Abstractly, integers have a signedness (signed or unsigned), and a bit length.
The limits are the same as for the usual two's compliment system. All integers
in the publicly-visible \Zcash protocol are encoded in big endian two's
compliment.
If unspecified, curve points, field elements, etc., are encoded according to the
crypto libraries the \Zcash implementation uses.
\subsection{Cryptographic Functions}
\subparagraph{}
$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function is used which takes a 512-bit block and produces a 256-bit hash.
$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function is used which takes a 512-bit block and produces a 256-bit hash. This is different from the $\SHAOrig$ function, which hashes arbitrary-length strings.
\subparagraph{}
@ -209,7 +216,7 @@ The underlying $\Value$ and $\SpendAuthorityPublic$ are blinded with $\BucketRan
\end{flushright}
We say that the bucket commitment of a bucket $\Bucket$= $\BucketCommitment{\Bucket}$.
We say that the bucket commitment of a bucket $\Bucket$is $\bm=\BucketCommitment{\Bucket}$.
\subparagraph{Serials}
@ -360,16 +367,16 @@ TBD. Identical to Bitcoin?
TBD. Identical to Bitcoin?
\subsection{\Zcash Public Addresses}
\subsection{Protected Public Addresses}
A public address consists of $\SpendAuthorityPublic$ and $\TransmitPublic$.
A protected address consists of $\SpendAuthorityPublic$ and $\TransmitPublic$.
$\SpendAuthorityPublic$ is a SHA-256 compression function output.
$\TransmitPublic$ is an encryption public key (currently ECIES, but this may
change to Curve25519/crypto\_box), which is an elliptic curve point.
\subsubsection{Raw Encoding}
The raw encoding of a \Zcash public address consists of:
The raw encoding of a protected address consists of:
\begin{equation*}
\begin{bytefield}[bitwidth=0.07em]{520}
@ -397,16 +404,16 @@ produces the correct Base58 leading character}
\textbf{TODO: what about the network version byte?}
\subsection{\Zcash Private Keys}
\subsection{Protected Address Secrets}
A \Zcash private key consists of $\SpendAuthorityPrivate$ and
A protected address secret consists of $\SpendAuthorityPrivate$ and
$\TransmitPrivate$. $\SpendAuthorityPrivate$ is a SHA-256 compression function
output. $\TransmitPrivate$ is an encryption private key (currently ECIES), which
is an integer.
\subsubsection{Raw Encoding}
The raw encoding of a \Zcash private key consists of, in order:
The raw encoding of a protected address secret consists of, in order: