Daira Hopwood
5fcbf2e732
The specification that PRFaddr must be collision-resistant is changed from Zerocash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
b30dc16eb3
Add requirement for computing square roots.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
4993fde31a
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
9bc3446de0
Add concensus rule for ranges of vpubOld and vpubNew.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
fbef8a863e
Add sections on Block headers and Equihash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
22d834f604
Improve definitions and macros.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
a0006c8f8d
Reorganise block chain sections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
9f697b0926
Change the memo size to 512 bytes, and move ciphertexts to the end
...
of a JoinSplit description.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
2620654375
Add section on proving system, and change the proof encoding size to 296 bytes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
3333a4b877
Fill in "Omission in Zerocash security proof" section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
7d816b6304
Fill in "In-band secret distribution" comparison section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
df2247b648
Acknowledge Jack Grigg and Simon Liu.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
1b9111e8c4
Reference the extended Zerocash paper, not the conference version.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
1e6e788d0c
Cosmetics and copy-editing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
b189e26191
Abstractify uses of Curve25519.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
f633c7bc4d
Add changelog section for 2016.0-beta-1.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
1fd8ead32d
More consistent dates in references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
4729293da7
Add citation to 'Fixing Vulnerabilities in the Zcash Protocol' blog post.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
4a8889b958
Add acknowledgement for jl777.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
6aa2753f16
Fix the lead bytes in payment address and spending key encodings.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
8e2d942f69
Remove some unused macros that were associated with selective transparency.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
94e426342e
Add Key Derivation Functions in the abstract protocol section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
c94e27261b
Add JoinSplit operations in the Concepts section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
2ab5d2fef0
Move the KDF instantiation section to be in the same order as the abstract protocol.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
b1225f91ae
COMM trapdoor -> commitment trapdoor.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
e9d69b242b
Add definitions for key agreement schemes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
12144bf2df
Fix Makefile portability problem.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
91d4384924
Add protocol.ver.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
b2471394e2
Regenerate PDF.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
bca7bb75a8
Switch to Ed25519.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
d31e2cd886
Add Coinbase Transactions section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
e7b578d73e
WIP
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
afeecbd7b4
Regenerate PDF.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
ba826eec2d
More reorganisation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
50730b8170
Initial reorganisation to split abstract and concrete protocol sections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-09-04 04:33:45 +01:00
Daira Hopwood
aefc864cc9
Regenerate PDF.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-05-20 23:37:35 +01:00
Daira Hopwood
57a4d1cab5
Switch to Quattrocento font for body text, and clean up some LaTeX warnings that causes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-05-20 23:30:33 +01:00
Daira Hopwood
17741b7cfa
Makefile: allow the latex command to be changed more easily.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-05-20 23:30:33 +01:00
Daira Hopwood
d5ac4f792c
Regenerate PDF for 2016.0-alpha-3.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-05-09 21:18:41 +01:00
Daira Hopwood
f7e1889513
Change version numbering convention.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-05-09 21:15:50 +01:00
Daira Hopwood
1226c22929
Regenerate PDF for 2.0-alpha-3.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-05-06 15:48:36 +01:00
Daira Hopwood
365fe6d068
Add change history and reference to https://github.com/zcash/zcash/issues/836
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-05-06 15:47:59 +01:00
Daira Hopwood
d6d25dec43
Allow anchoring to any previous output treestate in the same transaction. closes https://github.com/zcash/zcash/issues/604
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-05-06 15:04:08 +01:00
Daira Hopwood
9bb4410e45
Regenerate PDF.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-21 03:05:58 +01:00
Daira Hopwood
d20080c2c3
Add automatic git versioning. fixes #37
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-21 03:04:45 +01:00
Daira Hopwood
465ce90631
Try rerendering the key_components diagram with "Convert text to paths", to
...
work around a github PDF renderer issue.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-19 01:51:43 +01:00
Daira Hopwood
2a322f8647
Key terminology changes. Also remove some unused macros. fixes #44
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-18 18:31:22 +01:00
Daira Hopwood
859059fb9d
Add note about Merkle tree validity.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-11 22:14:15 +01:00
Daira Hopwood
4c062451d3
Minor refinements. refs #14
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-08 20:55:49 +01:00
Daira Hopwood
c478fa1299
Specify Merkle tree. fixes #14
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-08 20:45:53 +01:00
Daira Hopwood
dcdb0fb3dc
Cosmetics: BLAKE2b-256 macros.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-07 01:55:13 +01:00
Daira Hopwood
cdae617357
BLAKE2b/256 -> BLAKE2b-256.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-06 17:04:04 +01:00
Daira Hopwood
75b8750d59
Require PRF^addr to be collision-resistant. refs ticket:zcash/zcash/836
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-06 14:38:58 +01:00
Daira Hopwood
e2dbad2448
Cosmetic changes to conformance macros.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-04 17:29:16 +01:00
Daira Hopwood
83ae851aad
Show Daira as lead author and add "as intended for the Zcash release of summer 2016".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-04 04:33:39 +01:00
Daira Hopwood
7826c99919
Minor correction to what sighashes cover.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-04 04:20:19 +01:00
Daira Hopwood
015b607650
Cosmetics: fix spacing in section references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-04 04:20:19 +01:00
Daira Hopwood
9f37a0d3c8
Cosmetics: change font of ASCII strings to bold tt.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-04 04:20:19 +01:00
Daira Hopwood
389ae76bdb
Change to BLAKE2b/256, and add pubKeyHash indirection. fixes #26
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-04 04:20:19 +01:00
Daira Hopwood
76d87e6995
Revert addition of Eli's comments -- moved to eli-comments.0 branch.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-04-04 04:04:07 +01:00
eli.ben.sasson
fb15dd2396
comments through section 5
2016-03-31 11:00:04 +03:00
Daira Hopwood
62f615e459
Clarification of endianness, and that uses of BLAKE2b are unkeyed.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-31 02:21:43 +01:00
Daira Hopwood
ecba0f9e5d
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-31 02:21:02 +01:00
Daira Hopwood
d4d095b33d
Update version to 2.0-alpha-1.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-30 15:42:07 +01:00
Daira Hopwood
0bc03313bf
Changes to signatures.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-30 15:18:50 +01:00
Daira Hopwood
c19f1d1523
Change bit ordering.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-30 14:27:43 +01:00
Daira Hopwood
e95fee5ce7
Add lead byte to note plaintext.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-30 03:47:57 +01:00
Daira Hopwood
5b0c01d6d0
Clarify that we're using the IETF definition of AEAD_CHACHA20_POLY1305,
...
and that hSig is an input to the KDF.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-30 03:32:28 +01:00
Daira Hopwood
fb2492d7e5
Switch to Blake2b for KDF and hSig.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-30 03:28:01 +01:00
Daira Hopwood
674c5614f2
\serialNumber -> \nullifier and related macro changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-30 01:36:34 +01:00
Daira Hopwood
6897bebfe6
Reserve non-UTF-8 lead bytes in memo field.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 15:08:15 +01:00
Daira Hopwood
9397a606b9
Change memos from 64 to 128 bytes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 03:21:50 +01:00
Daira Hopwood
6f0f88c9de
Change r from 192 to 256 bits.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 03:15:08 +01:00
Daira Hopwood
3dffb0d9c7
Pour/Xfer -> JoinSplit.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 02:28:50 +01:00
Daira Hopwood
263122966a
coin -> note in macro names.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 02:28:07 +01:00
Daira Hopwood
819eb1dac9
transaction -> \transaction
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 01:19:34 +01:00
Daira Hopwood
4036a5d6e4
Make t 8 bits.
...
(This is not a protocol change, it's just simpler because it avoids endianness issues.)
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 01:18:53 +01:00
Daira Hopwood
fedfc3c315
Fix an endianness bug.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 01:17:36 +01:00
Daira Hopwood
6f049a2c8d
Add restriction that either vpubOld or vpubNew is zero.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 01:16:06 +01:00
Daira Hopwood
c338fd141b
Pour descriptions go in transactions, and only indirectly in blocks. fixes #20
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 00:40:09 +01:00
Daira Hopwood
5bf271d993
ephemeralKey is a change from Zerocash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-29 00:31:11 +01:00
Daira Hopwood
31ce718464
Fix endianness bug in an example.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-23 13:28:17 +00:00
Daira Hopwood
8b5c20cd38
Change i to be the first argument to KDF for consistency with other functions.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-22 20:40:52 +00:00
Daira Hopwood
d4e95b73f6
Change KDF to SHA-512 and add hSig input.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-22 17:41:57 +00:00
Daira Hopwood
8b9851a431
Remove a_pk from note plaintexts. This also fixes a bug where the recipient
...
would incorrectly use the decrypted a_pk to check the coin commitment, rather
than its own a_pk.
(The length of encCiphertexts was already computed assuming this change.)
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-20 23:36:54 +00:00
Daira Hopwood
5bbbb0bde6
Use standard AEAD_CHACHA20_POLY1305.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-20 23:32:01 +00:00
Daira Hopwood
d98c941429
Switch to little-endian encoding, consistent with Bitcoin serialization.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-20 23:19:38 +00:00
Daira Hopwood
350c5ae598
DecryptCoin -> DecryptNote.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-20 20:37:43 +00:00
Daira Hopwood
c55489fa2d
Fix some macro uses, and rename rn to nf.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-20 20:29:42 +00:00
Daira Hopwood
5e408580c1
Remove "map" terminology; the spent nullifiers are a set at this level of abstraction.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-20 20:26:37 +00:00
Daira Hopwood
d60fda0e3d
Rename remnant (serial number) -> nullifier.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-20 19:48:19 +00:00
Daira Hopwood
0b0295e29e
Fix some cases where macros were not used consistently.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-20 19:46:19 +00:00
Daira Hopwood
08e25a8b21
WIP - new terminology.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-18 21:09:24 +00:00
Daira Hopwood
0e6953a6eb
WIP: Define types for serialized fields.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-18 01:20:44 +00:00
Daira Hopwood
5ebe7b31e0
Specify precisely the data to be signed. This includes a design change
...
to use a single signature covering all of the transaction except
pourPubKey and pubSig.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-16 01:36:37 +00:00
Daira Hopwood
a5096c755a
Bibliography: cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-16 01:34:45 +00:00
Daira Hopwood
57d94a0bf9
Specify precise encoding of ECDSA public key. Also improve description
...
of how the public key is bound to the Pour statement.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-16 00:06:01 +00:00
Daira Hopwood
5d3b31b15f
Cosmetics, re-render PDF.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-15 23:23:38 +00:00
Daira Hopwood
1bd4e4cfdb
Make some subparagraphs into subsections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-15 23:23:05 +00:00
Daira Hopwood
5a78817989
Reference libsnark for encoding of proofs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-15 23:22:22 +00:00
Daira Hopwood
245c52036c
randomSeed must be chosen independently at random for each Pour description.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-15 23:21:41 +00:00
Daira Hopwood
223f7d2e1e
Be more precise about Pour transfers.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-15 23:20:46 +00:00
Daira Hopwood
87c502ffd3
Enforce canonical ECDSA signatures, and specify encodings (WIP).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-15 23:20:17 +00:00
Daira Hopwood
23e66ae090
Change 'script*' variables to 'pour*', and add references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-15 23:17:14 +00:00
Daira Hopwood
28b38b5eb9
Fix 'make clean'.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-15 23:13:51 +00:00
Daira Hopwood
10ac791004
Remove viewing keys (except for sk_enc) for now.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-13 02:16:30 +00:00
Daira Hopwood
42954ecdac
Fill in more sections of "Differences from Zerocash".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-13 01:23:04 +00:00
Daira Hopwood
3d04c384f1
Add Nathan Wilcox to authors.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-09 00:40:08 +00:00
Daira Hopwood
1b1e1f8456
Add lead byte to KDF input.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-07 21:08:14 +00:00
Daira Hopwood
95e6fc42cd
Seriously, LaTeX, this paragraph is just fine.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-07 21:06:23 +00:00
Daira Hopwood
a8ff6110e6
Adjust list spacing. (I'm picky about things like that.)
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-07 21:05:45 +00:00
Daira Hopwood
e15a4fc0a4
Clarify that the nonce to AEAD_CHACHA20_POLY1305 is 96 bits, and the key 256 bits.
...
fixes zips/#19
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-07 17:00:31 +00:00
Daira Hopwood
c57d295a38
Fix definitions of a_vk and a_pk in Pour statement. fixes zips#18
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-07 16:52:15 +00:00
Daira Hopwood
64c91164ab
Descriptions of scriptSig and scriptPubKey were the wrong way round. fixes zips#17
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-07 04:53:02 +00:00
Daira Hopwood
2fac159404
Fix index error in computation of hSig.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-07 04:38:51 +00:00
Daira Hopwood
26df1df754
Define some convenience macros to shorten 1..N^{old,new}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-07 04:36:29 +00:00
Daira Hopwood
9bbae8ce2a
Makefile: avoid error if protocol.aux doesn't exist.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-07 04:15:27 +00:00
Daira Hopwood
a1b1cd62c3
Notation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-07 03:38:00 +00:00
Daira Hopwood
6d25c4beb2
Be more precise about the specification of Curve25519 functions.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-06 23:26:40 +00:00
Daira Hopwood
a9da411767
Rearrange domain separation to make room for greater pour arities, and
...
state explicitly the domain separation convention for uses of the full hash.
Also bump the draft number.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-06 22:21:48 +00:00
Daira Hopwood
39e5992e60
Clarify endianness.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-06 22:19:12 +00:00
Daira Hopwood
608c0dbcb0
Fix potential attacks due to unclamped esk provided to a viewing key holder.
...
(The other change from epk to epk* in the KDF input is just for clarity,
since we check that epk* = epk.)
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-06 10:34:34 +00:00
Daira Hopwood
acf7cabe39
More PDF niceties.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-05 21:45:11 +00:00
Daira Hopwood
5e14841dce
Make hyperref links go to the top of the page to avoid having to scroll up.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-05 21:28:15 +00:00
Daira Hopwood
9069509095
Generate PDF index.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-05 21:12:38 +00:00
Daira Hopwood
c8e8846a53
More cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-05 21:05:06 +00:00
Daira Hopwood
06e747ed1f
Suppress spurious overfull hbox warnings; other cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-05 21:02:46 +00:00
Daira Hopwood
96f8c869f2
Fancy linking of cross-references and URLs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-05 20:20:11 +00:00
Daira Hopwood
63b7fa7f1a
Move the specification of how a coin plaintext is encoded.
...
This avoids the implication that we intend it to be Base85Check-encoded,
and makes the statement about prefix-freedom true again.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-05 18:37:40 +00:00
Daira Hopwood
661e894907
Remove version byte in coin plaintext.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-05 18:19:33 +00:00
Daira Hopwood
b0f06c6589
Correct a misstatement in the 'Decryption by a Viewing Key Holder' section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-04 00:29:30 +00:00
Daira Hopwood
b6f8ab3f9b
Formatting; fix key derivation diagram.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-03 18:51:33 +00:00
Daira Hopwood
70dede1507
Unified spec with or without viewing keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-03 18:43:10 +00:00
Daira Hopwood
605d6ef5b1
Cosmetics.
2016-03-03 15:25:25 +00:00
Daira Hopwood
1875e0d389
Fix size of r in Coin Plaintexts section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-03 15:25:15 +00:00
Daira Hopwood
b2ef4732af
Don't mention s in Coins section; it's confusing given that COMM^s no longer exists.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-03 15:24:45 +00:00
Daira Hopwood
d3b2bfe5fb
Improve presentation of decryption by viewing key holder; define \bot.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-03 14:01:39 +00:00
Daira Hopwood
9ad8d7ee50
Improve presentation of P^disclose, fix a use-before-definition,
...
and correct an N^new -> N^old.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-03 14:00:52 +00:00
Daira Hopwood
e634b9ceb1
Viewing key optimizations.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-02 16:09:52 +00:00
Daira Hopwood
d3b0cfd649
Correct confusion between N^new and N^old in decryption by a viewing key holder,
...
and add a clarification about a viewing key holder acting as a recipient.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-02 15:29:37 +00:00
Daira Hopwood
9ba83513bb
Fix length of r.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-03-02 00:15:43 +00:00
Daira Hopwood
f5ab4ef51d
Ensure that a viewing key holder can decrypt the value of the old coin.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-29 14:19:35 +00:00
Daira Hopwood
80dcdeef4f
"additional data" -> "associated data".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-28 11:25:41 +00:00
Daira Hopwood
d7dd20d281
Wording improvement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-27 23:40:01 +00:00
Daira Hopwood
65ebefd7e8
Merge "Raw Encoding" subsubsections into their parent, and correct a section title.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-27 23:39:12 +00:00
Daira Hopwood
f3041d4e07
The viewing key holder should check epk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-27 21:14:39 +00:00
Daira Hopwood
9611e0b35b
The arguments to Curve25519 multiplication were consistently the wrong way round.
...
Also, add the base point argument to the computation of pk_enc from sk_enc.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-27 21:12:50 +00:00
Daira Hopwood
c6ec1e0e07
Note about some fields not being constrained in the circuit.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-27 20:58:39 +00:00
Daira Hopwood
a816d1fd18
Correct an obsolete paragraph relating a_sk and a_pk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-27 20:38:58 +00:00
Daira Hopwood
0770ff87dc
Acknowledgements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-27 00:54:33 +00:00
Daira Hopwood
0545c5b9ca
Work in progress on "Differences from Zerocash" section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-27 00:54:06 +00:00
Daira Hopwood
98398f0385
Update Pour statement for viewing keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-27 00:52:14 +00:00
Daira Hopwood
a2d625f1b2
Merge branch '738.fix-internalh-collision.0' into 406.viewing-keys.1
...
Includes other fixes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-26 17:22:59 +00:00
Daira Hopwood
ce18d51650
Proposed fix for domain separation and truncation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-26 16:36:59 +00:00
Daira Hopwood
e7ad03ac52
The nonce input to the AEAD isn't long enough, so derive K^disclose_i using a PRF instead.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-26 01:56:04 +00:00
Daira Hopwood
abb9da9937
Fix a long line.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-26 00:21:25 +00:00
Daira Hopwood
f0c24c113e
Merge branch '738.fix-internalh-collision.0' into 406.viewing-keys.1
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-26 00:17:19 +00:00
Daira Hopwood
e20d0dd437
Fix for InternalH collision attack.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-26 00:02:11 +00:00
Daira Hopwood
1d03b32575
Fix order of arguments to nonce in Pour statement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 23:44:44 +00:00
Daira Hopwood
14e2428c66
Include security@z.cash address.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 23:41:47 +00:00
Daira Hopwood
e2d08d1073
Fix the definition of P^shared.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 23:39:20 +00:00
Daira Hopwood
91ecf4ff93
Fix keystream reuse bug found by Taylor.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 23:38:31 +00:00
Daira Hopwood
7719e708c7
Fixes to Pour statement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 21:42:28 +00:00
Daira Hopwood
19eb032dac
Fixes to encryption section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 21:42:00 +00:00
Daira Hopwood
dc4e99389e
Add back some information that was lost in a previous refactoring.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 19:43:03 +00:00
Daira Hopwood
0e3aee41ac
Fix encodings to take into account viewing keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 19:41:06 +00:00
Daira Hopwood
36340df6c2
Rearrange sections; macro cleanups.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 18:32:18 +00:00
Daira Hopwood
3576398cfb
WIP: encryption and key derivation changes for viewing keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 17:13:31 +00:00
Daira Hopwood
d33c441c91
Makefile: protocol.pdf depends on key_components.pdf.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 17:12:56 +00:00
Daira Hopwood
50dcb686f0
Define 1..N notation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 17:12:28 +00:00
Daira Hopwood
0db3ecc2ad
Add comments about changes in coin validity due to blockchain evolution.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-25 17:10:26 +00:00
Daira Hopwood
a8468efb58
More WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-17 02:03:50 +00:00
Daira Hopwood
6a2713ec02
WIP toward changing the disclosure ciphertext to symmetric encryption.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-17 01:57:21 +00:00
Daira Hopwood
0e43170229
New key_components diagram.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-17 00:58:02 +00:00
Daira Hopwood
2d924b2fbc
Add key_components diagram.
2016-02-16 20:08:52 +00:00
Daira Hopwood
a7e10012f7
Work in progress for viewing key support.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-16 20:07:31 +00:00
Daira Hopwood
9ed6ece058
Add conformance definitions and Caution section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-16 19:49:37 +00:00
Daira Hopwood
e58b268d5d
Correct i to i-1 in the PRF inputs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-16 19:47:27 +00:00
Daira Hopwood
270959b5cd
Add make target that makes the PDF unconditionally.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-16 19:45:29 +00:00
Daira Hopwood
b3b34c21f0
Add table of contents and version.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-11 18:54:23 +00:00
Daira Hopwood
7f00921967
Change coin commitments in Merkle tree diagram back to cm.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-11 18:37:28 +00:00
Daira Hopwood
63a13665b7
Highlight changes for Faerie Gold fix.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-11 18:21:39 +00:00
Daira Hopwood
8b3f18bbe3
Correct an error in the definition of PRF^rho.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-11 16:29:42 +00:00
Daira Hopwood
dd3464441a
Proposed fix for Faerie Gold attack -- WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-11 16:28:59 +00:00
Daira Hopwood
0d8ca188fe
Formatting cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-11 16:27:55 +00:00
Daira Hopwood
f169514c65
Highlight changes from original Zerocash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-11 15:04:56 +00:00
Daira Hopwood
55c631d37f
Correct the length of pk_enc in a raw-encoded address.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-09 00:51:25 +00:00
Daira Hopwood
e30bd3e555
Clarification of another difference from crypto_box_seal.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-07 21:55:20 +00:00
Daira Hopwood
0329a2e768
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-07 21:54:57 +00:00
Daira Hopwood
eafecf2ad9
Proposed fix to issue raised by Matthew Green about defence in depth.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-07 11:38:10 +00:00
Daira Hopwood
c822d433d0
Reorder definitions to avoid a forward reference.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-07 11:26:30 +00:00
Daira Hopwood
c3646a4cd4
Fix formatting and warnings.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-07 11:26:13 +00:00
Daira Hopwood
d8cf2eae83
Switch from blake2b to SHA-256 for nonce computations.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-07 11:25:51 +00:00
Daira Hopwood
3d56cf291a
Memo field fixes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-07 11:25:51 +00:00
Daira Hopwood
906975de12
More references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-07 11:25:30 +00:00
Daira Hopwood
93d4303968
Proposed crypto_box encryption.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-07 11:25:30 +00:00
Daira Hopwood
d4b5d5eed9
Fix truncation in PRF^sn and PRF^pk. closes #686
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-02 23:40:44 +00:00
Daira Hopwood
ce5cff9eeb
Add "Differences from the Zerocash paper" section.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-02-01 22:08:13 +00:00
Daira Hopwood
131642e53b
Adjust formatting of raw encoding layouts.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-29 00:42:16 +00:00
Daira Hopwood
5456ddf2a6
Fix size of r.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-29 00:41:41 +00:00
Daira Hopwood
c080e5eda2
Merge branch 'nathan-wip' of github.com:Electric-Coin-Company/zips into daira-wip
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-29 00:17:04 +00:00
Nathan Wilcox
38290a7a86
Several comments and a few rewrites while pairing with Daira.
2016-01-28 16:10:30 -08:00
Daira Hopwood
9cddba31fc
Improve paragraph spacing and remove paragraph indent.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-29 00:00:21 +00:00
Daira Hopwood
a7d75007fa
Clarify what "collision-resistant across all x" means.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-28 23:55:17 +00:00
Nathan Wilcox
b3da327877
Add a README with some barebones build dependency instructions.
2016-01-28 15:16:08 -08:00
Nathan Wilcox
cc97884b1b
Add a README with some barebones build dependency instructions.
2016-01-28 15:15:43 -08:00
Daira Hopwood
304dd6be27
Make the order of fields in a coin tuple consistent.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-28 22:41:29 +00:00
Daira Hopwood
19fb4e39ef
Use Leading and Trailing functions; fix alignment of bit diagrams.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-28 22:33:43 +00:00
Daira Hopwood
ce6109f730
Define Leading and Trailing functions.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-28 22:33:13 +00:00
Daira Hopwood
592c06c263
Fix PRFpk notation, clarify truncation, and answer a question about PRFsn.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-27 13:21:11 +00:00
Daira Hopwood
aa0087f501
Terminology tweak.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-27 00:49:13 +00:00
Daira Hopwood
a9ef6f47ab
We only use unsigned integers, and there should be no unspecified formats
...
(except Pour proofs, currently).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-27 00:48:52 +00:00
Daira Hopwood
d9fea514aa
Formatting stuff.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-27 00:34:42 +00:00
Daira Hopwood
74e6963e96
Add question about collision-resistance of PRF^sn.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-27 00:33:48 +00:00
Daira Hopwood
fe003d4954
Fix references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-27 00:32:57 +00:00
Daira Hopwood
862b201906
preceding -> immediately preceding.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-26 23:40:53 +00:00
Daira Hopwood
cf46f231e6
Simplify description of anchor constraints.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-26 23:36:53 +00:00
Daira Hopwood
d2df941912
Add Base58Check reference.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-26 23:36:29 +00:00
Daira Hopwood
75eb8a4099
WIP
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2016-01-26 23:15:17 +00:00
Sean Bowe
620c06436c
Remove outdated notes.
2016-01-20 13:38:22 -07:00
Daira Hopwood
48ca93a1d5
Be pedantic about what an ECIES public key is, and fix some font issues.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2015-12-23 02:14:05 +00:00
Daira Hopwood
ca1c8fe504
Add 'make clean' target.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2015-12-23 02:13:11 +00:00
Daira Hopwood
2791823a6a
Re-render the PDF. (make lied to me about it being up-to-date.)
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2015-12-23 00:04:13 +00:00
Daira Hopwood
ef9ca8c023
Choose lead bytes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2015-12-22 23:58:55 +00:00
Taylor Hornby
84d2cf08bc
Render the PDF.
2015-12-22 16:31:11 -07:00
Daira Hopwood
22a38ec7ea
Changes to reflect that not all fields in a bucket are encrypted.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2015-12-22 23:24:24 +00:00
Daira Hopwood
edfaaf65cb
Fix rho to be upright, not italic.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2015-12-21 18:46:33 +00:00
Daira Hopwood
c94ba4914a
Fix spelling of "two's complement".
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2015-12-21 18:11:49 +00:00
Sean Bowe
0279e3bcd6
Fix typo
2015-12-17 15:26:37 -07:00
Sean Bowe
fe402e1267
Added Taylor to authors, added colors for more review notes.
2015-12-17 09:51:30 -07:00
Sean Bowe
1b1492ec40
Improvements to low-hanging fruit phrasing issues.
2015-12-17 09:34:46 -07:00
eli.ben.sasson
9fc091760e
merge
2015-12-17 00:20:09 +02:00
eli.ben.sasson
4f8a2a8790
intial comments in tex
2015-12-17 00:18:22 +02:00
eli.ben.sasson
08b2b455d7
initial comments in tex file
2015-12-17 00:17:28 +02:00
Taylor Hornby
8cc631a782
Fix some terminology and improve some things.
2015-12-16 14:38:52 -07:00
Taylor Hornby
c8665edd14
Add Makefile
2015-12-16 14:02:37 -07:00
Taylor Hornby
116a526835
Remove question and add sections for the cleartext addrs
2015-12-16 14:02:22 -07:00
Taylor Hornby
a6f9c10223
Render the PDF
2015-12-16 13:55:23 -07:00
Taylor Hornby
ec2a832ca1
Add encoding of public address, private key, buckets
2015-12-16 13:55:16 -07:00
Sean Bowe
506de22ce5
These bits are placed in the middle as per the zerocash paper.
2015-12-14 16:30:40 -07:00
Sean Bowe
8a35b0a57a
Initial commit
2015-12-14 10:03:59 -07:00