e
Change the type of MerkleCRH^Orchard to have MerkleHash^Orchard in place of MerkleHash^Orchard ∪ {⊥}
...
for the inputs and output, and map a ⊥ output from SinsemillaHash to 0.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
c33e23e0c2
Delete the consensus rule in \crossref{transactions} that required checking that each intermediate
...
Merkle root of the note commitment tree is not ⊥. Checking this rule would have imposed a
significant performance penalty, since intermediate roots do not otherwise need to be computed.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
076af3f055
Regenerate PDFs.
2021-06-29 18:08:21 +01:00
75e2ae585d
Set Change History entry height.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 18:03:43 +01:00
7f04e327ad
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 18:02:17 +01:00
b3aad58459
Add a section \crossref{txnidentifiers} on how to compute transaction IDs and \wtxids.
...
Split the transaction-related consensus rules into their own subsection \crossref{txnconsensus},
for more precise cross-referencing.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 18:02:00 +01:00
4c118b813e
Describe transaction IDs and wtxids in \crossref{transactions}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 17:59:15 +01:00
9eec2ec378
Change one of the [Sapling onward] consensus rules in \crossref{txnencodingandconsensus} to have
...
the correct applicability: [Sapling to Canopy inclusive, pre-NU5].
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 17:57:03 +01:00
27dc2a5fc4
Regenerate PDFs.
2021-06-28 18:10:48 +01:00
671451008a
Add a step to the algorithm for generating an Orchard note in \crossref{orchardsend}, to restart if esk = 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
b4928747cc
Explicitly say that padding in \crossref{concretesinsemillahash} is by appending zero bits.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
c6247f4bd5
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
ca6d988177
Correct the type of Uncommitted^Orchard, which should be P_x rather than a bit sequence.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
aec18d6aa8
Regenerate PDFs.
2021-06-26 21:32:35 +01:00
dea48add07
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 21:27:26 +01:00
00074e8084
Add ZIPs 203, 212, and 213 to the list of ZIPs updated for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 21:27:26 +01:00
048c1bf24c
Update \crossref{notept} for Orchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
7a8b12d945
* Require that from NU5 activation, the `nExpiryHeight` field of a coinbase transaction is set
...
to the block height. This is needed to maintain the property that all transactions have unique
transaction IDs, as explained in a note in \crossref{txnencodingandconsensus}.
* In order to avoid the block height being limited to 499999999, we also remove that bound on
`nExpiryHeight` for \coinbaseTransactions.
* Remove the recommendation to support 63-bit block heights in \crossref{blockchain} (since it is
incompatible with the above consensus rule for coinbase `nExpiryHeight`).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
ad8bd025b1
The Groth16 `zkproof` field in a JoinSplit description should be colour-coded for Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
5503f766fd
Explicitly apply `MAX_MONEY` to Orchard.
...
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
4ca7409f6f
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
5dff090737
Give cross-references to \crossref{notation} where $\optsqrt$ and $\possqrt$ are used.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
f31b335fe9
Refine the key components diagram in \crossref{addressesandkeys} to show that Orchard incoming
...
viewing keys include both dk and ivk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
6055cca71e
Ensure that the layer number is passed to MerkleCRH in \crossref{merklepath}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:36 +01:00
721dd2483f
Regenerate PDFs.
2021-06-19 20:12:11 +01:00
ea0f196a92
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
09f944d90c
Change the consensus rule that requires at least one input to, and at least one output from a v5
...
or later transaction, to take into account the enableSpendsOrchard and enableOutputsOrchard flags.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
321eed99b4
Correct the type of Extract_P^bot imported in \crossref{concretesinsemillahash}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
6e6fd1605e
Add ZIP 209 to the list of ZIPs updated for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
814ad87b40
Regenerate PDFs.
2021-06-08 12:39:25 +01:00
cc71722eca
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-08 12:33:29 +01:00
ebd54d5ad6
Add an explicit consensus rule in \crossref{txnencodingandconsensus} that the reserved bits of
...
the flagsOrchard field MUST be zero.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-08 12:33:08 +01:00
d25f3c1f47
Correct a cut-and-paste error algorithm for \crossref{orcharddummynotes},
...
which should refer to the Action statement rather than the Spend statement.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-08 10:00:44 +01:00
7d2480648a
Regenerate PDFs.
2021-06-06 03:45:32 +01:00
0a985b9c13
Set date for Change History entry.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
106e73e461
Make the NU5 specification the default.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
e3667dc30d
Add ZIP 239 to the list of ZIPs included in NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
577bb20832
Use "Bech32[m]" when saying that there is no dedicated string encoding for Orchard payment addresses
...
and viewing keys.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:24:47 +01:00
8f3f36fef5
Specify that Orchard spending keys are encoded using Bech32m.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:02:44 +01:00
ccaa100141
Reference [SVPBABW2012]: link to the ePrint summary page rather than the PDF.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
99e5d92843
Clarify that epk encoded in an Action description cannot be the zero point.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
c4b65c39cc
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
9bc46070f3
Say that the round constants as well as the MDS matrices are generated according to Version 1.1
...
of the Poseidon reference implementation.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
5fa8a60b08
Specify (as a note in \crossref{actionstatement}) the encoding of primary inputs to the action circuit.
...
This uses new helper functions $\Selectx$ and $\Selecty$ defined in \crossref{concreteextractorpallas}.
The specification of Extract_P has also been refactored to use $\Selectx$ (this does not change the Orchard protocol).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
6a0c15df29
Move the section on abstraction to the Abstract Protocol section, and split section 5.2 to avoid renumbering.
...
fixes #512
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
f4a0a1284e
Delete a misleading sentence about Ed25519 encodings being specified in \cite{BDLSY2012}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
9e2938b555
Correct an error in the specification of height-in-coinbase for block heights 1..16.
...
Also clarify requirements on the range of block heights that should be supported.
fixes #517
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
530f00e150
Update title of ZIP 316.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
44ad348ce6
Regenerate PDFs.
2021-05-20 22:27:53 +01:00
c3f48359e6
Clarify that v4 transactions continue to use the ZIP 243 SIGHASH algorithm after NU5 activation.
...
fixes #510
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 22:23:19 +01:00
572a0d6e4f
Regenerate PDFs.
2021-05-20 22:02:23 +01:00
0ab0bcb7cb
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:57:49 +01:00
eb5a018396
Note that [JT2020] proves a tight reduction from finding a nontrivial discrete log relation to DLP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:57:03 +01:00
b6e50f8252
Clarify the distinction between Orchard incoming viewing keys and KA^Orchard private keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:47:34 +01:00
e7ec658413
Cosmetics and indexing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:45:59 +01:00
c90528fa5c
Change the notation \mathcal{I}^D_i for a Sapling Pedersen generator to \mathcal{I}(D, i).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 21:11:09 +01:00
9f948307cf
Change the type of Orchard Merkle hashes to \mathbb{P}_x, with a corresponding change to the
...
signature of MerkleCRH^Orchard. Add a note to \crossref{merklepath} clarifying that non-canonical
encodings are allowed as input to MerkleCRH^Orchard.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 21:07:10 +01:00
67cea8589a
Add a note to \crossref{merklepath} clarifying the encoding of rt^Sapling as a primary input to
...
the Sapling spend circuit, and that non-canonical encodings are allowed as input to MerkleCRH^Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 20:39:42 +01:00
c5589648c1
Cosmetics (vertical spacing for the non-NU5 spec).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 15:37:06 +01:00
79d1a477db
Add Change History entry for the correction to the size of vActionsOrchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 15:37:06 +01:00
3f3195eb5c
Fix Orchard Action byte size
...
Since the signature is now separate, the size is 64 bytes smaller.
2021-05-18 15:37:06 +01:00
e9430c3752
Regenerate PDFs.
2021-05-07 16:41:22 +01:00
74c83f6d59
Set history entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:22 +01:00
205b2f5861
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:22 +01:00
d0caaa2ee9
Clarify that transparent inputs are prohibited in coinbase transactions only if they have a non-null `prevout` field. closes #498
...
Co-authored-by: teor <teor@riseup.net>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:13 +01:00
330254c9ca
Add ZIP-244 block commitments as a consensus rule. closes #499
...
It's currently just a note, which makes it look like the Heartwood rule might still apply.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:34:36 +01:00
296b8e6543
Make "Discrete Logarithm Problem" and "Decisional Diffie–Hellman Problem" indexed terms.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
1db1224657
Unlinkability of diversified addresses depends on DDH, not DLP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
4353accc0e
Add [Canopy onward] and [NU5 onward] to a couple of notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
e4af6e42a0
State explicitly that valueBalanceOrchard can only be negative in a coinbase transaction if
...
it has ZIP 213 shielded outputs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
639a554a04
Change the statement of Theorem 5.4.3 to exclude ⊥ outputs from SinsemillaHashToPoint.
...
Previously the proof did not match the statement.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
d7bd67900a
Update the list of ZIPs relevant to NU5 in \crossref{networkupgrades}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
00c39b73e0
Delegate to ZIP 316 for the specification of unified payment addresses and unified viewing keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
38b740aad2
Caveat how the result of \cite{GG2015} applies to analysis of PRF^nfOrchard in \crossref{concreteprfs}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
4804f6040e
Add a paragraph to \crossref{truncation} covering Orchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
748e6f8f37
Typo.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
35c8af6e47
DJB's "High-speed cryptography" book seems completely stalled.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
github-actions
Daira Hopwood
Marek
teor