Daira Hopwood
854f6eddcc
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
Daira Hopwood
2f0c68b616
Add an appendix on RedDSA batch verification.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
Daira Hopwood
90692541aa
Update RedDSA verification to use cofactor multiplication.
...
This is necessary in order for the output of batch verification to match unbatched verification in all cases.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-27 22:05:29 +01:00
Daira Hopwood
813a8891d1
Rename EncodeFVKParts to EncodeXFVKParts, since its input includes dk which is only part of an extended full viewing key.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 14:48:33 +01:00
Daira Hopwood
511c2eb1e0
Fix a link.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
eb60b41f20
Seeds for Sprout master keys must also be at least 32 bytes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
5cdc69196a
Factor out Sprout a_sk encoding/decoding into helper functions.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
3018efc0f3
Correct the encoding of a_sk,par for Sprout child derivation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
777d82a26f
Factor out the encoding of extended {spending key, full viewing key} parts and make it more precise.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
6f966489b8
Correct the derivation of a Sapling child full viewing key's nk, and define the bases G and H.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
1b04d74cde
Remove unintended addition of a reference to the non-existant (yet) ZIP 173.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
6e9a79604c
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
42506f08bd
Define DiversifyHash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
ebecd8c1ff
Clarify the encoding of a_sk in a Sprout extended spending key. Also exclude lead bytes, and swap ASK and c for consistency with Sapling formats and BIP 32.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
5881d3c211
Define depth, parent tag, and i for master keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
7002be59fa
Clarify the interpretation of I_L in Sprout key derivation.
...
This also fixes a cut-and-paste error (a child chain code is c_i, not c_m).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
ba56f26b4d
Explain that some diversifiers are invalid, and correct the definition of default diversifier.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
5788c120e7
Rename s_m to sk_m.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
633436cff6
Specify that the seed MUST be at least 32 bytes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
d65629f7a1
Clarify the relation to existing use of BIPs 32 & 44.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
0034331888
Add MUST NOT to Terminology.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
918ea38834
Fix a cut-and-paste error.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
b9e6ed7e1a
Another formatting improvement.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
3e884f9579
Fix formatting.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
52eac8c2c1
Put human-readable parts in monospace.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
0fc7c704a7
Add specifications of key fingerprints, tags, and encodings.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
6f85acb9b1
Specify the range of j when generating diversifiers.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
b3c051eb4f
Say that ZIP 32 does not supplant the use of BIPs 32 & 44 for transparent addresses.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
8a49de84f6
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
de065cf344
Update another reference to the Sapling spec version.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
ff5affbc77
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
f94b9a4c67
Define r_J.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
1b3ea422fe
Reference version 2018.0-beta-21 or later of the Sapling protocol spec.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Daira Hopwood
3f2815838e
Cosmetic improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
Jack Grigg
da683d31b9
Remove hardening from example public-key HD path
...
Hardened derivation is undefined for an extended FVK
2018-07-25 00:32:43 +01:00
Daira Hopwood
9596aedaa0
ZIP 32: use FF1-AES256 as the PRP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-25 00:32:43 +01:00
str4d
a01dbbbcbc
Note that ZIP 32 is consistently little-endian
2018-07-25 00:32:43 +01:00
str4d
f07b6d2613
Define how to derive diversifiers from Sapling extended keys
2018-07-25 00:32:43 +01:00
str4d
efd68a4474
Define I2LEOSP_l(k) and use it to encode the child key indices
...
Note that this means they are encoded in little-endian order, which is the
opposite of BIP 32.
2018-07-25 00:32:43 +01:00
str4d
aa36706f38
Fix usage of LEOS2IP in definition of ToScalar
2018-07-25 00:32:43 +01:00
str4d
c73733ae13
Define a diversifier key dk
2018-07-25 00:32:43 +01:00
str4d
4ed0316834
Use byte sequences for constant single-byte inputs to PRF_expand
2018-07-25 00:32:43 +01:00
str4d
a5309ed60e
Address Daira's comments
2018-07-25 00:32:43 +01:00
str4d
9a87098e0c
ZIP 32: Shielded Hierarchical Deterministic Wallets
2018-07-25 00:32:43 +01:00
Daira Hopwood
ea61325c25
Regenerate PDFs.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
4d8031f659
Make the Sprout version of the spec say [Sprout] in the version.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
e1ee4e615e
Updates to take account that Overwinter has activated.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
89c05c0303
The recommendation for transactions without JoinSplit descriptions to be v1
...
applies only before Overwinter, not before Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
71617341c9
Wording improvements for the effect of upgrades on sighash.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00
Daira Hopwood
c2b8ba2052
Rename nuzero macro names to overwinter.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2018-07-18 11:20:32 +01:00