|
|
|
@ -2511,10 +2511,11 @@ within the circuit was not considered to justify the benefits. |
|
|
|
|
|
|
|
\nsubsection{Changes to PRF inputs and truncation} |
|
|
|
|
|
|
|
\todo{} |
|
|
|
... |
|
|
|
|
|
|
|
%The need for collision resistance of \CRH(.) truncated to 253 bits was not |
|
|
|
%explicitly stated in \ (This does not follow from collision resistance of $\CRH$.) |
|
|
|
The need for collision resistance of $\CRH$ truncated to 253 bits was not |
|
|
|
explicitly stated in the \Zerocash paper; this does not follow from |
|
|
|
collision resistance of $\CRH$. |
|
|
|
|
|
|
|
\nsubsection{In-band secret distribution} \label{inbandrationale} |
|
|
|
|
|
|
|
@ -2665,6 +2666,7 @@ of $\PRFaddr{}$ was found by Daira Hopwood. |
|
|
|
IEEE Std 1363. |
|
|
|
\item Add a section on consensus changes from \Bitcoin, and the specification |
|
|
|
of Equihash. |
|
|
|
\item Complete the ``Differences from the \Zerocash paper'' section. |
|
|
|
\item Change the length of \memos to 512 bytes. |
|
|
|
\item Switch the \joinSplitSignature scheme to Ed25519, with consequent |
|
|
|
changes to the computation of $\hSig$. |
|
|
|
|
Daira Hopwood
8 years ago