|
|
|
@ -111,6 +111,9 @@ |
|
|
|
|
|
|
|
\newcommand{\hairspace}{~\!} |
|
|
|
|
|
|
|
\newcommand{\hfrac}[2]{\scalebox{0.8}{$\genfrac{}{}{0.5pt}{0}{#1}{#2}$}} |
|
|
|
|
|
|
|
|
|
|
|
\RequirePackage[usenames,dvipsnames]{xcolor} |
|
|
|
% https://en.wikibooks.org/wiki/LaTeX/Colors#The_68_standard_colors_known_to_dvips |
|
|
|
\newcommand{\todo}[1]{{\color{Sepia}\sf{TODO: #1}}} |
|
|
|
@ -204,12 +207,17 @@ |
|
|
|
\newcommand{\BlockHeaders}{\titleterm{Block Headers}} |
|
|
|
\newcommand{\blockVersionNumber}{\term{block version number}} |
|
|
|
\newcommand{\blockTime}{\term{block time}} |
|
|
|
\newcommand{\blockHeight}{\term{block height}} |
|
|
|
\newcommand{\genesisBlock}{\term{genesis block}} |
|
|
|
\newcommand{\transaction}{\term{transaction}} |
|
|
|
\newcommand{\transactions}{\term{transactions}} |
|
|
|
\newcommand{\Transactions}{\titleterm{Transactions}} |
|
|
|
\newcommand{\transactionFee}{\term{transaction fee}} |
|
|
|
\newcommand{\transactionFees}{\term{transaction fees}} |
|
|
|
\newcommand{\transactionVersionNumber}{\term{transaction version number}} |
|
|
|
\newcommand{\coinbaseTransaction}{\term{coinbase transaction}} |
|
|
|
\newcommand{\coinbaseTransactions}{\term{coinbase transactions}} |
|
|
|
\newcommand{\CoinbaseTransactions}{\titleterm{Coinbase Transactions}} |
|
|
|
\newcommand{\transparent}{\term{transparent}} |
|
|
|
\newcommand{\xTransparent}{\term{Transparent}} |
|
|
|
\newcommand{\transparentValuePool}{\term{transparent value pool}} |
|
|
|
@ -406,7 +414,6 @@ |
|
|
|
% Notes |
|
|
|
\newcommand{\Value}{\mathsf{v}} |
|
|
|
\newcommand{\ValueNew}[1]{\mathsf{v^{new}_\mathnormal{#1}}} |
|
|
|
\newcommand{\MAXMONEY}{\mathsf{MAX\_MONEY}} |
|
|
|
\newcommand{\NoteTuple}[1]{\mathbf{n}_{#1}} |
|
|
|
\newcommand{\NoteType}{\mathsf{Note}} |
|
|
|
\newcommand{\NotePlaintext}[1]{\mathbf{np}_{#1}} |
|
|
|
@ -431,6 +438,32 @@ |
|
|
|
\newcommand{\DecryptNote}{\mathtt{DecryptNote}} |
|
|
|
\newcommand{\ReplacementCharacter}{\textsf{U+FFFD}} |
|
|
|
|
|
|
|
% Money supply |
|
|
|
\newcommand{\MAXMONEY}{\mathsf{MAX\_MONEY}} |
|
|
|
\newcommand{\BlockSubsidy}{\mathsf{BlockSubsidy}} |
|
|
|
\newcommand{\MinerSubsidy}{\mathsf{MinerSubsidy}} |
|
|
|
\newcommand{\FoundersReward}{\mathsf{FoundersReward}} |
|
|
|
\newcommand{\SlowStartInterval}{\mathsf{SlowStartInterval}} |
|
|
|
\newcommand{\SlowStartShift}{\mathsf{SlowStartShift}} |
|
|
|
\newcommand{\SlowStartRate}{\mathsf{SlowStartRate}} |
|
|
|
\newcommand{\HalvingInterval}{\mathsf{HalvingInterval}} |
|
|
|
\newcommand{\MaxBlockSubsidy}{\mathsf{MaxBlockSubsidy}} |
|
|
|
\newcommand{\NumFounderAddresses}{\mathsf{NumFounderAddresses}} |
|
|
|
\newcommand{\FounderAddressChangeInterval}{\mathsf{FounderAddressChangeInterval}} |
|
|
|
\newcommand{\FoundersFraction}{\mathsf{FoundersFraction}} |
|
|
|
\newcommand{\BlockHeight}{\mathsf{height}} |
|
|
|
\newcommand{\Halving}{\mathsf{Halving}} |
|
|
|
\newcommand{\FounderAddress}{\mathsf{FounderAddress}} |
|
|
|
\newcommand{\FounderAddressList}{\mathsf{FounderAddressList}} |
|
|
|
\newcommand{\FounderAddressIndex}{\mathsf{FounderAddressIndex}} |
|
|
|
\newcommand{\ScriptHash}{\mathsf{ScriptHash}} |
|
|
|
|
|
|
|
\newcommand{\blockSubsidy}{\term{block subsidy}} |
|
|
|
\newcommand{\minerSubsidy}{\term{miner subsidy}} |
|
|
|
\newcommand{\foundersReward}{\term{Founders' Reward}} |
|
|
|
\newcommand{\slowStartPeriod}{\term{slow-start period}} |
|
|
|
\newcommand{\halvingInterval}{\term{halving interval}} |
|
|
|
|
|
|
|
% Signatures |
|
|
|
\newcommand{\Sig}{\mathsf{Sig}} |
|
|
|
\newcommand{\SigPublic}{\mathsf{Sig.Public}} |
|
|
|
@ -820,9 +853,11 @@ The symbol $\bot$ is used to indicate unavailable information or a failed decryp |
|
|
|
The following integer constants will be instantiated in \crossref{constants}: |
|
|
|
$\MerkleDepth$, $\NOld$, $\NNew$, $\MerkleHashLength$, $\hSigLength$, |
|
|
|
$\PRFOutputLength$, $\NoteCommitRandLength$, $\RandomSeedLength$, $\AuthPrivateLength$, |
|
|
|
$\NoteAddressPreRandLength$, $\MAXMONEY$. The bit sequence constant |
|
|
|
$\Uncommitted \typecolon \bitseq{\MerkleHashLength}$ will also be defined in |
|
|
|
that section. |
|
|
|
$\NoteAddressPreRandLength$, $\MAXMONEY$, $\SlowStartInterval$, $\HalvingInterval$, |
|
|
|
$\MaxBlockSubsidy$, $\NumFounderAddresses$. |
|
|
|
The bit sequence constant $\Uncommitted \typecolon \bitseq{\MerkleHashLength}$ |
|
|
|
and the rational constant $\FoundersFraction \typecolon \Rat$ will also be defined |
|
|
|
in that section. |
|
|
|
|
|
|
|
|
|
|
|
\nsection{Concepts} |
|
|
|
@ -1032,21 +1067,26 @@ the \fullnode's \blockchainview, the containing transaction will be rejected, si |
|
|
|
it would otherwise result in a double-spend. |
|
|
|
|
|
|
|
|
|
|
|
\nsubsection{Coinbase Transactions} |
|
|
|
\nsubsection{Block Subsidy and Founders' Reward} \label{subsidyconcepts} |
|
|
|
|
|
|
|
The first \transaction in a block must be a \coinbaseTransaction, which should |
|
|
|
collect and spend any block reward and transaction fees paid by \transactions |
|
|
|
included in this block. |
|
|
|
Like \Bitcoin, \Zcash creates currency when \blocks are mined. The value created on |
|
|
|
mining a \block is called the \blockSubsidy. It is composed of a \minerSubsidy and a |
|
|
|
\foundersReward. As in \Bitcoin, the miner of a \block also receives \transactionFees. |
|
|
|
|
|
|
|
\nsubsubsection{Block Subsidy and Transaction Fees} |
|
|
|
The amount of the \blockSubsidy and \minerSubsidy depends on the \blockHeight. |
|
|
|
The \blockHeight of the \genesisBlock is 0, and the \blockHeight of each subsequent \block in |
|
|
|
the \blockchain increments by 1. |
|
|
|
|
|
|
|
\todo{Describe money supply curve.} |
|
|
|
\todo{Miner's reward = transaction fees + block subsidy - founder's reward} |
|
|
|
The calculations of the \blockSubsidy, \minerSubsidy, and \foundersReward for a |
|
|
|
given \blockHeight are given in \crossref{subsidies}. |
|
|
|
|
|
|
|
\nsubsubsection{Coinbase outputs} |
|
|
|
|
|
|
|
\todo{Coinbase maturity rule.} |
|
|
|
\todo{Any tx with a coinbase input must have no \transparent outputs (vout).} |
|
|
|
\nsubsection{\CoinbaseTransactions} |
|
|
|
|
|
|
|
The first \transaction in a block must be a \coinbaseTransaction, which should |
|
|
|
collect and spend any \minerSubsidy and \transactionFees paid by \transactions |
|
|
|
included in this \block. The \coinbaseTransaction must also pay the \foundersReward |
|
|
|
as described in \crossref{coinbases}. |
|
|
|
|
|
|
|
|
|
|
|
\nsection{Abstract Protocol} |
|
|
|
@ -1857,9 +1897,14 @@ Define: |
|
|
|
\item[] $\NoteCommitRandLength \typecolon \Nat := \changed{256}$ |
|
|
|
\item[] $\changed{\RandomSeedLength \typecolon \Nat := 256}$ |
|
|
|
\item[] $\AuthPrivateLength \typecolon \Nat := \changed{252}$ |
|
|
|
\item[] $\NoteAddressPreRandLength \typecolon \Nat := \changed{252}$ |
|
|
|
\item[] $\changed{\NoteAddressPreRandLength \typecolon \Nat := 252}$ |
|
|
|
\item[] $\Uncommitted \typecolon \bitseq{\MerkleHashLength} := \zeros{\MerkleHashLength}$ |
|
|
|
\item[] $\MAXMONEY \typecolon \Nat := \changed{2.1 \mult 10^{15}}$ (\zatoshi) |
|
|
|
\item[] $\SlowStartInterval \typecolon \Nat := 20000$ |
|
|
|
\item[] $\HalvingInterval \typecolon \Nat := 840000$ |
|
|
|
\item[] $\MaxBlockSubsidy \typecolon \Nat := 1.25 \mult 10^9$ (\zatoshi) |
|
|
|
\item[] $\NumFounderAddresses \typecolon \Nat := \begin{cases} 48,&\!\!\text{on mainnet} \\ 3,&\!\!\text{on testnet} \end{cases}$ |
|
|
|
\item[] $\FoundersFraction \typecolon \Rat := \frac{1}{5}$. |
|
|
|
\end{itemize} |
|
|
|
|
|
|
|
|
|
|
|
@ -2903,6 +2948,79 @@ Unlike \Bitcoin, the difficulty adjustment occurs after every block. |
|
|
|
\todo{Describe the algorithm.} |
|
|
|
|
|
|
|
|
|
|
|
\nsubsection{Calculation of Block Subsidy and Founders' Reward} \label{subsidies} |
|
|
|
|
|
|
|
\crossref{subsidyconcepts} defines the \blockSubsidy, \minerSubsidy, and \foundersReward. |
|
|
|
Their amounts in \zatoshi are calculated from the \blockHeight using |
|
|
|
the formulae below. The constants $\SlowStartInterval$, $\HalvingInterval$, |
|
|
|
$\MaxBlockSubsidy$, and $\FoundersFraction$ are instantiated in \crossref{constants}. |
|
|
|
|
|
|
|
\vspace{2ex} |
|
|
|
\hskip 1em $\SlowStartShift \typecolon \Nat := \hfrac{\SlowStartInterval}{2}$ |
|
|
|
|
|
|
|
\hskip 1em $\SlowStartRate \typecolon \Nat := \hfrac{\MaxBlockSubsidy}{\SlowStartInterval}$ |
|
|
|
|
|
|
|
\hskip 1em $\Halving(\BlockHeight) := \floor{\hfrac{\BlockHeight - \SlowStartShift}{\HalvingInterval}}$ |
|
|
|
|
|
|
|
\hskip 1em $\BlockSubsidy(\BlockHeight) := \begin{cases} |
|
|
|
\SlowStartRate \mult \BlockHeight,&\!\!\text{if } \BlockHeight < \hfrac{\SlowStartInterval}{2} \\[1.4ex] |
|
|
|
\SlowStartRate \mult (\BlockHeight + 1),&\!\!\text{if } \hfrac{\SlowStartInterval}{2} \leq \BlockHeight < \SlowStartInterval \\[1.4ex] |
|
|
|
\floor{\hfrac{\MaxBlockSubsidy}{2^{\Halving(\BlockHeight)}}},&\!\!\text{otherwise} |
|
|
|
\end{cases}$ |
|
|
|
|
|
|
|
\hskip 1em $\FoundersReward(\BlockHeight) := \begin{cases} |
|
|
|
\BlockSubsidy(\BlockHeight) \mult \FoundersFraction,&\!\!\!\text{if } \BlockHeight < \SlowStartShift + \HalvingInterval \\ |
|
|
|
0,&\!\!\!\text{otherwise} |
|
|
|
\end{cases}$ |
|
|
|
|
|
|
|
\hskip 1em $\MinerSubsidy(\BlockHeight) := \BlockSubsidy(\BlockHeight) - \FoundersReward(\BlockHeight)$. |
|
|
|
|
|
|
|
|
|
|
|
\nsubsection{Coinbase outputs} \label{coinbases} |
|
|
|
|
|
|
|
\todo{Coinbase maturity rule.} |
|
|
|
\todo{Any tx with a coinbase input must have no \transparent outputs (vout).} |
|
|
|
|
|
|
|
The \foundersReward is paid by a \transparent output in the \coinbaseTransaction, to |
|
|
|
one of $\NumFounderAddresses$ \transparent addresses, depending on the \blockHeight. |
|
|
|
|
|
|
|
Let $\SlowStartShift$ be defined as in the previous section. |
|
|
|
|
|
|
|
\renewcommand{\arraystretch}{0.95} |
|
|
|
|
|
|
|
For mainnet, $\FounderAddressList_{\mathrm{1}..\NumFounderAddresses}$ is \todo{}. |
|
|
|
|
|
|
|
For testnet, $\FounderAddressList_{\mathrm{1}..\NumFounderAddresses}$ is: |
|
|
|
|
|
|
|
\begin{tabular}{@{\hskip 2.5em}l@{\;}l} |
|
|
|
[& \ascii{2N2e2FRfP9D1dRN1oRWkH7pbFM69eGNAuQ4}, \\ |
|
|
|
& \ascii{2N34hYM1s153468KeHZU8Ts3acHiaatrrAj}, \\ |
|
|
|
& \ascii{2MtnWxFk3WQL2ry9eq9HdnFo3VhDv8kFEuA}\, ] |
|
|
|
\end{tabular} |
|
|
|
|
|
|
|
\renewcommand{\arraystretch}{1} |
|
|
|
|
|
|
|
Define: |
|
|
|
|
|
|
|
\begin{itemize} |
|
|
|
\item[] $\FounderAddressChangeInterval := \ceiling{\hfrac{\SlowStartShift + \HalvingInterval}{\NumFounderAddresses}}$ |
|
|
|
\item[] $\FounderAddressIndex(\BlockHeight) := 1 + \floor{\hfrac{\BlockHeight}{\FounderAddressChangeInterval}}$. |
|
|
|
\end{itemize} |
|
|
|
|
|
|
|
Then the \foundersReward for \blockHeight $\BlockHeight$ \MUST be paid to |
|
|
|
the address with Base58Check representation given by |
|
|
|
$\FounderAddressList_{\,\FounderAddressIndex(\BlockHeight)}$, provided that |
|
|
|
$\BlockHeight < \SlowStartShift + \HalvingInterval$. No \foundersReward is required |
|
|
|
to be paid for $\BlockHeight \geq \SlowStartShift + \HalvingInterval$ (i.e. after |
|
|
|
the first halving). |
|
|
|
|
|
|
|
Each address representation in $\FounderAddressList$ denotes a \transparent |
|
|
|
P2SH multisig address. The payment \MUST be performed using a P2SH script |
|
|
|
of the form \ScriptOP{HASH160} \;$\ScriptHash$\; \ScriptOP{EQUAL}, |
|
|
|
where $\ScriptHash$ is the standard redeem script hash for the given |
|
|
|
P2SH multisig address \cite{Bitcoin-Multisig}. |
|
|
|
|
|
|
|
|
|
|
|
\nsection{Differences from the Zerocash paper} \label{differences} |
|
|
|
|
|
|
|
\nsubsection{Transaction Structure} \label{trstructure} |
|
|
|
@ -3318,6 +3436,8 @@ The errors in the proof of Ledger Indistinguishability mentioned in |
|
|
|
\subparagraph{2016.0-beta-1.4} |
|
|
|
|
|
|
|
\begin{itemize} |
|
|
|
\item Specify the \blockSubsidy, \minerSubsidy, and the \foundersReward. |
|
|
|
\item Specify \coinbaseTransaction outputs to \foundersReward addresses. |
|
|
|
\item Improve notation (for example ``$\mult$'' for multiplication and |
|
|
|
``$\typeexp{T}{\ell}$'' for sequence types) to avoid ambiguity. |
|
|
|
\end{itemize} |
|
|
|
|
Daira Hopwood
8 years ago