|
|
|
@ -333,18 +333,18 @@ |
|
|
|
\newcommand{\PaymentAddressSecondByte}{\hexint{9A}} |
|
|
|
\newcommand{\SpendingKeyLeadByte}{\hexint{AB}} |
|
|
|
\newcommand{\SpendingKeySecondByte}{\hexint{36}} |
|
|
|
\newcommand{\PtoSHAddressLeadByte}{\hexint{1B}} |
|
|
|
\newcommand{\PtoSHAddressSecondByte}{\hexint{9C}} |
|
|
|
\newcommand{\PtoPKHAddressLeadByte}{\hexint{1B}} |
|
|
|
\newcommand{\PtoPKHAddressSecondByte}{\hexint{97}} |
|
|
|
\newcommand{\PaymentAddressTestnetLeadByte}{\hexint{14}} |
|
|
|
\newcommand{\PaymentAddressTestnetSecondByte}{\hexint{51}} |
|
|
|
\newcommand{\SpendingKeyTestnetLeadByte}{\hexint{B1}} |
|
|
|
\newcommand{\SpendingKeyTestnetSecondByte}{\hexint{EB}} |
|
|
|
\newcommand{\PtoSHAddressTestnetLeadByte}{\hexint{1B}} |
|
|
|
\newcommand{\PtoSHAddressTestnetSecondByte}{\hexint{9A}} |
|
|
|
\newcommand{\PtoPKHAddressTestnetLeadByte}{\hexint{1C}} |
|
|
|
\newcommand{\PtoPKHAddressTestnetSecondByte}{\hexint{05}} |
|
|
|
\newcommand{\PtoSHAddressLeadByte}{\hexint{1C}} |
|
|
|
\newcommand{\PtoSHAddressSecondByte}{\hexint{BD}} |
|
|
|
\newcommand{\PtoPKHAddressLeadByte}{\hexint{1C}} |
|
|
|
\newcommand{\PtoPKHAddressSecondByte}{\hexint{B8}} |
|
|
|
\newcommand{\PaymentAddressTestnetLeadByte}{\hexint{16}} |
|
|
|
\newcommand{\PaymentAddressTestnetSecondByte}{\hexint{B6}} |
|
|
|
\newcommand{\SpendingKeyTestnetLeadByte}{\hexint{AC}} |
|
|
|
\newcommand{\SpendingKeyTestnetSecondByte}{\hexint{08}} |
|
|
|
\newcommand{\PtoSHAddressTestnetLeadByte}{\hexint{1C}} |
|
|
|
\newcommand{\PtoSHAddressTestnetSecondByte}{\hexint{BA}} |
|
|
|
\newcommand{\PtoPKHAddressTestnetLeadByte}{\hexint{1D}} |
|
|
|
\newcommand{\PtoPKHAddressTestnetSecondByte}{\hexint{25}} |
|
|
|
\newcommand{\NotePlaintextLeadByte}{\hexint{00}} |
|
|
|
\newcommand{\AuthPublic}{\mathsf{a_{pk}}} |
|
|
|
\newcommand{\AuthPrivate}{\mathsf{a_{sk}}} |
|
|
|
@ -2443,11 +2443,11 @@ The raw encoding of a P2PKH address consists of: |
|
|
|
\begin{pnotes} |
|
|
|
\item In \Bitcoin a single byte is used for the version field identifying |
|
|
|
the address type. In \Zcash two bytes are used. For addresses on |
|
|
|
the production network, this fixes the first two characters of the |
|
|
|
Base58Check encoding to be \ascii{r3} for P2SH addresses, or |
|
|
|
\ascii{r1} for P2PKH addresses. (This does \emph{not} imply that a |
|
|
|
\transparent \Zcash address can be parsed in the same way as a |
|
|
|
\Bitcoin address just by removing the \ascii{r}.) |
|
|
|
the production network, this and the encoded length cause the first |
|
|
|
two characters of the Base58Check encoding to be fixed as \ascii{t3} |
|
|
|
for P2SH addresses, and as \ascii{t1} for P2PKH addresses. (This does |
|
|
|
\emph{not} imply that a \transparent \Zcash address can be parsed |
|
|
|
identically to a \Bitcoin address just by removing the \ascii{t}.) |
|
|
|
\item \Zcash does not yet support Hierarchical Deterministic Wallet |
|
|
|
addresses \cite{BIP-32}. |
|
|
|
\end{pnotes} |
|
|
|
@ -2489,6 +2489,13 @@ The raw encoding of a \paymentAddress consists of: |
|
|
|
normal encoding of a Curve25519 public key \cite{Bern2006}}. |
|
|
|
\end{itemize} |
|
|
|
|
|
|
|
\pnote{ |
|
|
|
For addresses on the production network, the lead bytes and encoded length |
|
|
|
cause the first two characters of the Base58Check encoding to be fixed as |
|
|
|
\ascii{zc}. For the test network, the first two characters are fixed as |
|
|
|
\ascii{zt}. |
|
|
|
} |
|
|
|
|
|
|
|
\nsubsubsection{Spending Keys} \label{spendingkeyencoding} |
|
|
|
|
|
|
|
A \spendingKey consists of $\AuthPrivate$, which is a sequence of \changed{252} bits. |
|
|
|
@ -2519,15 +2526,21 @@ The raw encoding of a \spendingKey consists of, in order: |
|
|
|
|
|
|
|
\changed{ |
|
|
|
The zero padding occupies the most significant 4 bits of the third byte. |
|
|
|
|
|
|
|
\pnote{ |
|
|
|
If an implementation represents $\AuthPrivate$ |
|
|
|
internally as a sequence of 32 bytes with the 4 bits of zero padding |
|
|
|
intact, it will be in the correct form for use as an input to |
|
|
|
$\PRFaddr{}$, $\PRFnf{}$, and $\PRFpk{}$ without need for bit-shifting. |
|
|
|
Future key representations may make use of these padding bits. |
|
|
|
} |
|
|
|
|
|
|
|
\begin{pnotes} |
|
|
|
\changed{ |
|
|
|
\item If an implementation represents $\AuthPrivate$ internally as a |
|
|
|
sequence of 32 bytes with the 4 bits of zero padding intact, |
|
|
|
it will be in the correct form for use as an input to $\PRFaddr{}$, |
|
|
|
$\PRFnf{}$, and $\PRFpk{}$ without need for bit-shifting. |
|
|
|
Future key representations may make use of these padding bits. |
|
|
|
} |
|
|
|
\item For addresses on the production network, the lead bytes and encoded |
|
|
|
length cause the first two characters of the Base58Check encoding to |
|
|
|
be fixed as \ascii{SK}. For the test network, the first two characters |
|
|
|
are fixed as \ascii{ST}. |
|
|
|
\end{pnotes} |
|
|
|
|
|
|
|
|
|
|
|
\nsubsection{\ZeroKnowledgeProvingSystem} \label{proofs} |
|
|
|
@ -3630,10 +3643,17 @@ The errors in the proof of Ledger Indistinguishability mentioned in |
|
|
|
|
|
|
|
\nsection{Change history} |
|
|
|
|
|
|
|
\subparagraph{2016.0-beta-1.9} |
|
|
|
|
|
|
|
\begin{itemize} |
|
|
|
\item Revise the lead bytes for \transparent P2SH and P2PKH addresses. |
|
|
|
\end{itemize} |
|
|
|
|
|
|
|
\subparagraph{2016.0-beta-1.8} |
|
|
|
|
|
|
|
\begin{itemize} |
|
|
|
\item Specify the lead bytes for \transparent P2SH and P2PKH addresses. |
|
|
|
(Note: these have since been changed.) |
|
|
|
\item Add a section on which BIPs apply to \Zcash. |
|
|
|
\item Specify that \ScriptOP{CODESEPARATOR} has been disabled, and |
|
|
|
no longer affects signature hashes. |
|
|
|
|
Daira Hopwood