Marek
01dbecefea
Fix a typo in bibliography.
2021-08-12 21:40:29 +01:00
Daira Hopwood
219a4ef253
Clarify wording in the Change History entry for v2021.2.13.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:38:20 +01:00
Daira Hopwood
8718157af0
Reword the reference to a Sapling full viewing key in \crossref{saplingdummynotes}
...
(the full viewing key would include ovk, although it is not used in that section).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-08-12 21:37:35 +01:00
Daira Hopwood
0ae051226e
Regenerate PDFs.
2021-07-29 17:35:14 +01:00
Daira Hopwood
045a3a9e54
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-29 17:30:21 +01:00
Daira Hopwood
a6fd0153d2
Add a consensus rule in \crossref{merkletree} that a block MUST NOT add note commitments that
...
exceed the capacity of each of the Sprout, Sapling, and Orchard note commitment trees.
Also add a cross-reference for constants used in \crossref{merkletree}.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-29 17:30:21 +01:00
Daira Hopwood
8b8761b302
Regenerate PDFs.
2021-07-29 15:48:31 +01:00
Daira Hopwood
1aefc848bf
Change the number of partial rounds, R_P, for Poseidon from 58 to 56.
...
This matches the number calculated by `calc_round_numbers.py` (for 128-bit security "with margin")
in Version 1.1 of the Poseidon reference implementation.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-29 15:43:24 +01:00
Daira Hopwood
cecfb9b0e4
Regenerate PDFs.
2021-07-20 06:05:58 +01:00
Daira Hopwood
411f39e231
Change the definition of inputs to the action circuit to split enableSpends and enableOutputs
...
into two field elements.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-20 06:00:31 +01:00
Daira Hopwood
8c510a1415
Regenerate PDFs.
2021-07-13 15:55:15 +01:00
Daira Hopwood
36e2059de0
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
Daira Hopwood
ffd97926a8
Clarify in \crossref{transactions} that the remaining value in a transparent transaction value pool
...
is only available to miners as a fee in the case of non-coinbase transactions, and that the remaining
value in the transparent transaction value pool of a coinbase transaction is destroyed.
Co-authored-by: Teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
teor
e628134536
Make heightBytes encoding match NU5 coinbase nExpiryHeight
...
Since nExpiryHeight is limited to `2^32 - 1`, heightBytes is limited to 5 bytes.
Co-authored-by: Teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
Daira Hopwood
819761ef67
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
Daira Hopwood
8c7b2f2a95
Add cross-references for CanopyActivationHeight, ZIP212GracePeriod, and BlockHeight.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
Daira Hopwood
0ad0d3d57a
Clarify that decomposition of scalars for scalar multiplication in the action circuit MUST be canonical,
...
unless a non-canonical decomposition can be proven to result in an equivalent statement -- and clarify
for which multiplications the latter case applies.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
Daira Hopwood
f97ef3ae72
Remove a spurious reference to rseed in \crossref{sproutinband}. There were no changes for Sprout in ZIP 212.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-13 15:50:46 +01:00
Daira Hopwood
f0858810a2
Regenerate PDFs.
2021-07-01 20:01:41 +01:00
Daira Hopwood
fb83397ad7
Set the Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
2814e00a1a
Cosmetics and cross-referencing improvements.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
4821afe9ba
Add a clarification in \crossref{txnconsensus} that after Heartwood and before Canopy activation,
...
Sapling outputs of a coinbase transaction MUST have note plaintext lead byte equal to 0x01.
This was implied by the existing rule that such outputs MUST decrypt successfully with an
all-zero outgoing viewing key.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
172573e686
Correct an erroneous statement in \crossref{transactions} that claimed transaction IDs are not part
...
of the consensus protocol.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
55052e4e54
Add a consensus rule for version 5 or later transactions, that if `nActionsOrchard` > 0 then
...
at least one of `enableSpendsOrchard` and `enableOutputsOrchard` MUST be 1.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
3f9ede243b
Replace "must" with "MUST" in two consensus rules specified in \crossref{txnencoding}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
7102635fc6
Correct l to l⋆ in two places in \crossref{saplingmerklecrh}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
3159602dfc
Fix a typo in the Security Requirements for \crossref{orchardmerklecrh}: the length of the input
...
to SinsemillaHash is 10 + 2·ℓ^Orchard_Merkle bits, not 6 + 2·ℓ^Orchard_Merkle bits.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
1ed8e47d56
Allow the Merkle path validity check in the Action circuit to pass if any output of
...
MerkleCRH^Orchard is 0, and add a note in \crossref{merklepath} arguing that this is safe.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
0b7aeae33e
Change the type of MerkleCRH^Orchard to have MerkleHash^Orchard in place of MerkleHash^Orchard ∪ {⊥}
...
for the inputs and output, and map a ⊥ output from SinsemillaHash to 0.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
c33e23e0c2
Delete the consensus rule in \crossref{transactions} that required checking that each intermediate
...
Merkle root of the note commitment tree is not ⊥. Checking this rule would have imposed a
significant performance penalty, since intermediate roots do not otherwise need to be computed.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-07-01 19:54:54 +01:00
Daira Hopwood
076af3f055
Regenerate PDFs.
2021-06-29 18:08:21 +01:00
Daira Hopwood
75e2ae585d
Set Change History entry height.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 18:03:43 +01:00
Daira Hopwood
7f04e327ad
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 18:02:17 +01:00
Daira Hopwood
b3aad58459
Add a section \crossref{txnidentifiers} on how to compute transaction IDs and \wtxids.
...
Split the transaction-related consensus rules into their own subsection \crossref{txnconsensus},
for more precise cross-referencing.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 18:02:00 +01:00
Daira Hopwood
4c118b813e
Describe transaction IDs and wtxids in \crossref{transactions}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 17:59:15 +01:00
Daira Hopwood
9eec2ec378
Change one of the [Sapling onward] consensus rules in \crossref{txnencodingandconsensus} to have
...
the correct applicability: [Sapling to Canopy inclusive, pre-NU5].
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 17:57:03 +01:00
Daira Hopwood
27dc2a5fc4
Regenerate PDFs.
2021-06-28 18:10:48 +01:00
Daira Hopwood
671451008a
Add a step to the algorithm for generating an Orchard note in \crossref{orchardsend}, to restart if esk = 0.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
Daira Hopwood
b4928747cc
Explicitly say that padding in \crossref{concretesinsemillahash} is by appending zero bits.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
Daira Hopwood
c6247f4bd5
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
Daira Hopwood
ca6d988177
Correct the type of Uncommitted^Orchard, which should be P_x rather than a bit sequence.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-28 18:06:10 +01:00
Daira Hopwood
aec18d6aa8
Regenerate PDFs.
2021-06-26 21:32:35 +01:00
Daira Hopwood
dea48add07
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 21:27:26 +01:00
Daira Hopwood
00074e8084
Add ZIPs 203, 212, and 213 to the list of ZIPs updated for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 21:27:26 +01:00
Daira Hopwood
048c1bf24c
Update \crossref{notept} for Orchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
Daira Hopwood
7a8b12d945
* Require that from NU5 activation, the `nExpiryHeight` field of a coinbase transaction is set
...
to the block height. This is needed to maintain the property that all transactions have unique
transaction IDs, as explained in a note in \crossref{txnencodingandconsensus}.
* In order to avoid the block height being limited to 499999999, we also remove that bound on
`nExpiryHeight` for \coinbaseTransactions.
* Remove the recommendation to support 63-bit block heights in \crossref{blockchain} (since it is
incompatible with the above consensus rule for coinbase `nExpiryHeight`).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
Daira Hopwood
ad8bd025b1
The Groth16 `zkproof` field in a JoinSplit description should be colour-coded for Sapling.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
teor
5503f766fd
Explicitly apply `MAX_MONEY` to Orchard.
...
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
Daira Hopwood
4ca7409f6f
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
Daira Hopwood
5dff090737
Give cross-references to \crossref{notation} where $\optsqrt$ and $\possqrt$ are used.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
Daira Hopwood
f31b335fe9
Refine the key components diagram in \crossref{addressesandkeys} to show that Orchard incoming
...
viewing keys include both dk and ivk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:37 +01:00
Daira Hopwood
6055cca71e
Ensure that the layer number is passed to MerkleCRH in \crossref{merklepath}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-26 18:41:36 +01:00
Daira Hopwood
721dd2483f
Regenerate PDFs.
2021-06-19 20:12:11 +01:00
Daira Hopwood
ea0f196a92
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
Daira Hopwood
09f944d90c
Change the consensus rule that requires at least one input to, and at least one output from a v5
...
or later transaction, to take into account the enableSpendsOrchard and enableOutputsOrchard flags.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
Daira Hopwood
321eed99b4
Correct the type of Extract_P^bot imported in \crossref{concretesinsemillahash}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
Daira Hopwood
6e6fd1605e
Add ZIP 209 to the list of ZIPs updated for NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-19 20:05:47 +01:00
Daira Hopwood
814ad87b40
Regenerate PDFs.
2021-06-08 12:39:25 +01:00
Daira Hopwood
cc71722eca
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-08 12:33:29 +01:00
Daira Hopwood
ebd54d5ad6
Add an explicit consensus rule in \crossref{txnencodingandconsensus} that the reserved bits of
...
the flagsOrchard field MUST be zero.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-08 12:33:08 +01:00
Daira Hopwood
d25f3c1f47
Correct a cut-and-paste error algorithm for \crossref{orcharddummynotes},
...
which should refer to the Action statement rather than the Spend statement.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-08 10:00:44 +01:00
Daira Hopwood
7d2480648a
Regenerate PDFs.
2021-06-06 03:45:32 +01:00
Daira Hopwood
0a985b9c13
Set date for Change History entry.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
Daira Hopwood
106e73e461
Make the NU5 specification the default.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
Daira Hopwood
e3667dc30d
Add ZIP 239 to the list of ZIPs included in NU5.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:39:06 +01:00
Daira Hopwood
577bb20832
Use "Bech32[m]" when saying that there is no dedicated string encoding for Orchard payment addresses
...
and viewing keys.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:24:47 +01:00
Daira Hopwood
8f3f36fef5
Specify that Orchard spending keys are encoded using Bech32m.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-06 03:02:44 +01:00
Daira Hopwood
ccaa100141
Reference [SVPBABW2012]: link to the ePrint summary page rather than the PDF.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
Daira Hopwood
99e5d92843
Clarify that epk encoded in an Action description cannot be the zero point.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
Daira Hopwood
c4b65c39cc
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
Daira Hopwood
9bc46070f3
Say that the round constants as well as the MDS matrices are generated according to Version 1.1
...
of the Poseidon reference implementation.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
Daira Hopwood
5fa8a60b08
Specify (as a note in \crossref{actionstatement}) the encoding of primary inputs to the action circuit.
...
This uses new helper functions $\Selectx$ and $\Selecty$ defined in \crossref{concreteextractorpallas}.
The specification of Extract_P has also been refactored to use $\Selectx$ (this does not change the Orchard protocol).
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
Daira Hopwood
6a0c15df29
Move the section on abstraction to the Abstract Protocol section, and split section 5.2 to avoid renumbering.
...
fixes #512
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
Daira Hopwood
f4a0a1284e
Delete a misleading sentence about Ed25519 encodings being specified in \cite{BDLSY2012}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
Daira Hopwood
9e2938b555
Correct an error in the specification of height-in-coinbase for block heights 1..16.
...
Also clarify requirements on the range of block heights that should be supported.
fixes #517
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
Daira Hopwood
530f00e150
Update title of ZIP 316.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-06-05 16:55:05 +01:00
Daira Hopwood
44ad348ce6
Regenerate PDFs.
2021-05-20 22:27:53 +01:00
Daira Hopwood
c3f48359e6
Clarify that v4 transactions continue to use the ZIP 243 SIGHASH algorithm after NU5 activation.
...
fixes #510
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 22:23:19 +01:00
Daira Hopwood
572a0d6e4f
Regenerate PDFs.
2021-05-20 22:02:23 +01:00
Daira Hopwood
0ab0bcb7cb
Set Change History entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:57:49 +01:00
Daira Hopwood
eb5a018396
Note that [JT2020] proves a tight reduction from finding a nontrivial discrete log relation to DLP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:57:03 +01:00
Daira Hopwood
b6e50f8252
Clarify the distinction between Orchard incoming viewing keys and KA^Orchard private keys.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:47:34 +01:00
Daira Hopwood
e7ec658413
Cosmetics and indexing.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-20 21:45:59 +01:00
Daira Hopwood
c90528fa5c
Change the notation \mathcal{I}^D_i for a Sapling Pedersen generator to \mathcal{I}(D, i).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 21:11:09 +01:00
Daira Hopwood
9f948307cf
Change the type of Orchard Merkle hashes to \mathbb{P}_x, with a corresponding change to the
...
signature of MerkleCRH^Orchard. Add a note to \crossref{merklepath} clarifying that non-canonical
encodings are allowed as input to MerkleCRH^Orchard.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 21:07:10 +01:00
Daira Hopwood
67cea8589a
Add a note to \crossref{merklepath} clarifying the encoding of rt^Sapling as a primary input to
...
the Sapling spend circuit, and that non-canonical encodings are allowed as input to MerkleCRH^Sapling.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 20:39:42 +01:00
Daira Hopwood
c5589648c1
Cosmetics (vertical spacing for the non-NU5 spec).
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 15:37:06 +01:00
Daira Hopwood
79d1a477db
Add Change History entry for the correction to the size of vActionsOrchard.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-18 15:37:06 +01:00
teor
3f3195eb5c
Fix Orchard Action byte size
...
Since the signature is now separate, the size is 64 bytes smaller.
2021-05-18 15:37:06 +01:00
Daira Hopwood
e9430c3752
Regenerate PDFs.
2021-05-07 16:41:22 +01:00
Daira Hopwood
74c83f6d59
Set history entry date.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:22 +01:00
Daira Hopwood
205b2f5861
Cosmetics.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:22 +01:00
Daira Hopwood
d0caaa2ee9
Clarify that transparent inputs are prohibited in coinbase transactions only if they have a non-null `prevout` field. closes #498
...
Co-authored-by: teor <teor@riseup.net>
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:35:13 +01:00
teor
330254c9ca
Add ZIP-244 block commitments as a consensus rule. closes #499
...
It's currently just a note, which makes it look like the Heartwood rule might still apply.
Co-authored-by: teor <teor@riseup.net>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:34:36 +01:00
Daira Hopwood
296b8e6543
Make "Discrete Logarithm Problem" and "Decisional Diffie–Hellman Problem" indexed terms.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
1db1224657
Unlinkability of diversified addresses depends on DDH, not DLP.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
4353accc0e
Add [Canopy onward] and [NU5 onward] to a couple of notes.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
e4af6e42a0
State explicitly that valueBalanceOrchard can only be negative in a coinbase transaction if
...
it has ZIP 213 shielded outputs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
639a554a04
Change the statement of Theorem 5.4.3 to exclude ⊥ outputs from SinsemillaHashToPoint.
...
Previously the proof did not match the statement.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00
Daira Hopwood
d7bd67900a
Update the list of ZIPs relevant to NU5 in \crossref{networkupgrades}.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-05-07 16:03:16 +01:00