Daira Hopwood
a68c7d24d0
NCC audit: Document that the choice of nonsquare for λ_G in \crossref{concretegrouphashpallasandvesta} makes no difference
...
to the output of map_to_curve_simple_swu.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
fa2b1c6ce9
Correct the output type of sqrt_ratio.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
ab0e248036
NCC audit: Document that the use of k = 256 in hash_to_field is intentional,
...
despite the Pallas curve only having 126-bit conjectured security against generic attacks.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
9d62142142
NCC audit: Fix a discrepancy between \crossref{concretegrouphashpallasandvesta} and \cite{ID-hashtocurve}.
...
The zero padding in expand_message_xmd should be 128 bytes (matching the input block size of
BLAKE2b), rather than 64 bytes.
See also https://github.com/zcash/pasta/pull/2 and https://github.com/zcash/pasta_curves/issues/7
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
5d15a3d91e
NCC audit: Fix type confusion between integers and field elements (including additional cases
...
not found in the audit, involving nullifiers and cm_x).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
7ccbf44c30
NCC audit: Define \mathbb{G} in \crossref{concretegrouphashpallasandvesta}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
4d983aa855
NCC audit: Make the naming of enableSpends and enableOutputs consistent.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
e5336bb536
Various rationale updates for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
8f1ff76417
Add proof of collision resistance for Sinsemilla.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
591c7e45cc
NCC audit: Restrict the definition of a short Weierstrass elliptic curve
...
to base fields of characteristic greater than 3.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
2e50a09e97
NCC audit: Correct the definition of PRFnf^Orchard by changing Poseidon to PoseidonHash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
b7d61884e1
NCC audit: Propagate \bot from the inputs of MerkleCRH^Orchard to its output, and add an explicit
...
consensus rule that rt^Orchard computed from appending a note commitment is not \bot.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
c11c329beb
NCC audit: Propagate \bot intermediate results to the output of Sinsemilla primitives.
...
Change the output types of NoteCommitAlg^Orchard and CommitIvkAlg to reflect that these can
return \bot, and change the action statement to be satisfied if they do.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
20478ae40d
Credit Eirik Ogilvie-Wigley as a designer of the Zcash protocol. Add Andre Serrano, Brad Miller,
...
Charlie O'Keefe, David Campbell, Elena Giralt, Francisco Gindre, Joseph Van~Geffen, Josh Swihart,
Kevin Gorham, Larry Ruane, Marshall Gaucher, and Ryan Taylor to the acknowledgements.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
Daira Hopwood
b14c332910
NCC audit: Correct the definition of c in \crossref{concretesinsemillahash}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:51 +00:00
Daira Hopwood
54a0894acf
NCC audit: fix 'reasonable' typo.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:22:50 +00:00
Daira Hopwood
02db965036
Cosmetics and trivial changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:22:50 +00:00
Daira Hopwood
44c45004df
Cosmetics and trivial changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-23 20:01:13 +00:00
Daira Hopwood
218196f8dd
Output ciphertext -> outgoing ciphertext.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-23 19:27:47 +00:00
Daira Hopwood
e1bdfce3bc
Remove specification of memo contents, which will be in ZIP 302.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-23 19:21:56 +00:00
Deirdre Connolly
75a8a944d4
s/enableSpendsOrchard/enableOutputsOrchard/ re: no new notes
2021-03-19 15:14:26 +00:00
Daira Hopwood
a859014b98
Correct the description of `length` in \crossref{unifiedpaymentaddrencoding}.
...
(It is the length of `addr`, not the length of the raw encoding; they differ for t-addrs.)
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
Daira Hopwood
781ec6896d
Correct the type signature of DiversifyHash^Orchard in \crossref{abstracthashes}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
Daira Hopwood
3e160d6ecb
2^16 -> 2^{16}. fixes #461
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
Daira Hopwood
9af5978852
Remove magenta highlighting of differences from Zerocash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
Daira Hopwood
78e3d68539
Remove support for generating the Sprout-only specification (sprout.pdf).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 14:00:19 +00:00
Daira Hopwood
ebe3800b2b
Regenerate PDFs.
2021-03-17 20:00:51 +00:00
Daira Hopwood
f0fa13761e
Regenerate PDFs.
2021-03-17 19:55:50 +00:00
Daira Hopwood
3b558b2146
Set date in Change History entry for v2021.1.19.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:49 +00:00
Daira Hopwood
c5c34cf93c
Cosmetics (spacing).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:49 +00:00
Daira Hopwood
0b8a4b3d90
Correct the range of input to ValueCommit^Orchard in the action statement, and the corresponding security argument in \crossref{orchardbalance}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
Daira Hopwood
e31f33c678
Fix a type error in the non-normative note at the end of \crossref{concretesinsemillacommit}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
Daira Hopwood
867d0cc712
Make DiversifyHash^Orchard total, by replacing an output of the zero point with another base.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
Daira Hopwood
c9b918a654
Fix a typo: 2^16 -> 2^{16}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
Daira Hopwood
17518632e1
Update the consensus rules that prevent trivial transactions (with no inputs or outputs)
...
to take into account action transfers in the v5 transaction format.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
Daira Hopwood
cec8b904c5
Regenerate PDFs.
2021-03-17 02:11:38 +00:00
Daira Hopwood
36074af67b
Version 2021.1.18:
...
* Define unified payment addresses in place of the Bech32 form of Orchard addresses.
* Remove Sprout-specific fields from the v5 transaction format.
* The rho value for an Orchard output note was incorrectly described as being derived from
rseed, instead of being set to the nullifier from the same action description as intended
(fixes #459 ).
* The psi value is now derived using the PRF^expand input [9], instead of [10] (refs #459 ).
* Correct a note about the range of the Merkle hash inputs in \crossref{actionstatement}.
* Correct the validity condition for ak in \crossref{orchardfullviewingkeyencoding}.
* Add a definition for K^Orchard in \crossref{commitmentsandnullifiers} (fixes #460 ).
* Correct the number of full and partial rounds for Poseidon.
* Add a note explaining the origin of the 2^{65} constant in the definition of PoseidonHash.
2021-03-17 02:06:38 +00:00
Daira Hopwood
27a39088d6
Regenerate PDFs.
2021-03-15 16:27:53 +00:00
Daira Hopwood
ad032d456a
More WIP:
...
* fix the use of inputs to PRF^expand in Orchard note encryption;
* rename "hash extractor" to "coordinate extractor";
* miscellaneous minor fixes;
* set date of Change History entry.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
37d8221c4d
Mainly fixes to the Action statement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
d79de34b4a
Update key components diagram.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
7cc31111bb
Yet more WIP. Nullifier derivation for Orchard is correct now.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
f6fb3c80d7
More WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
6ac5901a42
More WIP, and rename orchard.pdf to nu5.pdf.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
dae8852187
More Orchard WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
e62d57959e
More WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
6453611314
* More Orchard WIP;
...
* The definition of a represented group abstraction function incorrectly required canonicity;
* Note about non-canonical encodings in the Jubjub gave incorrect values for encodings of the point of order 2;
* Change the spec of decryption with ovk to match zcashd (by adding \bot and subgroup checks);
* Add a note saying that a node impl that checkpoints on Sapling can omit verifying BCTV14 proofs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
68cb4c6d5f
Font hack to make sure that italic bold is not too wide.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
a81cfdb693
More WIP!
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
Daira Hopwood
ad9c631ee0
More WIP for Orchard, including hashing to Pallas and Vesta.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00