Abstractly, integers have a signedness (signed or unsigned), and a bit length.
The limits are the same as for the usual two's compliment system. All integers
in the publicly-visible \Zcash protocol are encoded in big endian two's
compliment.
If unspecified, curve points, field elements, etc., are encoded according to the
crypto libraries the \Zcash implementation uses.
\subsection{Cryptographic Functions}
\subparagraph{}
$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function is used which takes a 512-bit block and produces a 256-bit hash.
$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function is used which takes a 512-bit block and produces a 256-bit hash. This is different from the $\SHAOrig$ function, which hashes arbitrary-length strings.
\subparagraph{}
@ -217,7 +224,7 @@ The underlying $\Value$ and $\SpendAuthorityPublic$ are blinded with $\BucketRan
\end{flushright}
We say that the bucket commitment of a bucket $\Bucket$= $\BucketCommitment{\Bucket}$.\eli{circular definition: $b=f(b)$?}
We say that the bucket commitment of a bucket $\Bucket$is $\bm=\BucketCommitment{\Bucket}$.
\subparagraph{Serials}
@ -347,4 +354,146 @@ for each $i \in \{1, 2\}$: $h_i$ = $\PRFpk{\SpendAuthorityPrivate^{old}_i}{i-1}(
for each $i \in\{1, 2\}$: $\bm^{new}_i$ = $\BucketCommitment{\bNew{i}}$
\section{Encoding addresses, private keys, buckets, and pours}
This section describes how \Zcash encodes public addresses, private keys,
buckets, and pours.
Addresses, keys, and buckets, can be encoded as a byte string; this is called
the \emph{raw encoding}. This byte string can then be further encoded using
Base58Check. The Base58Check layer is the same as for upstream Bitcoin
addresses.
SHA-256 compression function outputs are always represented as strings of 32
bytes.
The language consisting of the following encoding possibilities is prefix-free.
\subsection{Cleartext Public Addresses}
TBD. Identical to Bitcoin?
\subsection{Cleartext Private Keys}
TBD. Identical to Bitcoin?
\subsection{Protected Public Addresses}
A protected address consists of $\SpendAuthorityPublic$ and $\TransmitPublic$.
$\SpendAuthorityPublic$ is a SHA-256 compression function output.
$\TransmitPublic$ is an encryption public key (currently ECIES, but this may
change to Curve25519/crypto\_box), which is an elliptic curve point.
\subsubsection{Raw Encoding}
The raw encoding of a protected address consists of:
\begin{equation*}
\begin{bytefield}[bitwidth=0.07em]{520}
\bitbox{80}{0x??}&
\bitbox{256}{$\SpendAuthorityPublic$ (32 bytes)}&
\bitbox{256}{A 33-byte encoding of $\TransmitPublic$}
\end{bytefield}
\end{equation*}
\begin{itemize}
\item A byte, 0x??, indicating this version of the raw encoding of a \Zcash