Daira Hopwood
8364aff29c
Change the description of BLAKE2s to correct the constraint count and to describe batched equality checks performed by the sapling-crypto implementation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-15 15:07:23 +01:00
Daira Hopwood
ad0479ac77
Finish the description of range checks in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-15 14:52:50 +01:00
Daira Hopwood
0351335662
Minor corrections to affine Edwards variable-base multiplication in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-14 10:43:05 +01:00
Daira Hopwood
3b16c62958
Finish the Appendix A description of BLAKE2s.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-14 10:41:40 +01:00
Daira Hopwood
10019825e9
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:57:38 +01:00
Daira Hopwood
324d634a29
Define "represented subgroup".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:57:23 +01:00
Daira Hopwood
36bcc8f3f0
Correct the Change History entry of this version for Sprout.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:57:07 +01:00
Daira Hopwood
745da1e36d
Minor improvement to the type of z_j used in RedDSA batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:35:58 +01:00
Daira Hopwood
a902df4c5c
Correct the description of Groth16 batch verification
...
to explicitly take account of how verification depends on primary inputs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:35:26 +01:00
Daira Hopwood
f90012ce5e
Clarify order checking for proof elements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:33:03 +01:00
Daira Hopwood
05d72a4b71
Add Charles Rackoff, Rafail Ostrovsky, and Amit Sahai to the acknowledgements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:30:21 +01:00
Daira Hopwood
998cb2ff95
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:28:59 +01:00
Daira Hopwood
81598de991
Notational changes:
...
- Use a superscript (r) to mark the subgroup order, instead of a subscript.
- Use G^{(r)∗} for the set of r_G-order points in G.
(r)
- Mark the subgroup order in pairing groups, e.g. use G_1^{(r)} instead of G_1.
- Make the bit-representation indicator (five-pointed star) an affix instead of a superscript.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-12 16:24:15 +01:00
Daira Hopwood
b605fe1061
Cosmetics and minor wording improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-11 21:09:53 +01:00
Daira Hopwood
b2f42d987c
Macro simplifications.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-11 21:05:19 +01:00
Daira Hopwood
ade889eef7
Add an appendix on Groth16 batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 17:30:04 +01:00
Daira Hopwood
2e74200366
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 17:29:44 +01:00
Daira Hopwood
34cf757891
Add the hashes of parameter files for Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:06:52 +01:00
Daira Hopwood
af90f0c4af
Add cross references for RedDSA batch verification appendix.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:06:26 +01:00
Daira Hopwood
7450495335
Cosmetics: fix a warning about Unicode in headings.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:03:46 +01:00
Daira Hopwood
996045013e
Makefile: name the Sprout version as sprout.pdf and link protocol.pdf to the Sapling verison.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 10:02:24 +01:00
Daira Hopwood
d5c79e2592
Put the change history back in the correct order (beta-23 and -24 were reversed).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-08-05 08:54:03 +01:00
Daira Hopwood
ff397a6aff
Add a missing consensus rule for v4 transactions: if there are no Sapling spends or outputs, valueBalance MUST be 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-31 03:47:26 +01:00
Daira Hopwood
2f0c68b616
Add an appendix on RedDSA batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
Daira Hopwood
90692541aa
Update RedDSA verification to use cofactor multiplication.
...
This is necessary in order for the output of batch verification to match unbatched verification in all cases.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
Daira Hopwood
4d8031f659
Make the Sprout version of the spec say [Sprout] in the version.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
e1ee4e615e
Updates to take account that Overwinter has activated.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
89c05c0303
The recommendation for transactions without JoinSplit descriptions to be v1
...
applies only before Overwinter, not before Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
71617341c9
Wording improvements for the effect of upgrades on sighash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
c2b8ba2052
Rename nuzero macro names to overwinter.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
45f9005714
Add TODO to check whether the circuit sometimes omits curve checks.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
f11a24afc3
Delete or clarify unused optimizations in Appendix A.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
6e4a9455df
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
128a4fc862
Cross-reference PRF^ock for Sapling encryption.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
53e6f29d18
Clarify the selection of ovk in sending Sapling notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
699a78e749
Clarify the use of cv^new and cm^new in sending Sapling notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
b0b1f60cc2
Reword the conclusion from theorem A.3.4 for precision.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
0200f63ace
Complete the proof of theorem A.3.4.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
dcd929291a
Add note about the nonsmall-order check on rk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
db3ea270c5
The \difference macro was not used consistently; use \setminus instead.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
92eb6c5751
Correct the conformance requirement for fOverwintered.
...
This addresses a Least Authority issue.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
f3ba658772
Note which conformance requirements of BIP 173 (Bech32) apply.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
da5909bff5
Improve acknowledgements section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
911bc3a9ed
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
52428befa7
Correct an error in RedDSA.Verify: vk is given, not computed from sk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
432e39ee4c
Correct the argument that the sum of value commitments is in range.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
001474760a
Corrections related to outgoing viewing keys and ciphertexts.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
398cc64619
Add section on signature hashing, and a note on malleability of proofs.
...
Also describe the changes in sighash computation relative to Bitcoin.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
be632b4a21
P2PKH addresses use a hash of a compressed, not an uncompressed ECDSA key representation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00
Daira Hopwood
d1a6e2809d
Say that Sprout interstitial treestates form a tree.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-06-22 22:49:49 +01:00