|
|
|
@ -639,7 +639,7 @@ The encoding of a \coinPlaintext consists of, in order: |
|
|
|
\end{center} |
|
|
|
|
|
|
|
The \coinCommitmentTree is an \incrementalMerkleTree of depth $\MerkleDepth$ used to |
|
|
|
store \coinCommitments that \PourTransfers produce. Just as the \term{unspent |
|
|
|
store \coinCommitments that \pourTransfers produce. Just as the \term{unspent |
|
|
|
transaction output set} (UTXO) used in Bitcoin, it is used to express the existence |
|
|
|
of value and the capability to spend it. However, unlike the UTXO, it is \emph{not} |
|
|
|
the job of this tree to protect against double-spending, as it is append-only. |
|
|
|
@ -797,7 +797,7 @@ $\pourDescription$. \\ \hline |
|
|
|
|
|
|
|
The $\ephemeralKey$ and $\encCiphertexts$ fields together form the \coinsCiphertext. |
|
|
|
|
|
|
|
\todo{Describe case where there are fewer than $\NOld$ real input coins.} |
|
|
|
\todo{Describe case where there are fewer than $\NOld$ real input \coins.} |
|
|
|
|
|
|
|
\subsection{Computation of \hSigText} \label{hsig} |
|
|
|
|
|
|
|
@ -1098,9 +1098,9 @@ the \authKeypair private key $\AuthPrivate$; the coin is unspent if and only if |
|
|
|
$\sn = \PRFsn{\AuthPrivate}(\CoinAddressRand)$ is not in the \spentSerials |
|
|
|
for that \blockchainview. |
|
|
|
|
|
|
|
Note that a coin may change from being unspent to spent on a given \blockchainview, |
|
|
|
Note that a \coin may change from being unspent to spent on a given \blockchainview, |
|
|
|
as transactions are added to that view. Also, blockchain reorganisations may cause |
|
|
|
the transaction in which a coin was output to no longer be on the consensus |
|
|
|
the transaction in which a \coin was output to no longer be on the consensus |
|
|
|
blockchain. |
|
|
|
|
|
|
|
|
|
|
|
|
Daira Hopwood
8 years ago