|
|
@ -1299,16 +1299,6 @@ where |
|
|
|
|
|
|
|
The $\ephemeralKey$ and $\encCiphertexts$ fields together form the \notesCiphertext. |
|
|
|
|
|
|
|
\consensusrule{ |
|
|
|
$0 \leq \vpubOld \leq \MAXMONEY$, and $0 \leq \vpubNew \leq \MAXMONEY$. |
|
|
|
} |
|
|
|
|
|
|
|
\consensusrule{ |
|
|
|
Either $\vpubOld$ or $\vpubNew$ \MUST be zero. |
|
|
|
} |
|
|
|
|
|
|
|
\todo{Describe case where there are fewer than $\NOld$ real input \notes.} |
|
|
|
|
|
|
|
The value $\hSig$ is also computed from $\RandomSeed$, $\nfOld{\allOld}$, and the |
|
|
|
$\joinSplitPubKey$ of the containing \transaction: |
|
|
|
|
|
|
@ -1318,6 +1308,15 @@ $\joinSplitPubKey$ of the containing \transaction: |
|
|
|
|
|
|
|
$\hSigCRH$ is instantiated in \crossref{hsigcrh}. |
|
|
|
|
|
|
|
\begin{consensusrules} |
|
|
|
\item Elements of a \joinSplitDescription{} \MUST have the types given |
|
|
|
above (for example: $0 \leq \vpubOld \leq \MAXMONEY$ and $0 \leq \vpubNew \leq \MAXMONEY$). |
|
|
|
\item Either $\vpubOld$ or $\vpubNew$ \MUST be zero. |
|
|
|
\item The proof $\Proof_{\JoinSplit}$ \MUST be valid given a \primaryInput formed |
|
|
|
from the other fields and $\hSig$. |
|
|
|
I.e. it must be the case that $\ZKJoinSplitVerify((\rt, \nfOld{\allOld}, \cmNew{\allNew}, |
|
|
|
\vpubOld, \vpubNew, \hSig, \h{\allOld}), \Proof_{\JoinSplit}) = 1$. |
|
|
|
\end{consensusrules} |
|
|
|
|
|
|
|
\nsubsection{Sending \Notes} \label{send} |
|
|
|
|
|
|
|