|
|
@ -76,8 +76,11 @@ |
|
|
|
\newcommand{\serialNumbers}{\term{serial numbers}} |
|
|
|
% Daira: This doesn't adequately distinguish between zk stuff and transparent stuff |
|
|
|
\newcommand{\paymentAddress}{\term{payment address}} |
|
|
|
\newcommand{\paymentAddresses}{\term{payment addresses}} |
|
|
|
\newcommand{\viewingKey}{\term{viewing key}} |
|
|
|
\newcommand{\viewingKeys}{\term{viewing keys}} |
|
|
|
\newcommand{\spendingKey}{\term{spending key}} |
|
|
|
\newcommand{\spendingKeys}{\term{spending keys}} |
|
|
|
\newcommand{\keyTuple}{\term{key tuple}} |
|
|
|
\newcommand{\coinPlaintext}{\term{coin plaintext}} |
|
|
|
\newcommand{\coinPlaintexts}{\term{coin plaintexts}} |
|
|
@ -335,16 +338,16 @@ the \keyTuple are composed from three distinct keypairs, called the |
|
|
|
|
|
|
|
\begin{itemize} |
|
|
|
\item The \paymentAddress $\PaymentAddress$ is a pair |
|
|
|
$(\AuthPublic, \TransmitPublic)$, containing the \em{public} |
|
|
|
$(\AuthPublic, \TransmitPublic)$, containing the \emph{public} |
|
|
|
components of the \authKeypair and \transmitKeypair keypairs |
|
|
|
respectively. |
|
|
|
\item The \viewingKey $\ViewingKey$ is a pair |
|
|
|
$(\TransmitPrivate, \DisclosePrivate)$, containing the \em{private} |
|
|
|
$(\TransmitPrivate, \DisclosePrivate)$, containing the \emph{private} |
|
|
|
components of the \transmitKeypair and \discloseKeypair keypairs |
|
|
|
respectively. |
|
|
|
\item The \spendingKey $\SpendingKey$ is a triple |
|
|
|
$(\AuthPrivate, \TransmitPrivate, \DisclosePrivate)$, |
|
|
|
containing the \em{private} components of the \authKeypair, |
|
|
|
containing the \emph{private} components of the \authKeypair, |
|
|
|
\transmitKeypair, and \discloseKeypair keypairs respectively. |
|
|
|
\end{itemize} |
|
|
|
|
|
|
@ -353,12 +356,12 @@ Arrows point from a private component to the corresponding public |
|
|
|
component derived from it. |
|
|
|
|
|
|
|
\begin{center} |
|
|
|
\includegraphics[scale=1]{key_components} |
|
|
|
\includegraphics[scale=.5]{key_components} |
|
|
|
\end{center} |
|
|
|
|
|
|
|
Note that a \spendingKey holder can derive |
|
|
|
$(\SpendPublic, \TransmitPublic, \ViewPublic)$, and a \viewingKey holder |
|
|
|
can derive $(\TransmitPublic, \ViewPublic)$, even though these components |
|
|
|
$(\AuthPublic, \TransmitPublic, \DisclosePublic)$, and a \viewingKey holder |
|
|
|
can derive $(\TransmitPublic, \DisclosePublic)$, even though these components |
|
|
|
are not formally part of the respective keys. Implementations \MAY cache |
|
|
|
these derived public components, provided that they are deleted if the |
|
|
|
corresponding private component is deleted. |
|
|
@ -370,7 +373,7 @@ to: |
|
|
|
|
|
|
|
\begin{itemize} |
|
|
|
\item obtain a \viewingKey from a \spendingKey; and |
|
|
|
\item obtain a \publicAddress from a \spendingKey. |
|
|
|
\item obtain a \paymentAddress from a \spendingKey. |
|
|
|
\end{itemize} |
|
|
|
|
|
|
|
Users can accept payment from multiple parties with a single |
|
|
@ -385,7 +388,7 @@ case that a payee wishes to prevent this they should create a distinct |
|
|
|
|
|
|
|
A \coin (denoted $\Coin$) is a tuple $\changed{(\AuthPublic, \Value, |
|
|
|
\CoinAddressRand, \CoinCommitRand)}$ which represents that a value $\Value$ is |
|
|
|
spendable by the recipient who holds the $\authorization$ key pair |
|
|
|
spendable by the recipient who holds the $\authKeypair$ key pair |
|
|
|
$(\AuthPublic, \AuthPrivate)$ such that |
|
|
|
$\AuthPublic = \PRFaddr{\AuthPrivate}(0)$. |
|
|
|
|
|
|
@ -400,7 +403,7 @@ the value and recipient \emph{except} to those who possess these tokens. |
|
|
|
In order to transmit the secret $\Value$, $\CoinAddressRand$, and $\CoinCommitRand$ |
|
|
|
(necessary for the recipient to later spend) \changed{and also a \memo} to the |
|
|
|
recipient \emph{without} requiring an out-of-band communication channel, the |
|
|
|
$\transmitAuthority$ public key $\TransmitPublic$ is used to encrypt these |
|
|
|
$\transmitKeypair$ public key $\TransmitPublic$ is used to encrypt these |
|
|
|
secrets to form a \coinsCiphertext. The recipient's possession of the associated |
|
|
|
$(\PaymentAddress, \SpendingKey)$ (which contains both $\AuthPublic$ and |
|
|
|
$\TransmitPrivate$) is used to reconstruct the original \coin \changed{ and \memo}. |
|
|
@ -877,7 +880,7 @@ Transmitted coins are stored on the blockchain in encrypted form, together with |
|
|
|
a \coinCommitment $\cm$. |
|
|
|
|
|
|
|
The \coinPlaintexts associated with a \PourDescription are encrypted to the |
|
|
|
respective \transmitAuthority keys $\TransmitPublicNew{\mathrm{1}..\NNew}$, |
|
|
|
respective \transmitKeypair keys $\TransmitPublicNew{\mathrm{1}..\NNew}$, |
|
|
|
and the result forms a \coinsCiphertext. |
|
|
|
|
|
|
|
Each \coinPlaintext consists of $(\Value, \CoinAddressRand, \CoinCommitRand\changed{, \Memo})$, |
|
|
|