ZIP 307: clarify that epk is needed
The current phrasing implies the 580-byte memo ciphertext suffices for detection. Clarify that the 32-byte ephemeral public key is also needed. Also added "public" to "ephemeral key" further down.
This commit is contained in:
parent
93e5ec04fe
commit
42e05529a4
|
@ -147,13 +147,14 @@ A recipient detects their transactions by trial-decrypting this ciphertext. On a
|
|||
that has the entire block chain, the primary cost is computational. For light clients
|
||||
however, there is an additional bandwidth cost: every ciphertext on the block chain must
|
||||
be received from the server (or network node) the light client is connected to. This
|
||||
results in a total of 580 bytes per output that must be streamed to the client.
|
||||
results in a total of 580 bytes per output that must be streamed to the client (in addition
|
||||
to the 32-byte ephemeral public key).
|
||||
|
||||
However, we don't need all of that just to detect payments. The first 52 bytes of the
|
||||
ciphertext contain the contents and opening of the note commitment, which is all of the
|
||||
data needed to spend the note and to verify that the note is spendable. If we ignore the
|
||||
memo and the authentication tag, we're left with a 32-byte ephemeral key, the 32-byte note
|
||||
commitment, and only the first 52 bytes of the ciphertext for each output needed to
|
||||
memo and the authentication tag, we're left with a 32-byte ephemeral public key, the 32-byte
|
||||
note commitment, and only the first 52 bytes of the ciphertext for each output needed to
|
||||
decrypt, verify, and spend a note. This totals to 116 bytes per output, for an 80%
|
||||
reduction in bandwidth use.
|
||||
|
||||
|
|
Loading…
Reference in New Issue