27dc2a5fc4
Regenerate PDFs.
2021-06-28 18:10:48 +01:00
671451008a
Add a step to the algorithm for generating an Orchard note in \crossref{orchardsend}, to restart if esk = 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
b4928747cc
Explicitly say that padding in \crossref{concretesinsemillahash} is by appending zero bits.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
c6247f4bd5
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
ca6d988177
Correct the type of Uncommitted^Orchard, which should be P_x rather than a bit sequence.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
aec18d6aa8
Regenerate PDFs.
2021-06-26 21:32:35 +01:00
dea48add07
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 21:27:26 +01:00
00074e8084
Add ZIPs 203, 212, and 213 to the list of ZIPs updated for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 21:27:26 +01:00
048c1bf24c
Update \crossref{notept} for Orchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
7a8b12d945
* Require that from NU5 activation, the `nExpiryHeight` field of a coinbase transaction is set
...
to the block height. This is needed to maintain the property that all transactions have unique
transaction IDs, as explained in a note in \crossref{txnencodingandconsensus}.
* In order to avoid the block height being limited to 499999999, we also remove that bound on
`nExpiryHeight` for \coinbaseTransactions.
* Remove the recommendation to support 63-bit block heights in \crossref{blockchain} (since it is
incompatible with the above consensus rule for coinbase `nExpiryHeight`).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
ad8bd025b1
The Groth16 `zkproof` field in a JoinSplit description should be colour-coded for Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
5503f766fd
Explicitly apply `MAX_MONEY` to Orchard.
...
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
4ca7409f6f
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
5dff090737
Give cross-references to \crossref{notation} where $\optsqrt$ and $\possqrt$ are used.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
f31b335fe9
Refine the key components diagram in \crossref{addressesandkeys} to show that Orchard incoming
...
viewing keys include both dk and ivk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
6055cca71e
Ensure that the layer number is passed to MerkleCRH in \crossref{merklepath}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:36 +01:00
721dd2483f
Regenerate PDFs.
2021-06-19 20:12:11 +01:00
ea0f196a92
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
09f944d90c
Change the consensus rule that requires at least one input to, and at least one output from a v5
...
or later transaction, to take into account the enableSpendsOrchard and enableOutputsOrchard flags.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
321eed99b4
Correct the type of Extract_P^bot imported in \crossref{concretesinsemillahash}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
6e6fd1605e
Add ZIP 209 to the list of ZIPs updated for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
814ad87b40
Regenerate PDFs.
2021-06-08 12:39:25 +01:00
cc71722eca
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-08 12:33:29 +01:00
ebd54d5ad6
Add an explicit consensus rule in \crossref{txnencodingandconsensus} that the reserved bits of
...
the flagsOrchard field MUST be zero.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-08 12:33:08 +01:00
d25f3c1f47
Correct a cut-and-paste error algorithm for \crossref{orcharddummynotes},
...
which should refer to the Action statement rather than the Spend statement.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-08 10:00:44 +01:00
7d2480648a
Regenerate PDFs.
2021-06-06 03:45:32 +01:00
0a985b9c13
Set date for Change History entry.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
106e73e461
Make the NU5 specification the default.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
e3667dc30d
Add ZIP 239 to the list of ZIPs included in NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
577bb20832
Use "Bech32[m]" when saying that there is no dedicated string encoding for Orchard payment addresses
...
and viewing keys.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:24:47 +01:00
8f3f36fef5
Specify that Orchard spending keys are encoded using Bech32m.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:02:44 +01:00
ccaa100141
Reference [SVPBABW2012]: link to the ePrint summary page rather than the PDF.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
99e5d92843
Clarify that epk encoded in an Action description cannot be the zero point.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
c4b65c39cc
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
9bc46070f3
Say that the round constants as well as the MDS matrices are generated according to Version 1.1
...
of the Poseidon reference implementation.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
5fa8a60b08
Specify (as a note in \crossref{actionstatement}) the encoding of primary inputs to the action circuit.
...
This uses new helper functions $\Selectx$ and $\Selecty$ defined in \crossref{concreteextractorpallas}.
The specification of Extract_P has also been refactored to use $\Selectx$ (this does not change the Orchard protocol).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
6a0c15df29
Move the section on abstraction to the Abstract Protocol section, and split section 5.2 to avoid renumbering.
...
fixes #512
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
f4a0a1284e
Delete a misleading sentence about Ed25519 encodings being specified in \cite{BDLSY2012}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
9e2938b555
Correct an error in the specification of height-in-coinbase for block heights 1..16.
...
Also clarify requirements on the range of block heights that should be supported.
fixes #517
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
530f00e150
Update title of ZIP 316.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
44ad348ce6
Regenerate PDFs.
2021-05-20 22:27:53 +01:00
c3f48359e6
Clarify that v4 transactions continue to use the ZIP 243 SIGHASH algorithm after NU5 activation.
...
fixes #510
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 22:23:19 +01:00
572a0d6e4f
Regenerate PDFs.
2021-05-20 22:02:23 +01:00
0ab0bcb7cb
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:57:49 +01:00
eb5a018396
Note that [JT2020] proves a tight reduction from finding a nontrivial discrete log relation to DLP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:57:03 +01:00
b6e50f8252
Clarify the distinction between Orchard incoming viewing keys and KA^Orchard private keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:47:34 +01:00
e7ec658413
Cosmetics and indexing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:45:59 +01:00
c90528fa5c
Change the notation \mathcal{I}^D_i for a Sapling Pedersen generator to \mathcal{I}(D, i).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 21:11:09 +01:00
9f948307cf
Change the type of Orchard Merkle hashes to \mathbb{P}_x, with a corresponding change to the
...
signature of MerkleCRH^Orchard. Add a note to \crossref{merklepath} clarifying that non-canonical
encodings are allowed as input to MerkleCRH^Orchard.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 21:07:10 +01:00
67cea8589a
Add a note to \crossref{merklepath} clarifying the encoding of rt^Sapling as a primary input to
...
the Sapling spend circuit, and that non-canonical encodings are allowed as input to MerkleCRH^Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 20:39:42 +01:00
c5589648c1
Cosmetics (vertical spacing for the non-NU5 spec).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 15:37:06 +01:00
79d1a477db
Add Change History entry for the correction to the size of vActionsOrchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 15:37:06 +01:00
3f3195eb5c
Fix Orchard Action byte size
...
Since the signature is now separate, the size is 64 bytes smaller.
2021-05-18 15:37:06 +01:00
e9430c3752
Regenerate PDFs.
2021-05-07 16:41:22 +01:00
74c83f6d59
Set history entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:22 +01:00
205b2f5861
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:22 +01:00
d0caaa2ee9
Clarify that transparent inputs are prohibited in coinbase transactions only if they have a non-null `prevout` field. closes #498
...
Co-authored-by: teor <teor@riseup.net>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:13 +01:00
330254c9ca
Add ZIP-244 block commitments as a consensus rule. closes #499
...
It's currently just a note, which makes it look like the Heartwood rule might still apply.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:34:36 +01:00
296b8e6543
Make "Discrete Logarithm Problem" and "Decisional Diffie–Hellman Problem" indexed terms.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
1db1224657
Unlinkability of diversified addresses depends on DDH, not DLP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
4353accc0e
Add [Canopy onward] and [NU5 onward] to a couple of notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
e4af6e42a0
State explicitly that valueBalanceOrchard can only be negative in a coinbase transaction if
...
it has ZIP 213 shielded outputs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
639a554a04
Change the statement of Theorem 5.4.3 to exclude ⊥ outputs from SinsemillaHashToPoint.
...
Previously the proof did not match the statement.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
d7bd67900a
Update the list of ZIPs relevant to NU5 in \crossref{networkupgrades}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
00c39b73e0
Delegate to ZIP 316 for the specification of unified payment addresses and unified viewing keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
38b740aad2
Caveat how the result of \cite{GG2015} applies to analysis of PRF^nfOrchard in \crossref{concreteprfs}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
4804f6040e
Add a paragraph to \crossref{truncation} covering Orchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
748e6f8f37
Typo.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
35c8af6e47
DJB's "High-speed cryptography" book seems completely stalled.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
58add67726
* Specify that diversifier indices for Orchard should be chosen uniquely, not randomly.
...
* Vanity diversifiers are not an issue for Orchard given that it does not have its own
payment address format, and given the use of "jumbling" (ZIP 316) in unified addresses.
Remove the corresponding note from \crossref{orchardkeycomponents}.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
2cf14204ae
Clarify the definition of pad in \crossref{concretesinsemillahash} by disambiguating M^pieces from M^padded.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
ac16945288
Clarify notation by changing ℓ_rcm to ℓ^Sprout_rcm.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
3034a2a662
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
adc28d2bb1
Include ρ as an input to the derivation of ψ, esk, and rcm in Orchard.
...
This was originally intended and as described in Section 3.5 of the Orchard Book.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
76c8a4689a
Regenerate PDFs.
2021-04-23 22:39:41 +01:00
71a19e7484
Clarify that only an outgoing cipher key is strictly needed to decrypt an outgoing ciphertext.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
27aa7c484a
Remove an unused precomputation in \crossref{concretegrouphashpallasandvesta}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
ecba2451bc
Include the diversifier key in an encoded Orchard Incoming Viewing Key.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
4dbf2f02d4
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
710fee607a
Add the nConsensusBranchId field to v5 transactions, matching the consensus branch ID
...
used for SIGHASH transaction hashes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
10710d92a6
Explicitly say that coinbase transactions MUST NOT have transparent inputs
...
(this is a consensus rule inherited from Bitcoin which has been present since launch).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-23 22:31:37 +01:00
2e6cdb3945
Regenerate PDFs.
2021-04-19 00:36:48 +01:00
0cfeea2ecb
Use a different symbol for each v5 Sapling field cardinality rule.
...
Currently, the spec uses the double dagger symbol for both:
* present if and only if `nSpendsSapling + nOutputsSapling > 0`;
* present if and only if `nSpendsSapling > 0`.
To avoid confusion, use dagger for the first rule, and double dagger for the second rule.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:32:00 +01:00
1c46e9aa5d
Add Change History entries for already committed changes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:18:47 +01:00
c4d7331191
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
65590101a8
When creating Orchard notes, repeat with another rseed if cm is \bot.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
3d230f8d26
Type corrections for Orchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
15d59f11c4
Add note about non-uniformity of Orchard ivk.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
119abe37c3
ExtractP(\ZeroP) should be 0, and ExtractP^\bot(\bot) should be \bot.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
1df0f60deb
Add support for link checking to protocol/links_and_dests.py and protocol/Makefile.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
65ebb2266d
Fix some URLs in references.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-19 00:12:37 +01:00
572338f01a
Add action descriptions to the Note Commitments section intro
2021-04-13 09:45:33 -04:00
151e8c9661
Typo: Decription -> Description
2021-04-12 11:07:03 +10:00
761485e6c6
Regenerate PDFs.
2021-04-05 23:09:13 +01:00
e23cc72ac6
Work around bug in `release` target of protocol/Makefile.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 23:03:52 +01:00
88c338b9e1
Specify that a unified payment address MUST contain at least one shielded payment address.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 22:12:29 +01:00
18fbfdefe5
Correct ZKSpend.Verify to ZKOutput.Verify in \crossref{outputdesc}. fixes #481
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 22:00:53 +01:00
cc9c41a598
More clarifications to \theoremref{thmsinsemillacr}.
...
Co-authored-by: Taylor Hornby <taylor@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 21:51:59 +01:00
1f041f955a
Add links_and_dests.py.
...
This can be used to print outgoing links and targets in the PDF, and detect a subset of errors.
It depends on the PyPDF2 library (pip3 install PyPDF2).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 21:51:05 +01:00
4f50d5e515
Make sure that Change History entries are URL destinations. fixes #462
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-05 21:51:00 +01:00
Daira Hopwood
teor