|
|
|
@ -2530,7 +2530,14 @@ instantiated using $\FullHashName$ as follows: |
|
|
|
The leading byte of the $\FullHash$ input is $\hexint{B0}$. |
|
|
|
} |
|
|
|
|
|
|
|
\todo{Security requirements on $\FullHashName$.} |
|
|
|
\begin{securityrequirements} |
|
|
|
\item The $\SHAName$ function must be collision-resistant. |
|
|
|
\item The $\SHAName$ function must be a PRF when keyed by the bits corresponding |
|
|
|
to the position of $\NoteCommitRand$ in the second block of $\FullHashName$ |
|
|
|
input, with input to the PRF in the remaining bits of the block and |
|
|
|
the chaining variable. |
|
|
|
\end{securityrequirements} |
|
|
|
|
|
|
|
|
|
|
|
\nsubsection{\NotePlaintexts{} and \Memos} \label{notept} |
|
|
|
|
|
|
|
@ -4077,6 +4084,14 @@ The errors in the proof of Ledger Indistinguishability mentioned in |
|
|
|
\introlist |
|
|
|
\nsection{Change history} |
|
|
|
|
|
|
|
\subparagraph{2017.0-beta-2.3} |
|
|
|
|
|
|
|
\begin{itemize} |
|
|
|
\item Specify the security requirements on the $\SHAName$ function in order |
|
|
|
for the scheme in \crossref{concretecomm} to be a secure commitment. |
|
|
|
\end{itemize} |
|
|
|
|
|
|
|
\introlist |
|
|
|
\subparagraph{2017.0-beta-2.2} |
|
|
|
|
|
|
|
\begin{itemize} |
|
|
|
|
Daira Hopwood
7 years ago