|
|
@ -1010,12 +1010,17 @@ blockchain. |
|
|
|
\changed{ |
|
|
|
\subsection{Decryption by a Viewing Key Holder} |
|
|
|
|
|
|
|
A \viewingKey holder also acts as a recipient using its $\TransmitPrivate$ key |
|
|
|
component. How to decrypt transactions using this key component is described in |
|
|
|
the preceding section. The following applies to decryption using the $\DiscloseKey{}$ |
|
|
|
component of the \viewingKey. |
|
|
|
|
|
|
|
Let $\DiscloseKey{}$ be a \viewingKey holder's \discloseKey. |
|
|
|
Then for each \PourDescription in its \blockchainview, the \viewingKey holder |
|
|
|
will attempt to decrypt the corresponding \coinsCiphertext as follows: |
|
|
|
|
|
|
|
\begin{enumerate} |
|
|
|
\item For $i$ in $\{1..\NNew\}$, |
|
|
|
\item For $i$ in $\{1..\NOld\}$, |
|
|
|
\begin{itemize} |
|
|
|
\item Let $\DerivedKey{i} := \PRFdk{\DiscloseKey{}}(i, \hSig)$. |
|
|
|
\item Let $\DisclosePlaintext{i} := \SymDecrypt{\DerivedKey{i}}(\DiscloseCiphertext{i})$. |
|
|
@ -1024,11 +1029,11 @@ and $\vOld{i} := \bot$, and continue with the next $i$. |
|
|
|
\item Extract $\SharedKey{i}$ and $\vOld{i}$ from $\DisclosePlaintext{i}$. |
|
|
|
\item Let $\SharedPlaintext{i} := \SymDecrypt{\SharedKey{i}}(\SharedCiphertext)$. |
|
|
|
\end{itemize} |
|
|
|
\item If $\SharedPlaintext{i} = \bot$ for all $i$ in $\{1..\NNew\}$, then set |
|
|
|
\item If $\SharedPlaintext{i} = \bot$ for all $i$ in $\{1..\NOld\}$, then set |
|
|
|
$\CoinPlaintext{i} = \bot$ for $i$ in $\{1..\NNew\}$ and return |
|
|
|
$(\vOld{\mathrm{1}..\NOld}, \CoinPlaintext{\mathrm{1}..\NNew})$. |
|
|
|
\item Otherwise, let $\SharedPlaintext{}$ be the first non-$\bot$ value in |
|
|
|
$\SharedPlaintext{1..\NNew}$. |
|
|
|
$\SharedPlaintext{1..\NOld}$. |
|
|
|
\item Extract $\TransmitKey{1..\NNew}$, $\TransmitPublicNew{\mathrm{1}..\NNew}$, |
|
|
|
and $\EphemeralPrivate$ from $\SharedPlaintext{}$. |
|
|
|
\item For $i$ in $\{1..\NNew\}$, |
|
|
|