|
|
@ -21,6 +21,9 @@ This is an xxx HIP describing signed Sapling messages. |
|
|
|
# Motivation |
|
|
|
|
|
|
|
TLDR: Extend the `signmessage` and `verifymessage` RPCs to Sapling shielded addresses. |
|
|
|
Many people, including the author, have created Github issues asking for the ability to |
|
|
|
sign messages with zaddrs. Originally, it was not possible with Sprout addresses but |
|
|
|
now Sapling zaddrs have the internal machinery to support this use case. |
|
|
|
|
|
|
|
# Specification |
|
|
|
|
|
|
@ -34,6 +37,17 @@ which are direct shielded counterparts to the original Bitcoin RPCs: |
|
|
|
signmessage |
|
|
|
verifymessage |
|
|
|
|
|
|
|
This specification is directly influenced by various Zcash Github issues and ZIP304 |
|
|
|
such as https://github.com/zcash/zcash/issues/3159 and https://github.com/zcash/zcash/issues/1770 |
|
|
|
and the algorithm designed by Daira and other Zcash developers. We simply took the publicly |
|
|
|
defined algorithm and decided to actually implement it and decide any implementation details that |
|
|
|
would be needed along the way. |
|
|
|
|
|
|
|
## Internal Design |
|
|
|
|
|
|
|
One option would be to write a custom zk-SNARK "circuit" to support signing via a zaddr. This would |
|
|
|
be a large amount of work and was dismissed, reasonably, as not viable by Zcash developers. |
|
|
|
|
|
|
|
|
|
|
|
# References |
|
|
|
|
|
|
|