|
|
@ -713,7 +713,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg |
|
|
|
\newcommand{\rt}{\mathsf{rt}} |
|
|
|
\newcommand{\treepath}[1]{\mathsf{path}_{#1}} |
|
|
|
\newcommand{\Receive}{\mathsf{Receive}} |
|
|
|
\newcommand{\EnforceCommit}[1]{\mathsf{enforce}_{#1}} |
|
|
|
\newcommand{\EnforceMerklePath}[1]{\mathsf{enforceMerklePath}_{~\!\!#1}} |
|
|
|
|
|
|
|
|
|
|
|
\newcommand{\consensusrule}[1]{\needspace{3ex}\subparagraph{Consensus rule:}{#1}} |
|
|
@ -1762,7 +1762,7 @@ as follows: |
|
|
|
\item Compute $\nfOld{i} := \PRFnf{\AuthPrivateOld{i}}(\NoteAddressRandOld{i})$. |
|
|
|
\item Construct a \dummy \merklePath $\treepath{i}$ for use in the |
|
|
|
\auxiliaryInput to the \joinSplitStatement (this will not be checked). |
|
|
|
\item When generating the \joinSplitProof\!\!, set $\EnforceCommit{i}$ to $0$. |
|
|
|
\item When generating the \joinSplitProof\!\!, set $\EnforceMerklePath{i}$ to $0$. |
|
|
|
\end{itemize} |
|
|
|
} |
|
|
|
|
|
|
@ -1915,7 +1915,7 @@ the prover knows an \term{auxiliary input}: |
|
|
|
\nNew{\allNew} \typecolon \typeexp{\NoteType}{\NOld}\changed{,}\\ |
|
|
|
\hphantom{(} |
|
|
|
\changed{\NoteAddressPreRand \typecolon \bitseq{\NoteAddressPreRandLength}, |
|
|
|
\EnforceCommit{\allOld} \typecolon \bitseq{\NOld}})$, |
|
|
|
\EnforceMerklePath{\allOld} \typecolon \bitseq{\NOld}})$, |
|
|
|
\end{formulae} |
|
|
|
|
|
|
|
\introlist |
|
|
@ -1933,7 +1933,7 @@ such that the following conditions hold: |
|
|
|
|
|
|
|
\subparagraph{Merkle path validity} \label{merklepathvalidity} |
|
|
|
|
|
|
|
for each $i \in \setofOld$ \changed{$\mid$ $\EnforceCommit{i} = 1$}: |
|
|
|
for each $i \in \setofOld$ \changed{$\mid$ $\EnforceMerklePath{i} = 1$}: |
|
|
|
$\treepath{i}$ must be a valid \merklePath of depth $\MerkleDepth$, as defined in |
|
|
|
\crossref{merklepath}, from $\NoteCommit(\nOld{i})$ to \noteCommitmentTree root $\rt$. |
|
|
|
|
|
|
@ -1941,9 +1941,9 @@ $\treepath{i}$ must be a valid \merklePath of depth $\MerkleDepth$, as defined i |
|
|
|
given in \cite[section 4.2]{BCG+2014}. |
|
|
|
|
|
|
|
\changed{ |
|
|
|
\subparagraph{Commitment Enforcement} |
|
|
|
\subparagraph{Merkle path enforcement} |
|
|
|
|
|
|
|
for each $i \in \setofOld$, if $\vOld{i} \neq 0$ then $\EnforceCommit{i} = 1$. |
|
|
|
for each $i \in \setofOld$, if $\vOld{i} \neq 0$ then $\EnforceMerklePath{i} = 1$. |
|
|
|
} |
|
|
|
|
|
|
|
\subparagraph{Balance} |
|
|
@ -4100,6 +4100,13 @@ The errors in the proof of Ledger Indistinguishability mentioned in |
|
|
|
\introlist |
|
|
|
\nsection{Change history} |
|
|
|
|
|
|
|
\subparagraph{2017.0-beta-2.4} |
|
|
|
|
|
|
|
\begin{itemize} |
|
|
|
\item Rename $\mathsf{enforce}_i$ to $\EnforceMerklePath{i}$. |
|
|
|
\end{itemize} |
|
|
|
|
|
|
|
\introlist |
|
|
|
\subparagraph{2017.0-beta-2.3} |
|
|
|
|
|
|
|
\begin{itemize} |
|
|
|