diff --git a/protocol/protocol.pdf b/protocol/protocol.pdf index 5a6eb5b..3880932 100644 Binary files a/protocol/protocol.pdf and b/protocol/protocol.pdf differ diff --git a/protocol/protocol.tex b/protocol/protocol.tex index 54d732b..588bf89 100644 --- a/protocol/protocol.tex +++ b/protocol/protocol.tex @@ -11,6 +11,8 @@ \RequirePackage[unicode,bookmarksnumbered,bookmarksopen,pdfview=Fit]{hyperref} \RequirePackage{nameref} \RequirePackage{enumitem} +\RequirePackage{tabularx} +\RequirePackage{hhline} \setlength{\oddsidemargin}{-0.25in} % Left margin of 1 in + 0 in = 1 in \setlength{\textwidth}{7in} % Right margin of 8.5 in - 1 in - 6.5 in = 1 in @@ -18,6 +20,7 @@ \setlength{\textheight}{9.2in} % Lower margin of 11 in - 9 in - 1 in = 1 in \setlength{\parskip}{1.5ex} \setlength{\parindent}{0ex} +\renewcommand{\arraystretch}{1.4} \overfullrule=2cm \setlist[itemize]{itemsep=0.5ex,topsep=0.2ex,after=\vspace{1.5ex}} @@ -80,7 +83,7 @@ \newcommand{\coinCommitmentTree}{\term{coin commitment tree}} \newcommand{\PourDescription}{\term{Pour description}} \newcommand{\PourDescriptions}{\term{Pour descriptions}} -\newcommand{\sequenceOfPourDescriptions}{\changed{sequence of} \PourDescription\changed{\term{s}}} +\newcommand{\sequenceOfPourDescriptions}{\changed{sequence of} \PourDescription\changed{\term{s}}\xspace} \newcommand{\PourTransfer}{\term{Pour transfer}} \newcommand{\PourTransfers}{\term{Pour transfers}} \newcommand{\fullnode}{\term{full node}} @@ -217,6 +220,7 @@ % bitcoin \newcommand{\vin}{\mathtt{vin}} \newcommand{\vout}{\mathtt{vout}} +\newcommand{\npour}{\mathtt{npour}} \newcommand{\vpour}{\mathtt{vpour}} \newcommand{\vpubOldField}{\mathtt{vpub\_old}} \newcommand{\vpubNewField}{\mathtt{vpub\_new}} @@ -232,6 +236,9 @@ \newcommand{\discloseCiphertexts}{\mathtt{discloseCiphertexts}} \newcommand{\randomSeed}{\mathtt{randomSeed}} \newcommand{\rt}{\mathsf{rt}} +\newcommand{\Varies}{\textit{Varies}} +\newcommand{\heading}[1]{\multicolumn{1}{c|}{#1}} +\newcommand{\type}[1]{\texttt{#1}} % pour \newcommand{\hSig}{\mathsf{h_{Sig}}} @@ -245,6 +252,7 @@ \newcommand{\setofOld}{\setof{\allOld}} \newcommand{\setofNew}{\setof{\allNew}} \newcommand{\vmacs}{\mathtt{vmacs}} +\newcommand{\zkproofSize}{\mathtt{zkproofSize}} \newcommand{\zkproof}{\mathtt{zkproof}} \newcommand{\PourCircuit}{\term{\texttt{POUR} circuit}} \newcommand{\PourStatement}{\texttt{POUR}} @@ -706,62 +714,75 @@ $\vpubOld$, and creates $\NNew$ \coins $\cNew{\allNew}$ and transparent output $\vpubNew$. \changed{ -\Zcash transactions have three additional fields: -\begin{list}{}{} -\item $\vpour$, which is a \sequenceOfPourDescriptions. +\Zcash transactions have the following additional fields: -\item $\pourPubKey$ which is an encoding of a ECDSA public verification key, +\begin{center} +\begin{tabularx}{0.9\textwidth}{|c|l|l|X|} +\hline +Bytes & \heading{Name} & \heading{Data Type} & \heading{Description} \\ +\hhline{|=|=|=|=|} + +\Varies & $\npour$ & \type{compactSize uint} & The number of \PourDescriptions (i.e. +items in $\vpour$). \\ \hline + +$880 \times \npour$ & $\vpour$ & \type{PourDescription[$\npour$]} & The \sequenceOfPourDescriptions in +this \transaction. \\ \hline + +33 & $\pourPubKey$ & \type{char[33]} & An encoding of a ECDSA public verification key, using the secp256k1 curve and parameters defined in \cite{sec2-ecdsa} and -\cite{secp256k1}. +\cite{secp256k1}. \\ \hline -\item $\pourSig$ which is a signature on part of the \transaction encoding, -to be verified using $\pourPubKey$. -\end{list} +64 & $\pourSig$ & \type{char[64]} & A signature on part of the \transaction encoding, +to be verified using $\pourPubKey$. \\ \hline +\end{tabularx} +\end{center} The encoding of $\pourPubKey$ and the data to be signed are specified in more detail in \crossref{nonmalleability}. } -Each \PourDescription consists of: +Each \type{PourDescription} consists of: -\begin{list}{}{} -\changed{ -\item $\vpubOldField$ which is a value $\vpubOld$ that the \PourTransfer removes -from the value pool. -} +\begin{center} +\begin{tabularx}{0.9\textwidth}{|c|l|l|X|} +\hline +Bytes & \heading{Name} & \heading{Data Type} & \heading{Description} \\ +\hhline{|=|=|=|=|} + +\setchanged 8 &\setchanged $\vpubOldField$ &\setchanged \type{int64\_t} &\mbox{}\setchanged +A value $\vpubOld$ that the \PourTransfer removes from the value pool. \\ \hline -\item $\vpubNewField$ which is a value $\vpubNew$ that the \PourTransfer inserts -into the value pool. +8 & $\vpubNewField$ & \type{int64\_t} & A value $\vpubNew$ that the \PourTransfer inserts +into the value pool. \\ \hline -\item $\anchorField$ which is a merkle root $\rt$ of the \coinCommitmentTree at +32 & $\anchorField$ & \type{char[32]} & A merkle root $\rt$ of the \coinCommitmentTree at some block height in the past, or the merkle root produced by a previous pour in -this transaction. \sean{We need to be more specific here.} +this transaction. \sean{We need to be more specific here.} \\ \hline -\item $\serials$ which is an $\NOld$ size sequence of serials $\snOld{\allOld}$. +64 & $\serials$ & \type{char[32][$\NOld$]} & A sequence of serials $\snOld{\allOld}$. \\ \hline -\item $\commitments$ which is a $\NNew$ size sequence of \coinCommitments -$\cmNew{\allNew}$. +64 & $\commitments$ & \type{char[32][$\NNew$]}. & A sequence of \coinCommitments +$\cmNew{\allNew}$. \\ \hline -\item $\ephemeralKey$ which is a Curve25519 public key $\EphemeralPublic$. +32 & $\ephemeralKey$ & \type{char[32]} & A Curve25519 public key $\EphemeralPublic$. \\ \hline -\item $\encCiphertexts$ which is a $\NNew$ size sequence of ciphertext -components, $\TransmitCiphertext{\allNew}$. +288 & $\encCiphertexts$ & \type{char[144][$\NNew$]} & A sequence of ciphertext +components, $\TransmitCiphertext{\allNew}$. \\ \hline -\changed{ -(The preceding two fields form the \coinsCiphertext.) +\setchanged 32 &\setchanged $\randomSeed$ &\setchanged \type{char[32]} &\mbox{}\setchanged +A 256-bit seed that must be chosen independently at random for each \PourDescription. \\ \hline -\item $\randomSeed$ which is a 256-bit seed that must be chosen independently -at random for each \PourDescription. -} - -\item $\vmacs$ which is a $\NOld$ size sequence of message authentication tags +64 & $\vmacs$ & \type{char[32][$\NOld$]} & A sequence of message authentication tags $\h{\allOld}$ that bind $\hSig$ to each $\AuthPrivate$ of the -$\PourDescription$. +$\PourDescription$. \\ \hline + +288 & $\zkproof$ & \type{char[288]} & An encoding, as determined by the libsnark library +\cite{libsnark}, of the zero-knowledge proof $\PourProof$. \\ \hline -\item $\zkproof$ which is an encoding, as determined by the libsnark library -\cite{libsnark}, of the zero-knowledge proof $\PourProof$. +\end{tabularx} +\end{center} -\end{list} +The $\ephemeralKey$ and $\encCiphertexts$ fields together form the \coinsCiphertext. \todo{Describe case where there are fewer than $\NOld$ real input coins.}