Rename all Orchard spec references to nu5.pdf

zebra-chain/src/orchard/commitment.rs

@@ -115,7 +115,7 @@ impl NoteCommitment {
     ///
     /// NoteCommit^Orchard_rcm(repr_P(gd),repr_P(pkd), v, ρ, ψ) :=
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#concretewindowedcommit
+    /// https://zips.z.cash/protocol/nu5.pdf#concretewindowedcommit
     #[allow(non_snake_case)]
     pub fn new<T>(
         csprng: &mut T,
@@ -165,7 +165,7 @@ impl NoteCommitment {
 
     /// Hash Extractor for Pallas
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#concreteextractorpallas
+    /// https://zips.z.cash/protocol/nu5.pdf#concreteextractorpallas
     pub fn extract_x(&self) -> pallas::Base {
         match self.0.get_xy().into() {
             // If Some, it's not the identity.
@@ -178,7 +178,7 @@ impl NoteCommitment {
 /// A homomorphic Pedersen commitment to the net value of a _note_, used in
 /// Action descriptions.
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#concretehomomorphiccommit
+/// https://zips.z.cash/protocol/nu5.pdf#concretehomomorphiccommit
 #[derive(Clone, Copy, Deserialize, PartialEq, Serialize)]
 pub struct ValueCommitment(#[serde(with = "serde_helpers::Affine")] pub pallas::Affine);
 
@@ -231,7 +231,7 @@ impl Eq for ValueCommitment {}
 
 /// LEBS2OSP256(repr_P(cv))
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#pallasandvesta
+/// https://zips.z.cash/protocol/nu5.pdf#pallasandvesta
 impl From<ValueCommitment> for [u8; 32] {
     fn from(cm: ValueCommitment) -> [u8; 32] {
         cm.0.to_bytes()
@@ -274,7 +274,7 @@ impl std::iter::Sum for ValueCommitment {
 
 /// LEBS2OSP256(repr_P(cv))
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#pallasandvesta
+/// https://zips.z.cash/protocol/nu5.pdf#pallasandvesta
 impl TryFrom<[u8; 32]> for ValueCommitment {
     type Error = &'static str;
 
@@ -305,7 +305,7 @@ impl ZcashDeserialize for ValueCommitment {
 impl ValueCommitment {
     /// Generate a new _ValueCommitment_.
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#concretehomomorphiccommit
+    /// https://zips.z.cash/protocol/nu5.pdf#concretehomomorphiccommit
     pub fn randomized<T>(csprng: &mut T, value: Amount) -> Self
     where
         T: RngCore + CryptoRng,
@@ -319,7 +319,7 @@ impl ValueCommitment {
     ///
     /// ValueCommit^Orchard(v) :=
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#concretehomomorphiccommit
+    /// https://zips.z.cash/protocol/nu5.pdf#concretehomomorphiccommit
     #[allow(non_snake_case)]
     pub fn new(rcv: pallas::Scalar, value: Amount) -> Self {
         lazy_static! {

zebra-chain/src/orchard/keys.rs

@@ -61,7 +61,7 @@ fn prp_d(K: [u8; 32], d: [u8; 11]) -> [u8; 11] {
 ///
 /// PRF^expand(sk, t) := BLAKE2b-512("Zcash_ExpandSeed", sk || t)
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#concreteprfs
+/// https://zips.z.cash/protocol/nu5.pdf#concreteprfs
 // TODO: This is basically a duplicate of the one in our sapling module, its
 // definition in the draft Nu5 spec is incomplete so I'm putting it here in case
 // it changes.
@@ -108,7 +108,7 @@ fn prf_ock(ovk: [u8; 32], cv: [u8; 32], cm_x: [u8; 32], ephemeral_key: [u8; 32])
 ///
 /// where P = GroupHash^P(("z.cash:Orchard-gd", LEBS2OSP_l_d(d)))
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#concretediversifyhash
+/// https://zips.z.cash/protocol/nu5.pdf#concretediversifyhash
 fn diversify_hash(d: &[u8]) -> pallas::Point {
     let p = pallas_group_hash(b"z.cash:Orchard-gd", &d);
 
@@ -133,7 +133,7 @@ mod sk_hrp {
 /// Our root secret key of the Orchard key derivation tree. All other Orchard
 /// key types derive from the [`SpendingKey`] value.
 ///
-/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+/// [ps]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
 #[derive(Copy, Clone, Debug, Eq, PartialEq)]
 #[cfg_attr(
     any(test, feature = "proptest-impl"),
@@ -248,8 +248,8 @@ impl From<SpendingKey> for SpendAuthorizingKey {
     ///
     /// ask := ToScalar^Orchard(PRF^expand(sk, [6]))
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+    /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
-    /// https://zips.z.cash/protocol/protocol.pdf#concreteprfs
+    /// https://zips.z.cash/protocol/nu5.pdf#concreteprfs
     fn from(spending_key: SpendingKey) -> SpendAuthorizingKey {
         let hash_bytes = prf_expand(spending_key.bytes, vec![&[6]]);
 
@@ -270,7 +270,7 @@ impl PartialEq<[u8; 32]> for SpendAuthorizingKey {
 /// Used to validate Orchard _Spend Authorization Signatures_, proving ownership
 /// of notes.
 ///
-/// [orchardkeycomponents]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+/// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
 #[derive(Copy, Clone, Debug)]
 pub struct SpendValidatingKey(pub redpallas::VerificationKey<SpendAuth>);
 
@@ -313,7 +313,7 @@ impl PartialEq<[u8; 32]> for SpendValidatingKey {
 ///
 /// Used to create a _Nullifier_ per note.
 ///
-/// [orchardkeycomponents]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+/// [orchardkeycomponents]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
 #[derive(Copy, Clone, PartialEq)]
 pub struct NullifierDerivingKey(pub pallas::Base);
 
@@ -352,7 +352,7 @@ impl From<[u8; 32]> for NullifierDerivingKey {
 impl From<SpendingKey> for NullifierDerivingKey {
     /// nk = ToBase^Orchard(PRF^expand_sk ([7]))
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+    /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
     fn from(sk: SpendingKey) -> Self {
         Self(pallas::Base::from_bytes_wide(&prf_expand(
             sk.into(),
@@ -387,7 +387,7 @@ impl fmt::Debug for IvkCommitRandomness {
 impl From<SpendingKey> for IvkCommitRandomness {
     /// rivk = ToScalar^Orchard(PRF^expand_sk ([8]))
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+    /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
     fn from(sk: SpendingKey) -> Self {
         let scalar = pallas::Scalar::from_bytes_wide(&prf_expand(sk.into(), vec![&[8]]));
 
@@ -435,7 +435,7 @@ mod ivk_hrp {
 ///
 /// Used to decrypt incoming notes without spending them.
 ///
-/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+/// [ps]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
 #[derive(Copy, Clone, Eq, PartialEq)]
 pub struct IncomingViewingKey {
     network: Network,
@@ -465,8 +465,8 @@ impl From<FullViewingKey> for IncomingViewingKey {
     /// Commit^ivk_rivk(ak, nk) :=
     ///    SinsemillaShortCommit_rcm (︁"z.cash:Orchard-CommitIvk", I2LEBSP_l(ak) || I2LEBSP_l(nk)︁) mod r_P
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+    /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
-    /// https://zips.z.cash/protocol/protocol.pdf#concreteprfs
+    /// https://zips.z.cash/protocol/nu5.pdf#concreteprfs
     #[allow(non_snake_case)]
     fn from(fvk: FullViewingKey) -> Self {
         let mut M: BitVec<Lsb0, u8> = BitVec::new();
@@ -551,7 +551,7 @@ mod fvk_hrp {
 /// Human-Readable Part is “zviewo”. For incoming viewing keys on the
 /// test network, the Human-Readable Part is “zviewtestorchard”.
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#orchardfullviewingkeyencoding
+/// https://zips.z.cash/protocol/nu5.pdf#orchardfullviewingkeyencoding
 #[derive(Copy, Clone, Eq, PartialEq)]
 pub struct FullViewingKey {
     network: Network,
@@ -616,7 +616,7 @@ impl FromStr for FullViewingKey {
 }
 
 impl FullViewingKey {
-    /// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+    /// [4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
     #[allow(non_snake_case)]
     pub fn to_R(self) -> [u8; 64] {
         // let K = I2LEBSP_l_sk(rivk)
@@ -655,7 +655,7 @@ impl FullViewingKey {
 ///
 /// Used to decrypt outgoing notes without spending them.
 ///
-/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+/// [ps]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
 #[derive(Copy, Clone, Eq, PartialEq)]
 pub struct OutgoingViewingKey(pub [u8; 32]);
 
@@ -683,7 +683,7 @@ impl From<OutgoingViewingKey> for [u8; 32] {
 impl From<FullViewingKey> for OutgoingViewingKey {
     /// Derive an `OutgoingViewingKey` from a `FullViewingKey`.
     ///
-    /// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+    /// [4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
     #[allow(non_snake_case)]
     fn from(fvk: FullViewingKey) -> OutgoingViewingKey {
         let R = fvk.to_R();
@@ -712,7 +712,7 @@ impl PartialEq<[u8; 32]> for OutgoingViewingKey {
 /// the sequence, which matches the capabilities of a Sapling _extended full
 /// viewing key_ but simplifies the key structure."
 ///
-/// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+/// [4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
 /// [ZIP-32]: https://zips.z.cash/zip-0032#orchard-diversifier-derivation
 #[derive(Copy, Clone, PartialEq)]
 pub struct DiversifierKey([u8; 32]);
@@ -729,7 +729,7 @@ impl From<FullViewingKey> for DiversifierKey {
     ///
     /// Derived as specied in section [4.2.3] of the spec, and [ZIP-32].
     ///
-    /// [4.2.3]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+    /// [4.2.3]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
     /// [ZIP-32]: https://zips.z.cash/zip-0032#orchard-diversifier-derivation
     #[allow(non_snake_case)]
     fn from(fvk: FullViewingKey) -> DiversifierKey {
@@ -751,7 +751,7 @@ impl From<DiversifierKey> for [u8; 32] {
 /// Combined with an `IncomingViewingKey`, produces a _diversified
 /// payment address_.
 ///
-/// [ps]: https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+/// [ps]: https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
 #[derive(Copy, Clone, Eq, PartialEq)]
 #[cfg_attr(
     any(test, feature = "proptest-impl"),
@@ -823,7 +823,7 @@ impl TryFrom<Diversifier> for pallas::Affine {
 impl Diversifier {
     /// Generate a new `Diversifier`.
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+    /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
     pub fn new<T>(csprng: &mut T) -> Self
     where
         T: RngCore + CryptoRng,
@@ -845,7 +845,7 @@ impl Diversifier {
 /// Derived by multiplying a Pallas point [derived][concretediversifyhash] from
 /// a `Diversifier` by the `IncomingViewingKey` scalar.
 ///
-/// [concretediversifyhash]: https://zips.z.cash/protocol/protocol.pdf#concretediversifyhash
+/// [concretediversifyhash]: https://zips.z.cash/protocol/nu5.pdf#concretediversifyhash
 /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
 #[derive(Copy, Clone, PartialEq)]
 pub struct TransmissionKey(pub pallas::Affine);
@@ -891,8 +891,8 @@ impl From<(IncomingViewingKey, Diversifier)> for TransmissionKey {
     ///
     ///  KA^Orchard.DerivePublic(sk, B) := [sk] B
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#orchardkeycomponents
+    /// https://zips.z.cash/protocol/nu5.pdf#orchardkeycomponents
-    /// https://zips.z.cash/protocol/protocol.pdf#concreteorchardkeyagreement
+    /// https://zips.z.cash/protocol/nu5.pdf#concreteorchardkeyagreement
     fn from((ivk, d): (IncomingViewingKey, Diversifier)) -> Self {
         let g_d = pallas::Point::from(d);
 
@@ -908,7 +908,7 @@ impl PartialEq<[u8; 32]> for TransmissionKey {
 
 /// An ephemeral public key for Orchard key agreement.
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#concreteorchardkeyagreement
+/// https://zips.z.cash/protocol/nu5.pdf#concreteorchardkeyagreement
 /// https://zips.z.cash/protocol/nu5.pdf#saplingandorchardencrypt
 #[derive(Copy, Clone, Deserialize, PartialEq, Serialize)]
 pub struct EphemeralPublicKey(#[serde(with = "serde_helpers::Affine")] pub pallas::Affine);

zebra-chain/src/orchard/note/nullifiers.rs

@@ -28,7 +28,7 @@ fn poseidon_hash(_x: pallas::Base, _y: pallas::Base) -> pallas::Base {
 ///
 /// PRF^nfOrchard(nk*, ρ*) := PoseidonHash(nk*, ρ*)
 ///
-/// [concreteprfs]: https://zips.z.cash/protocol/protocol.pdf#concreteprfs
+/// [concreteprfs]: https://zips.z.cash/protocol/nu5.pdf#concreteprfs
 /// [poseidonhash]: https://zips.z.cash/protocol/nu5.pdf#poseidonhash
 fn prf_nf(nk: pallas::Base, rho: pallas::Base) -> pallas::Base {
     poseidon_hash(nk, rho)

zebra-chain/src/orchard/sinsemilla.rs

@@ -26,7 +26,7 @@ pub fn extract_p(point: pallas::Point) -> pallas::Base {
 /// as a domain separator to distinguish uses of the group hash for different
 /// purposes; the second input element is the message.
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#concretegrouphashpallasandvesta
+/// https://zips.z.cash/protocol/nu5.pdf#concretegrouphashpallasandvesta
 #[allow(non_snake_case)]
 pub fn pallas_group_hash(D: &[u8], M: &[u8]) -> pallas::Point {
     let domain_separator = std::str::from_utf8(D).unwrap();
@@ -36,7 +36,7 @@ pub fn pallas_group_hash(D: &[u8], M: &[u8]) -> pallas::Point {
 
 /// Q(D) := GroupHash^P(︀“z.cash:SinsemillaQ”, D)
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#concretesinsemillahash
+/// https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash
 #[allow(non_snake_case)]
 fn Q(D: &[u8]) -> pallas::Point {
     pallas_group_hash(b"z.cash:SinsemillaQ", D)
@@ -46,7 +46,7 @@ fn Q(D: &[u8]) -> pallas::Point {
 ///
 /// S: {0 .. 2^k - 1} -> P^*, aka 10 bits hashed into the group
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#concretesinsemillahash
+/// https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash
 #[allow(non_snake_case)]
 fn S(j: &u16) -> pallas::Point {
     // The value of j is a 10-bit value, therefore must never exceed 2^10 in
@@ -64,7 +64,7 @@ fn S(j: &u16) -> pallas::Point {
 /// the Sinsemilla hash for the Orchard incremental Merkle tree (§ 5.4.1.3
 /// ‘MerkleCRH^Orchard Hash Function’).
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#concretesinsemillahash
+/// https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash
 ///
 /// # Panics
 ///
@@ -81,7 +81,7 @@ pub fn sinsemilla_hash_to_point(D: &[u8], M: &BitVec<Lsb0, u8>) -> pallas::Point
     // Split M into n segments of k bits, where k = 10 and c = 253, padding
     // the last segment with zeros.
     //
-    // https://zips.z.cash/protocol/protocol.pdf#concretesinsemillahash
+    // https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash
     for chunk in M.chunks(k) {
         // Pad each chunk with zeros.
         let mut store = 0u16;
@@ -113,7 +113,7 @@ pub fn sinsemilla_hash_to_point(D: &[u8], M: &BitVec<Lsb0, u8>) -> pallas::Point
 /// PedersenHash) is to make efcient use of the lookups available in recent
 /// proof systems including Halo 2."
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#concretesinsemillahash
+/// https://zips.z.cash/protocol/nu5.pdf#concretesinsemillahash
 ///
 /// # Panics
 ///

zebra-chain/src/orchard/tree.rs

@@ -50,7 +50,7 @@ fn merkle_crh_orchard(layer: u8, left: [u8; 32], right: [u8; 32]) -> [u8; 32] {
 lazy_static! {
     /// Orchard note commitment trees have a max depth of 32.
     ///
-    /// https://zips.z.cash/protocol/protocol.pdf#constants
+    /// https://zips.z.cash/protocol/nu5.pdf#constants
     static ref EMPTY_ROOTS: Vec<[u8; 32]> = {
         // Uncommitted^Orchard = I2LEBSP_l_MerkleOrchard(1)
         let mut v = vec![jubjub::Fq::one().to_bytes()];
@@ -68,7 +68,7 @@ lazy_static! {
 /// The index of a note’s commitment at the leafmost layer of its
 /// `NoteCommitmentTree`.
 ///
-/// https://zips.z.cash/protocol/protocol.pdf#merkletree
+/// https://zips.z.cash/protocol/nu5.pdf#merkletree
 // XXX: dedupe with sapling?
 pub struct Position(pub(crate) u64);