|
|
@ -382,7 +382,7 @@ Then to encrypt: |
|
|
|
\item Generate a new Curve25519 (public, private) key pair $(\EphemeralPublic, \EphemeralPrivate)$. |
|
|
|
\item For $i$ in $\{1..\NNew\}$, let $\Ciphertext{i} = \CryptoBox(\Plaintext{i}, \TransmitPublicNew{i}, \EphemeralPrivate, |
|
|
|
\Nonce(i, \EphemeralPublic, \TransmitPublicNew{i}))$. |
|
|
|
\item Let $\TransmitEncrypt{\TransmitPublicNew{1..\NNew}}(\Plaintext{1..\NNew}) = |
|
|
|
\item Let $\TransmitEncrypt{\TransmitPublicNew{\mathrm{1}..\NNew}}(\Plaintext{1..\NNew}) = |
|
|
|
(\EphemeralPublic, \Ciphertext{1..\NNew})$. |
|
|
|
\end{itemize} |
|
|
|
} |
|
|
@ -578,10 +578,10 @@ this transaction. \sean{We need to be more specific here.} |
|
|
|
\item $\scriptPubKey$ which is a \script used to satisfy the conditions of the |
|
|
|
$\scriptSig$. |
|
|
|
|
|
|
|
\item $\serials$ which is an $\NOld$ size sequence of serials $\snOld{1..\NOld}$. |
|
|
|
\item $\serials$ which is an $\NOld$ size sequence of serials $\snOld{\mathrm{1}..\NOld}$. |
|
|
|
|
|
|
|
\item $\commitments$ which is a $\NNew$ size sequence of \coinCommitments |
|
|
|
$\cmNew{1..\NNew}$. |
|
|
|
$\cmNew{\mathrm{1}..\NNew}$. |
|
|
|
|
|
|
|
\changed{ |
|
|
|
\item $\ephemeralKey$ which is a Curve25519 public key $\EphemeralPublic$. |
|
|
@ -591,7 +591,7 @@ $\cmNew{1..\NNew}$. |
|
|
|
(\changed{$\ephemeralKey$ and} $\ciphertexts$ together form the \coinsCiphertext.) |
|
|
|
|
|
|
|
\item $\vmacs$ which is a $\NOld$ size sequence of message authentication tags |
|
|
|
$\h{1..\NOld}$ that bind $\hSig$ to each $\SpendAuthorityPrivate$ of the |
|
|
|
$\h{\mathrm{1}..\NOld}$ that bind $\hSig$ to each $\SpendAuthorityPrivate$ of the |
|
|
|
$\PourDescription$. |
|
|
|
|
|
|
|
\item $\zkproof$ which is the zero-knowledge proof $\PourProof$. |
|
|
@ -641,7 +641,7 @@ exists in the map. |
|
|
|
In \Zcash, $\NOld$ and $\NNew$ are both $2$. |
|
|
|
|
|
|
|
A valid instance of $\PourProof$ assures that given a \term{primary input} |
|
|
|
$(\rt, \snOld{\mathrm{1}..\NOld}, \cmNew{1..\NNew}, \changed{\vpubOld,\;} |
|
|
|
$(\rt, \snOld{\mathrm{1}..\NOld}, \cmNew{\mathrm{1}..\NNew}, \changed{\vpubOld,\;} |
|
|
|
\vpubNew, \hSig, \h{1..\NOld})$, a witness of \term{auxiliary input} |
|
|
|
$(\treepath{1..\NOld}, \cOld{1..\NOld}, \SpendAuthorityPrivateOld{\mathrm{1}..\NOld}, |
|
|
|
\cNew{1..\NNew})$ exists, where: |
|
|
|