From 91895ee7a7474b734bb3ec751ade102a4959b24a Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Tue, 7 Mar 2017 20:52:04 +0000
Subject: [PATCH] Clarify what a note commitment opens to in 'Omission in
 Zerocash security proof' section.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 protocol/protocol.tex | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index a99dbda..4fd70a2 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -423,6 +423,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\AuthPrivateLength}{\mathsf{\ell_{\AuthPrivate}}}
 \newcommand{\AuthPublicOld}[1]{\mathsf{a^{old}_{pk,\mathnormal{#1}}}}
 \newcommand{\AuthPrivateOld}[1]{\mathsf{a^{old}_{sk,\mathnormal{#1}}}}
+\newcommand{\AuthEmphPublicOld}[1]{\mathsf{a^{old}_{\textsf{\textbf{pk}},\mathnormal{#1}}}}
 \newcommand{\AuthPublicOldX}[1]{\mathsf{a^{old}_{pk,\mathrm{#1}}}}
 \newcommand{\AuthPrivateOldX}[1]{\mathsf{a^{old}_{sk,\mathrm{#1}}}}
 \newcommand{\AuthPublicNew}[1]{\mathsf{a^{new}_{pk,\mathnormal{#1}}}}
@@ -495,6 +496,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 % Notes
 \newcommand{\Value}{\mathsf{v}}
 \newcommand{\ValueNew}[1]{\mathsf{v^{new}_\mathnormal{#1}}}
+\newcommand{\ValueOld}[1]{\mathsf{v^{old}_\mathnormal{#1}}}
 \newcommand{\NoteTuple}[1]{\mathbf{n}_{#1}}
 \newcommand{\NoteType}{\mathsf{Note}}
 \newcommand{\NotePlaintext}[1]{\mathbf{np}_{#1}}
@@ -510,6 +512,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\NoteAddressPreRandLength}{\mathsf{\ell_{\NoteAddressPreRand}}}
 \newcommand{\NoteCommitS}{\mathsf{s}}
 \newcommand{\cm}{\mathsf{cm}}
+\newcommand{\cmOld}[1]{\mathsf{{cm}^{old}_\mathnormal{#1}}}
 \newcommand{\cmOldX}[1]{\mathsf{{cm}^{old}_\mathrm{#1}}}
 \newcommand{\cmNew}[1]{\mathsf{{cm}^{new}_\mathnormal{#1}}}
 \newcommand{\snOldX}[1]{\mathsf{{sn}^{old}_\mathrm{#1}}}
@@ -4048,7 +4051,10 @@ For the ``$\Adversary$ violates Condition I'' case, the proof says:
 \end{itemize}
 
 In fact the openings do not contain $\AuthPrivateOld{i}$; they contain
-$\AuthPublicOld{i}$.
+$\AuthEmphPublicOld{i}$. (In \Zcash $\cmOld{i}$ opens directly to
+$(\AuthEmphPublicOld{i}, \ValueOld{i}, \NoteAddressRandOld{i})$, and
+in \Zerocash it opens to $(\ValueOld{i},
+\Commit{\NoteCommitS}(\AuthEmphPublicOld{i}, \NoteAddressRandOld{i})$.)
 
 A similar error occurs in the argument for the ``$\Adversary$ violates
 Condition II'' case.
@@ -4127,6 +4133,7 @@ The errors in the proof of Ledger Indistinguishability mentioned in
 
 \begin{itemize}
     \item Clarify the consensus rule preventing double-spends.
+    \item Clarify what a \noteCommitment opens to in \crossref{crprf}.
 \end{itemize}
 
 \introlist