7d2480648a
Regenerate PDFs.
2021-06-06 03:45:32 +01:00
0a985b9c13
Set date for Change History entry.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
106e73e461
Make the NU5 specification the default.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
e3667dc30d
Add ZIP 239 to the list of ZIPs included in NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
577bb20832
Use "Bech32[m]" when saying that there is no dedicated string encoding for Orchard payment addresses
...
and viewing keys.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:24:47 +01:00
8f3f36fef5
Specify that Orchard spending keys are encoded using Bech32m.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:02:44 +01:00
ccaa100141
Reference [SVPBABW2012]: link to the ePrint summary page rather than the PDF.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
99e5d92843
Clarify that epk encoded in an Action description cannot be the zero point.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
c4b65c39cc
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
9bc46070f3
Say that the round constants as well as the MDS matrices are generated according to Version 1.1
...
of the Poseidon reference implementation.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
5fa8a60b08
Specify (as a note in \crossref{actionstatement}) the encoding of primary inputs to the action circuit.
...
This uses new helper functions $\Selectx$ and $\Selecty$ defined in \crossref{concreteextractorpallas}.
The specification of Extract_P has also been refactored to use $\Selectx$ (this does not change the Orchard protocol).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
6a0c15df29
Move the section on abstraction to the Abstract Protocol section, and split section 5.2 to avoid renumbering.
...
fixes #512
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
f4a0a1284e
Delete a misleading sentence about Ed25519 encodings being specified in \cite{BDLSY2012}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
9e2938b555
Correct an error in the specification of height-in-coinbase for block heights 1..16.
...
Also clarify requirements on the range of block heights that should be supported.
fixes #517
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
530f00e150
Update title of ZIP 316.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
44ad348ce6
Regenerate PDFs.
2021-05-20 22:27:53 +01:00
c3f48359e6
Clarify that v4 transactions continue to use the ZIP 243 SIGHASH algorithm after NU5 activation.
...
fixes #510
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 22:23:19 +01:00
572a0d6e4f
Regenerate PDFs.
2021-05-20 22:02:23 +01:00
0ab0bcb7cb
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:57:49 +01:00
eb5a018396
Note that [JT2020] proves a tight reduction from finding a nontrivial discrete log relation to DLP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:57:03 +01:00
b6e50f8252
Clarify the distinction between Orchard incoming viewing keys and KA^Orchard private keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:47:34 +01:00
e7ec658413
Cosmetics and indexing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:45:59 +01:00
c90528fa5c
Change the notation \mathcal{I}^D_i for a Sapling Pedersen generator to \mathcal{I}(D, i).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 21:11:09 +01:00
9f948307cf
Change the type of Orchard Merkle hashes to \mathbb{P}_x, with a corresponding change to the
...
signature of MerkleCRH^Orchard. Add a note to \crossref{merklepath} clarifying that non-canonical
encodings are allowed as input to MerkleCRH^Orchard.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 21:07:10 +01:00
67cea8589a
Add a note to \crossref{merklepath} clarifying the encoding of rt^Sapling as a primary input to
...
the Sapling spend circuit, and that non-canonical encodings are allowed as input to MerkleCRH^Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 20:39:42 +01:00
c5589648c1
Cosmetics (vertical spacing for the non-NU5 spec).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 15:37:06 +01:00
79d1a477db
Add Change History entry for the correction to the size of vActionsOrchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 15:37:06 +01:00
3f3195eb5c
Fix Orchard Action byte size
...
Since the signature is now separate, the size is 64 bytes smaller.
2021-05-18 15:37:06 +01:00
e9430c3752
Regenerate PDFs.
2021-05-07 16:41:22 +01:00
74c83f6d59
Set history entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:22 +01:00
205b2f5861
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:22 +01:00
d0caaa2ee9
Clarify that transparent inputs are prohibited in coinbase transactions only if they have a non-null `prevout` field. closes #498
...
Co-authored-by: teor <teor@riseup.net>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:13 +01:00
330254c9ca
Add ZIP-244 block commitments as a consensus rule. closes #499
...
It's currently just a note, which makes it look like the Heartwood rule might still apply.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:34:36 +01:00
296b8e6543
Make "Discrete Logarithm Problem" and "Decisional Diffie–Hellman Problem" indexed terms.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
1db1224657
Unlinkability of diversified addresses depends on DDH, not DLP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
4353accc0e
Add [Canopy onward] and [NU5 onward] to a couple of notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
e4af6e42a0
State explicitly that valueBalanceOrchard can only be negative in a coinbase transaction if
...
it has ZIP 213 shielded outputs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
639a554a04
Change the statement of Theorem 5.4.3 to exclude ⊥ outputs from SinsemillaHashToPoint.
...
Previously the proof did not match the statement.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
d7bd67900a
Update the list of ZIPs relevant to NU5 in \crossref{networkupgrades}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
00c39b73e0
Delegate to ZIP 316 for the specification of unified payment addresses and unified viewing keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
38b740aad2
Caveat how the result of \cite{GG2015} applies to analysis of PRF^nfOrchard in \crossref{concreteprfs}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
4804f6040e
Add a paragraph to \crossref{truncation} covering Orchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
748e6f8f37
Typo.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
35c8af6e47
DJB's "High-speed cryptography" book seems completely stalled.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
58add67726
* Specify that diversifier indices for Orchard should be chosen uniquely, not randomly.
...
* Vanity diversifiers are not an issue for Orchard given that it does not have its own
payment address format, and given the use of "jumbling" (ZIP 316) in unified addresses.
Remove the corresponding note from \crossref{orchardkeycomponents}.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
2cf14204ae
Clarify the definition of pad in \crossref{concretesinsemillahash} by disambiguating M^pieces from M^padded.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
ac16945288
Clarify notation by changing ℓ_rcm to ℓ^Sprout_rcm.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
3034a2a662
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
adc28d2bb1
Include ρ as an input to the derivation of ψ, esk, and rcm in Orchard.
...
This was originally intended and as described in Section 3.5 of the Orchard Book.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
76c8a4689a
Regenerate PDFs.
2021-04-23 22:39:41 +01:00
71a19e7484
Clarify that only an outgoing cipher key is strictly needed to decrypt an outgoing ciphertext.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
27aa7c484a
Remove an unused precomputation in \crossref{concretegrouphashpallasandvesta}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
ecba2451bc
Include the diversifier key in an encoded Orchard Incoming Viewing Key.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
4dbf2f02d4
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
710fee607a
Add the nConsensusBranchId field to v5 transactions, matching the consensus branch ID
...
used for SIGHASH transaction hashes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
10710d92a6
Explicitly say that coinbase transactions MUST NOT have transparent inputs
...
(this is a consensus rule inherited from Bitcoin which has been present since launch).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
2e6cdb3945
Regenerate PDFs.
2021-04-19 00:36:48 +01:00
0cfeea2ecb
Use a different symbol for each v5 Sapling field cardinality rule.
...
Currently, the spec uses the double dagger symbol for both:
* present if and only if `nSpendsSapling + nOutputsSapling > 0`;
* present if and only if `nSpendsSapling > 0`.
To avoid confusion, use dagger for the first rule, and double dagger for the second rule.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:32:00 +01:00
1c46e9aa5d
Add Change History entries for already committed changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:18:47 +01:00
c4d7331191
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
65590101a8
When creating Orchard notes, repeat with another rseed if cm is \bot.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
3d230f8d26
Type corrections for Orchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
15d59f11c4
Add note about non-uniformity of Orchard ivk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
119abe37c3
ExtractP(\ZeroP) should be 0, and ExtractP^\bot(\bot) should be \bot.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
1df0f60deb
Add support for link checking to protocol/links_and_dests.py and protocol/Makefile.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
65ebb2266d
Fix some URLs in references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
572338f01a
Add action descriptions to the Note Commitments section intro
2021-04-13 09:45:33 -04:00
151e8c9661
Typo: Decription -> Description
2021-04-12 11:07:03 +10:00
761485e6c6
Regenerate PDFs.
2021-04-05 23:09:13 +01:00
e23cc72ac6
Work around bug in `release` target of protocol/Makefile.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 23:03:52 +01:00
88c338b9e1
Specify that a unified payment address MUST contain at least one shielded payment address.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 22:12:29 +01:00
18fbfdefe5
Correct ZKSpend.Verify to ZKOutput.Verify in \crossref{outputdesc}. fixes #481
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 22:00:53 +01:00
cc9c41a598
More clarifications to \theoremref{thmsinsemillacr}.
...
Co-authored-by: Taylor Hornby <taylor@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 21:51:59 +01:00
1f041f955a
Add links_and_dests.py.
...
This can be used to print outgoing links and targets in the PDF, and detect a subset of errors.
It depends on the PyPDF2 library (pip3 install PyPDF2).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 21:51:05 +01:00
4f50d5e515
Make sure that Change History entries are URL destinations. fixes #462
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 21:51:00 +01:00
46fefcaf56
Update all references to https URLs (and the year of the Unicode Standard to 2020).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 21:44:19 +01:00
404248cb92
Regenerate PDFs.
2021-04-01 02:19:32 +01:00
a0d048ed1e
Update Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
417076e50d
Make a note in \crossref{inbandrationale} of the divergence of ivk from a uniform scalar.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
1eec1f9832
Remove anchorSapling field when there are no Spends.
...
This corresponds to e0b08fd576
2021-04-01 02:11:35 +01:00
49f3b206f5
Fix type error in kdfinput for KDF^{Sapling,Orchard} (`ephemeralKey` is already a byte sequence).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
41580ec06d
Cosmetics in Sapling Output statement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
c367a22098
Explicitly note that the end of the ZIP 212 grace period precedes NU5 activation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
3a312dc5a9
Expand the set of ZIPs associated with NU5 in \crossref{networkupgrades}, and reference the Orchard and halo2 books there.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
6c3099843d
Add a caveat about reuse of rivk between PRF^expand and Commit^ivk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
3826d43930
Correct the set of inputs to PRF^expand used for ZIP 32 and Orchard in \crossref{abstractprfs}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
de0bc97bb2
Cosmetics (page breaking).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
bb985e039a
Section \crossref{concreteorchardkdf} should be in the NU5 colour (slate blue).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
ec6c10fc5c
Add a note to the Sending Notes (Orchard) section about using a dummy note for ρ.
...
Co-authored-by: Deirdre Connolly <deirdre@zfnd.org>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
6c8f9fb478
Update the Sprout key component diagram in \crossref{addressesandkeys} to remove magenta highlighting.Remove magenta highlighting
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
e1f105eaa1
Add note about use of big-endian order in the encoding of BLS12-381 points.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
3a55af9b1f
Cosmetics and indexing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
7bfdce2d6a
Write caution about linkage between the abstract and concrete protocols in \crossref{cautionlinkage}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
1097313feb
Fix errors in the Sinsemilla proofs:
...
* SinsemillaHash is defined in terms of SinsemillaHashToPoint, which also takes the D argument.
* correct errors due to 1-based indexing.
* the argument for exceptional cases got the scalars and range of j wrong.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
cce172ace8
Cosmetics (page breaking).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
f45b6b5d66
Add Action Statement ref to flags note
...
This change makes it clearer that the note spend and creation
rules are implemented as part of the proof.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-01 02:11:35 +01:00
ecb2ccd3f4
Copy outCiphertext description to the encoding tables
2021-04-01 02:11:35 +01:00
0f427feb5b
Regenerate PDFs.
2021-03-26 19:45:47 +00:00
f66887cdee
Fix an off-by-one error.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 19:40:57 +00:00
3898e2f571
Regenerate PDFs.
2021-03-26 19:38:49 +00:00
b4aac633f4
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 19:31:45 +00:00
2f246ce24d
Other fixes to the Orchard specification, including generation of dummy notes and output notes.
...
fixes #465
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 19:17:33 +00:00
aa86282e16
Change the specifications of note decryption to return the note and memo, rather than a note plaintext.
...
Generalize the specification of block chain scanning to support Orchard.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
c50bdbd9ce
Delete a confusing part of the definition of concatbits that we don't rely on.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
b27213dfd3
Move the definition of ⊥ to before its first use.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
cd1b4de8f9
Update the hashFinalSaplingRoot/hashLightClientRoot/hashBlockCommitments field for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
74dfa80194
Fix errors in Orchard due to cut-and-paste from Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
4d3204b8e1
Describe the recommended way to encode a Sapling or unified payment address as a QR code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
bbc6131f29
Update specification of Poseidon.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:58 +00:00
212fdc8752
Add references for the halo2 book.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
5e55821889
NCC audit: Make the description of when fields are included in v5 transactions consistent
...
between the protocol specification and ZIP 225. Also regenerate the HTML for ZIP 225.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
55af963e53
NCC audit: Add a definition for the section symbol in \crossref{introduction}, before its first use.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
5fef9270e2
NCC audit: Correct the sizes of SpendDescriptionV5 and OutputDescriptionV5 in the version transaction format.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
bfc6a8e33c
NCC audit: Document the limitation on the domain separation string for the group hash into Pallas/Vesta.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
a68c7d24d0
NCC audit: Document that the choice of nonsquare for λ_G in \crossref{concretegrouphashpallasandvesta} makes no difference
...
to the output of map_to_curve_simple_swu.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
fa2b1c6ce9
Correct the output type of sqrt_ratio.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
ab0e248036
NCC audit: Document that the use of k = 256 in hash_to_field is intentional,
...
despite the Pallas curve only having 126-bit conjectured security against generic attacks.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
9d62142142
NCC audit: Fix a discrepancy between \crossref{concretegrouphashpallasandvesta} and \cite{ID-hashtocurve}.
...
The zero padding in expand_message_xmd should be 128 bytes (matching the input block size of
BLAKE2b), rather than 64 bytes.
See also https://github.com/zcash/pasta/pull/2 and https://github.com/zcash/pasta_curves/issues/7
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
5d15a3d91e
NCC audit: Fix type confusion between integers and field elements (including additional cases
...
not found in the audit, involving nullifiers and cm_x).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
7ccbf44c30
NCC audit: Define \mathbb{G} in \crossref{concretegrouphashpallasandvesta}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
4d983aa855
NCC audit: Make the naming of enableSpends and enableOutputs consistent.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
e5336bb536
Various rationale updates for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
8f1ff76417
Add proof of collision resistance for Sinsemilla.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
591c7e45cc
NCC audit: Restrict the definition of a short Weierstrass elliptic curve
...
to base fields of characteristic greater than 3.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
2e50a09e97
NCC audit: Correct the definition of PRFnf^Orchard by changing Poseidon to PoseidonHash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
b7d61884e1
NCC audit: Propagate \bot from the inputs of MerkleCRH^Orchard to its output, and add an explicit
...
consensus rule that rt^Orchard computed from appending a note commitment is not \bot.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
c11c329beb
NCC audit: Propagate \bot intermediate results to the output of Sinsemilla primitives.
...
Change the output types of NoteCommitAlg^Orchard and CommitIvkAlg to reflect that these can
return \bot, and change the action statement to be satisfied if they do.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
20478ae40d
Credit Eirik Ogilvie-Wigley as a designer of the Zcash protocol. Add Andre Serrano, Brad Miller,
...
Charlie O'Keefe, David Campbell, Elena Giralt, Francisco Gindre, Joseph Van~Geffen, Josh Swihart,
Kevin Gorham, Larry Ruane, Marshall Gaucher, and Ryan Taylor to the acknowledgements.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:57 +00:00
b14c332910
NCC audit: Correct the definition of c in \crossref{concretesinsemillahash}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:23:51 +00:00
54a0894acf
NCC audit: fix 'reasonable' typo.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:22:50 +00:00
02db965036
Cosmetics and trivial changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-26 18:22:50 +00:00
44c45004df
Cosmetics and trivial changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-23 20:01:13 +00:00
218196f8dd
Output ciphertext -> outgoing ciphertext.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-23 19:27:47 +00:00
e1bdfce3bc
Remove specification of memo contents, which will be in ZIP 302.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-23 19:21:56 +00:00
75a8a944d4
s/enableSpendsOrchard/enableOutputsOrchard/ re: no new notes
2021-03-19 15:14:26 +00:00
a859014b98
Correct the description of `length` in \crossref{unifiedpaymentaddrencoding}.
...
(It is the length of `addr`, not the length of the raw encoding; they differ for t-addrs.)
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
781ec6896d
Correct the type signature of DiversifyHash^Orchard in \crossref{abstracthashes}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
3e160d6ecb
2^16 -> 2^{16}. fixes #461
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
9af5978852
Remove magenta highlighting of differences from Zerocash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 15:14:25 +00:00
78e3d68539
Remove support for generating the Sprout-only specification (sprout.pdf).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-19 14:00:19 +00:00
ebe3800b2b
Regenerate PDFs.
2021-03-17 20:00:51 +00:00
f0fa13761e
Regenerate PDFs.
2021-03-17 19:55:50 +00:00
3b558b2146
Set date in Change History entry for v2021.1.19.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:49 +00:00
c5c34cf93c
Cosmetics (spacing).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:49 +00:00
0b8a4b3d90
Correct the range of input to ValueCommit^Orchard in the action statement, and the corresponding security argument in \crossref{orchardbalance}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
e31f33c678
Fix a type error in the non-normative note at the end of \crossref{concretesinsemillacommit}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
867d0cc712
Make DiversifyHash^Orchard total, by replacing an output of the zero point with another base.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
c9b918a654
Fix a typo: 2^16 -> 2^{16}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
17518632e1
Update the consensus rules that prevent trivial transactions (with no inputs or outputs)
...
to take into account action transfers in the v5 transaction format.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-17 19:55:48 +00:00
cec8b904c5
Regenerate PDFs.
2021-03-17 02:11:38 +00:00
36074af67b
Version 2021.1.18:
...
* Define unified payment addresses in place of the Bech32 form of Orchard addresses.
* Remove Sprout-specific fields from the v5 transaction format.
* The rho value for an Orchard output note was incorrectly described as being derived from
rseed, instead of being set to the nullifier from the same action description as intended
(fixes #459 ).
* The psi value is now derived using the PRF^expand input [9], instead of [10] (refs #459 ).
* Correct a note about the range of the Merkle hash inputs in \crossref{actionstatement}.
* Correct the validity condition for ak in \crossref{orchardfullviewingkeyencoding}.
* Add a definition for K^Orchard in \crossref{commitmentsandnullifiers} (fixes #460 ).
* Correct the number of full and partial rounds for Poseidon.
* Add a note explaining the origin of the 2^{65} constant in the definition of PoseidonHash.
2021-03-17 02:06:38 +00:00
27a39088d6
Regenerate PDFs.
2021-03-15 16:27:53 +00:00
ad032d456a
More WIP:
...
* fix the use of inputs to PRF^expand in Orchard note encryption;
* rename "hash extractor" to "coordinate extractor";
* miscellaneous minor fixes;
* set date of Change History entry.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
37d8221c4d
Mainly fixes to the Action statement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
d79de34b4a
Update key components diagram.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
7cc31111bb
Yet more WIP. Nullifier derivation for Orchard is correct now.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
f6fb3c80d7
More WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
6ac5901a42
More WIP, and rename orchard.pdf to nu5.pdf.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
dae8852187
More Orchard WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
e62d57959e
More WIP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
6453611314
* More Orchard WIP;
...
* The definition of a represented group abstraction function incorrectly required canonicity;
* Note about non-canonical encodings in the Jubjub gave incorrect values for encodings of the point of order 2;
* Change the spec of decryption with ovk to match zcashd (by adding \bot and subgroup checks);
* Add a note saying that a node impl that checkpoints on Sapling can omit verifying BCTV14 proofs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
68cb4c6d5f
Font hack to make sure that italic bold is not too wide.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
a81cfdb693
More WIP!
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
ad9c631ee0
More WIP for Orchard, including hashing to Pallas and Vesta.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
6215dce577
More WIP
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
0b6faf673d
Update spec for Orchard up to and including section 3 (Concepts).
...
This includes the key derivation diagram in section 3.1.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
300df42bf3
More WIP for Orchard
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
c2c4160151
WIP: Orchard
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-15 16:18:54 +00:00
7e21ab57ac
Push draft of NU5 spec.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-04 03:27:02 +00:00
08fcc0c1f0
Add a paragraph break
...
It seems that this should get its own paragraph, for symmetry with nearby paragraphs.
2021-01-15 18:09:09 -08:00
4f1ce394fe
Regenerate PDFs.
2021-01-11 00:15:27 +00:00
894c979a3d
protocol/Makefile: add new .pdf files if needed.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-11 00:10:37 +00:00
adced97391
Update Change History version and date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-11 00:08:20 +00:00
6dc375e9ec
Add (experimental, unused) support for linking consensus rules with the corresponding code.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:56:30 +00:00
9bc9823a23
Add macros and Makefile support for building the Orchard draft specification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:56:30 +00:00
3751c9973d
QED-it changed the spelling of their company name to QEDIT.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:46:24 +00:00
a5b78961f4
Clarify the encoding of block heights for the "height in coinbase" rule.
...
The description of this rule has also moved from 'Block Header Encoding and Consensus' to
'Transaction Encoding and Consensus'.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:45:53 +00:00
0bd8580d1a
Include the activation dates of Heartwood and Canopy in 'Network Upgrades'.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:40:03 +00:00
1ddc19ffaa
Section links in the Heartwood and Canopy versions of the specification now go to the correct document URL.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:37:16 +00:00
34de56533f
Protocol spec: use cmap package to attempt to improve search/copy-paste on some PDF readers.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-10 23:32:54 +00:00
c136527758
Regenerate PDFs.
2020-11-06 01:09:37 +00:00
3274aa10de
Avoid undefined references when building sprout.pdf.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
9a8f72c5e3
Add release date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
7999296d7d
Minor corrections.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
6e3c173538
Update a comment about BIPs (which is not in the rendered document).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
c278c2f93a
Reserve transaction version 0x7FFFFFFF and version group ID 0xFFFFFFFF for experimental use.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
9257be1d1f
Add a consensus rule that the (zero-valued) coinbase transaction output of the genesis block cannot be spent.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
917dbf5c46
Add a missing consensus rule that has always been implemented in zcashd: there must be at
...
least one transparent output, Sapling output, or JoinSplit in a transaction.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
94ec65564c
Define Sprout/Sapling chain value pool balances, and include consensus rules from ZIP 209.
...
This includes updates to ZIPs 209 and 211 for consistency of terminology (also addressing
a nit from the NCC Canopy report).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
71cee89a18
Corrections to note decryption algorithms:
...
* ephemeralKey is kept as a byte sequence rather than immediately converted to a curve point;
this matters because of non-canonical encoding.
* The representation of pk_d in a note plaintext may also be non-canonical and need not be in the
prime subgroup.
* Move checking of cm_u in decryption with ivk to the end of the algorithm, to more closely match
the implementation.
* The note about decryption of outputs in mempool transactions should have been normative.
Also change ZIP 212 to say that it is aligned with this version of the protocol spec.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
775b5f3b5d
Use "let mutable" to introduce mutable variables in algorithms.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
9c9ad74fad
Acknowledge Alexandra Elbakyan for her work on Sci-Hub.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
0ed38ec775
Acknowledge Izaak Meckler, Zac Williamson, and Vitalik Buterin for discussions of the protocol.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
a5db85828c
Acknowledge Jack Gavigan as a co-designer of Sapling and of the Zcash protocol.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
924fd97422
Remove a statement that the language consisting of key and address encoding possibilities is prefix-free
...
(the raw encodings are not).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
85b8f1647b
Include a reference to [BFIJSV2010] for batch pairing verification techniques.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-11-06 01:00:58 +00:00
36b35dbf4a
Regenerate PDFs.
2020-08-30 21:12:40 +01:00
906838f3b6
Minor fixes to Change History.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-30 21:07:46 +01:00
4d00112f5d
Explicitly state the consensus rule that a coinbase transaction must not spend more than is available from the block subsidy and transaction fees.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-30 21:07:34 +01:00
c7180872a3
Specify where PRF^expand is used and with what inputs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-08-30 21:06:29 +01:00
Daira Hopwood
teor
Deirdre Connolly
Deirdre Connolly
Alessandro Coglio