duke
/
zips
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Fix some terminology and improve some things.

remove-outdated-notes
Taylor Hornby 9 years ago
parent
c8665edd14
commit
8cc631a782
2 changed files with 17 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. BIN
      protocol/protocol.pdf
  2. 27
      protocol/protocol.tex

BIN
protocol/protocol.pdf
View File

Binary file not shown.

27
protocol/protocol.tex
View File

@ -38,6 +38,7 @@
\newcommand{\PRFpk}[2]{\PRF{#1}{pk_{#2}}}
\newcommand{\SHA}{\mathtt{SHA256Compress}}
\newcommand{\SHAName}{\emph{SHA-256 compression}}
\newcommand{\SHAOrig}{\emph{SHA-256}}
\newcommand{\bm}{\mathbf{\mathtt{bm}}}
\newcommand{\InternalHashK}{\mathsf{k}}
\newcommand{\InternalHash}{\mathsf{InternalH}}
@ -95,15 +96,21 @@
\section{Concepts}
\subsection{Endianness}
\subsection{Integers and Endianness}
All numerical objects in Zcash are big endian.
Abstractly, integers have a signedness (signed or unsigned), and a bit length.
The limits are the same as for the usual two's compliment system. All integers
in the publicly-visible \Zcash protocol are encoded in big endian two's
compliment.
If unspecified, curve points, field elements, etc., are encoded according to the
crypto libraries the \Zcash implementation uses.
\subsection{Cryptographic Functions}
\subparagraph{}
$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function is used which takes a 512-bit block and produces a 256-bit hash.
$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function is used which takes a 512-bit block and produces a 256-bit hash. This is different from the $\SHAOrig$ function, which hashes arbitrary-length strings.
\subparagraph{}
@ -209,7 +216,7 @@ The underlying $\Value$ and $\SpendAuthorityPublic$ are blinded with $\BucketRan
\end{flushright}
We say that the bucket commitment of a bucket $\Bucket$ = $\BucketCommitment{\Bucket}$.
We say that the bucket commitment of a bucket $\Bucket$ is $\bm = \BucketCommitment{\Bucket}$.
\subparagraph{Serials}
@ -360,16 +367,16 @@ TBD. Identical to Bitcoin?
TBD. Identical to Bitcoin?
\subsection{\Zcash Public Addresses}
\subsection{Protected Public Addresses}
A public address consists of $\SpendAuthorityPublic$ and $\TransmitPublic$.
A protected address consists of $\SpendAuthorityPublic$ and $\TransmitPublic$.
$\SpendAuthorityPublic$ is a SHA-256 compression function output.
$\TransmitPublic$ is an encryption public key (currently ECIES, but this may
change to Curve25519/crypto\_box), which is an elliptic curve point.
\subsubsection{Raw Encoding}
The raw encoding of a \Zcash public address consists of:
The raw encoding of a protected address consists of:
\begin{equation*}
\begin{bytefield}[bitwidth=0.07em]{520}
@ -397,16 +404,16 @@ produces the correct Base58 leading character}
\textbf{TODO: what about the network version byte?}
\subsection{\Zcash Private Keys}
\subsection{Protected Address Secrets}
A \Zcash private key consists of $\SpendAuthorityPrivate$ and
A protected address secret consists of $\SpendAuthorityPrivate$ and
$\TransmitPrivate$. $\SpendAuthorityPrivate$ is a SHA-256 compression function
output. $\TransmitPrivate$ is an encryption private key (currently ECIES), which
is an integer.
\subsubsection{Raw Encoding}
The raw encoding of a \Zcash private key consists of, in order:
The raw encoding of a protected address secret consists of, in order:
\begin{equation*}
\begin{bytefield}[bitwidth=0.07em]{520}

Write Preview
Loading…
Cancel
Save