730f97e06c
Derive sk_enc from a_vk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
1b1e1f8456
Add lead byte to KDF input.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
95e6fc42cd
Seriously, LaTeX, this paragraph is just fine.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
a8ff6110e6
Adjust list spacing. (I'm picky about things like that.)
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
e15a4fc0a4
Clarify that the nonce to AEAD_CHACHA20_POLY1305 is 96 bits, and the key 256 bits.
fixes zips/#19
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
c57d295a38
Fix definitions of a_vk and a_pk in Pour statement. fixes zips#18
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
64c91164ab
Descriptions of scriptSig and scriptPubKey were the wrong way round. fixes zips#17
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
2fac159404
Fix index error in computation of hSig.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
26df1df754
Define some convenience macros to shorten 1..N^{old,new}.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
9bbae8ce2a
Makefile: avoid error if protocol.aux doesn't exist.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
a1b1cd62c3
Notation.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
6d25c4beb2
Be more precise about the specification of Curve25519 functions.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
a9da411767
Rearrange domain separation to make room for greater pour arities, and
state explicitly the domain separation convention for uses of the full hash.
Also bump the draft number.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
39e5992e60
Clarify endianness.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
608c0dbcb0
Fix potential attacks due to unclamped esk provided to a viewing key holder.
(The other change from epk to epk* in the KDF input is just for clarity,
since we check that epk* = epk.)
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
acf7cabe39
More PDF niceties.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
5e14841dce
Make hyperref links go to the top of the page to avoid having to scroll up.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
9069509095
Generate PDF index.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
c8e8846a53
More cosmetics.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
06e747ed1f
Suppress spurious overfull hbox warnings; other cosmetics.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
96f8c869f2
Fancy linking of cross-references and URLs.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
63b7fa7f1a
Move the specification of how a coin plaintext is encoded.
This avoids the implication that we intend it to be Base85Check-encoded,
and makes the statement about prefix-freedom true again.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
661e894907
Remove version byte in coin plaintext.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
b0f06c6589
Correct a misstatement in the 'Decryption by a Viewing Key Holder' section.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
b6f8ab3f9b
Formatting; fix key derivation diagram.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
70dede1507
Unified spec with or without viewing keys.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
605d6ef5b1
Cosmetics.
8 years ago
1875e0d389
Fix size of r in Coin Plaintexts section.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
b2ef4732af
Don't mention s in Coins section; it's confusing given that COMM^s no longer exists.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
d3b2bfe5fb
Improve presentation of decryption by viewing key holder; define \bot.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
9ad8d7ee50
Improve presentation of P^disclose, fix a use-before-definition,
and correct an N^new -> N^old.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
e634b9ceb1
Viewing key optimizations.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
d3b0cfd649
Correct confusion between N^new and N^old in decryption by a viewing key holder,
and add a clarification about a viewing key holder acting as a recipient.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
9ba83513bb
Fix length of r.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
f5ab4ef51d
Ensure that a viewing key holder can decrypt the value of the old coin.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
80dcdeef4f
"additional data" -> "associated data".
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
d7dd20d281
Wording improvement.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
65ebefd7e8
Merge "Raw Encoding" subsubsections into their parent, and correct a section title.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
f3041d4e07
The viewing key holder should check epk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
9611e0b35b
The arguments to Curve25519 multiplication were consistently the wrong way round.
Also, add the base point argument to the computation of pk_enc from sk_enc.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
c6ec1e0e07
Note about some fields not being constrained in the circuit.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
a816d1fd18
Correct an obsolete paragraph relating a_sk and a_pk.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
32963392a8
Merge branch 'master' into 406.viewing-keys.1
8 years ago
8c537c300b
Add MIT license. fixes #15
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
0770ff87dc
Acknowledgements.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
0545c5b9ca
Work in progress on "Differences from Zerocash" section.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
98398f0385
Update Pour statement for viewing keys.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
a2d625f1b2
Merge branch '738.fix-internalh-collision.0' into 406.viewing-keys.1
Includes other fixes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
ce18d51650
Proposed fix for domain separation and truncation.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
e7ad03ac52
The nonce input to the AEAD isn't long enough, so derive K^disclose_i using a PRF instead.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
8 years ago
Daira Hopwood