|
|
@ -419,209 +419,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg |
|
|
|
\newcommand{\rightarrowR}{\buildrel{\scriptstyle\mathrm{R}}\over\rightarrow} |
|
|
|
\newcommand{\leftarrowR}{\buildrel{\scriptstyle\mathrm{R}}\over\leftarrow} |
|
|
|
|
|
|
|
% key pairs: |
|
|
|
\newcommand{\PaymentAddress}{\mathsf{addr_{pk}}} |
|
|
|
\newcommand{\PaymentAddressLeadByte}{\hexint{16}} |
|
|
|
\newcommand{\PaymentAddressSecondByte}{\hexint{9A}} |
|
|
|
\newcommand{\SpendingKeyLeadByte}{\hexint{AB}} |
|
|
|
\newcommand{\SpendingKeySecondByte}{\hexint{36}} |
|
|
|
\newcommand{\PtoSHAddressLeadByte}{\hexint{1C}} |
|
|
|
\newcommand{\PtoSHAddressSecondByte}{\hexint{BD}} |
|
|
|
\newcommand{\PtoPKHAddressLeadByte}{\hexint{1C}} |
|
|
|
\newcommand{\PtoPKHAddressSecondByte}{\hexint{B8}} |
|
|
|
\newcommand{\PaymentAddressTestnetLeadByte}{\hexint{16}} |
|
|
|
\newcommand{\PaymentAddressTestnetSecondByte}{\hexint{B6}} |
|
|
|
\newcommand{\SpendingKeyTestnetLeadByte}{\hexint{AC}} |
|
|
|
\newcommand{\SpendingKeyTestnetSecondByte}{\hexint{08}} |
|
|
|
\newcommand{\PtoSHAddressTestnetLeadByte}{\hexint{1C}} |
|
|
|
\newcommand{\PtoSHAddressTestnetSecondByte}{\hexint{BA}} |
|
|
|
\newcommand{\PtoPKHAddressTestnetLeadByte}{\hexint{1D}} |
|
|
|
\newcommand{\PtoPKHAddressTestnetSecondByte}{\hexint{25}} |
|
|
|
\newcommand{\NotePlaintextLeadByte}{\hexint{00}} |
|
|
|
\newcommand{\AuthPublic}{\mathsf{a_{pk}}} |
|
|
|
\newcommand{\AuthPrivate}{\mathsf{a_{sk}}} |
|
|
|
\newcommand{\AuthPublicX}[1]{\mathsf{a^\mathrm{#1}_{pk}}} |
|
|
|
\newcommand{\AuthPrivateX}[1]{\mathsf{a^\mathrm{#1}_{sk}}} |
|
|
|
\newcommand{\AuthPrivateLength}{\mathsf{\ell_{\AuthPrivate}}} |
|
|
|
\newcommand{\AuthPublicOld}[1]{\mathsf{a^{old}_{pk,\mathnormal{#1}}}} |
|
|
|
\newcommand{\AuthPrivateOld}[1]{\mathsf{a^{old}_{sk,\mathnormal{#1}}}} |
|
|
|
\newcommand{\AuthEmphPublicOld}[1]{\mathsf{a^{old}_{\textsf{\textbf{pk}},\mathnormal{#1}}}} |
|
|
|
\newcommand{\AuthPublicOldX}[1]{\mathsf{a^{old}_{pk,\mathrm{#1}}}} |
|
|
|
\newcommand{\AuthPrivateOldX}[1]{\mathsf{a^{old}_{sk,\mathrm{#1}}}} |
|
|
|
\newcommand{\AuthPublicNew}[1]{\mathsf{a^{new}_{pk,\mathnormal{#1}}}} |
|
|
|
\newcommand{\AuthPrivateNew}[1]{\mathsf{a^{new}_{sk,\mathnormal{#1}}}} |
|
|
|
\newcommand{\AddressPublicNew}[1]{\mathsf{addr^{new}_{pk,\mathnormal{#1}}}} |
|
|
|
\newcommand{\enc}{\mathsf{enc}} |
|
|
|
\newcommand{\DHSecret}[1]{\mathsf{sharedSecret}_{#1}} |
|
|
|
\newcommand{\EphemeralPublic}{\mathsf{epk}} |
|
|
|
\newcommand{\EphemeralPrivate}{\mathsf{esk}} |
|
|
|
\newcommand{\TransmitPublic}{\mathsf{pk_{enc}}} |
|
|
|
\newcommand{\TransmitPublicSup}[1]{\mathsf{pk}^{#1}_\mathsf{enc}} |
|
|
|
\newcommand{\TransmitPublicNew}[1]{\mathsf{pk^{new}_{\enc,\mathnormal{#1}}}} |
|
|
|
\newcommand{\TransmitPrivate}{\mathsf{sk_{enc}}} |
|
|
|
\newcommand{\TransmitPrivateSup}[1]{\mathsf{sk}^{#1}_\mathsf{enc}} |
|
|
|
|
|
|
|
% Money supply |
|
|
|
\newcommand{\MAXMONEY}{\mathsf{MAX\_MONEY}} |
|
|
|
\newcommand{\BlockSubsidy}{\mathsf{BlockSubsidy}} |
|
|
|
\newcommand{\MinerSubsidy}{\mathsf{MinerSubsidy}} |
|
|
|
\newcommand{\FoundersReward}{\mathsf{FoundersReward}} |
|
|
|
\newcommand{\SlowStartInterval}{\mathsf{SlowStartInterval}} |
|
|
|
\newcommand{\SlowStartShift}{\mathsf{SlowStartShift}} |
|
|
|
\newcommand{\SlowStartRate}{\mathsf{SlowStartRate}} |
|
|
|
\newcommand{\HalvingInterval}{\mathsf{HalvingInterval}} |
|
|
|
\newcommand{\MaxBlockSubsidy}{\mathsf{MaxBlockSubsidy}} |
|
|
|
\newcommand{\NumFounderAddresses}{\mathsf{NumFounderAddresses}} |
|
|
|
\newcommand{\FounderAddressChangeInterval}{\mathsf{FounderAddressChangeInterval}} |
|
|
|
\newcommand{\FoundersFraction}{\mathsf{FoundersFraction}} |
|
|
|
\newcommand{\BlockHeight}{\mathsf{height}} |
|
|
|
\newcommand{\Halving}{\mathsf{Halving}} |
|
|
|
\newcommand{\FounderAddress}{\mathsf{FounderAddress}} |
|
|
|
\newcommand{\FounderAddressList}{\mathsf{FounderAddressList}} |
|
|
|
\newcommand{\FounderAddressIndex}{\mathsf{FounderAddressIndex}} |
|
|
|
\newcommand{\RedeemScriptHash}{\mathsf{RedeemScriptHash}} |
|
|
|
|
|
|
|
\newcommand{\blockSubsidy}{\term{block subsidy}} |
|
|
|
\newcommand{\minerSubsidy}{\term{miner subsidy}} |
|
|
|
\newcommand{\foundersReward}{\term{Founders' Reward}} |
|
|
|
\newcommand{\slowStartPeriod}{\term{slow-start period}} |
|
|
|
\newcommand{\halvingInterval}{\term{halving interval}} |
|
|
|
|
|
|
|
\newcommand{\PoWLimit}{\mathsf{PoWLimit}} |
|
|
|
\newcommand{\PoWAveragingWindow}{\mathsf{PoWAveragingWindow}} |
|
|
|
\newcommand{\PoWMedianBlockSpan}{\mathsf{PoWMedianBlockSpan}} |
|
|
|
\newcommand{\PoWMaxAdjustDown}{\mathsf{PoWMaxAdjustDown}} |
|
|
|
\newcommand{\PoWMaxAdjustUp}{\mathsf{PoWMaxAdjustUp}} |
|
|
|
\newcommand{\PoWDampingFactor}{\mathsf{PoWDampingFactor}} |
|
|
|
\newcommand{\PoWTargetSpacing}{\mathsf{PoWTargetSpacing}} |
|
|
|
\newcommand{\MeanTarget}{\mathsf{MeanTarget}} |
|
|
|
\newcommand{\MedianTime}{\mathsf{MedianTime}} |
|
|
|
\newcommand{\AveragingWindowTimespan}{\mathsf{AveragingWindowTimespan}} |
|
|
|
\newcommand{\MinActualTimespan}{\mathsf{MinActualTimespan}} |
|
|
|
\newcommand{\MaxActualTimespan}{\mathsf{MaxActualTimespan}} |
|
|
|
\newcommand{\ActualTimespan}{\mathsf{ActualTimespan}} |
|
|
|
\newcommand{\ActualTimespanDamped}{\mathsf{ActualTimespanDamped}} |
|
|
|
\newcommand{\ActualTimespanClamped}{\mathsf{ActualTimespanClamped}} |
|
|
|
\newcommand{\Threshold}{\mathsf{Threshold}} |
|
|
|
\newcommand{\ThresholdBits}{\mathsf{ThresholdBits}} |
|
|
|
|
|
|
|
\newcommand{\targetThreshold}{\term{target threshold}} |
|
|
|
\newcommand{\targetThresholds}{\term{target thresholds}} |
|
|
|
|
|
|
|
% Signatures |
|
|
|
\newcommand{\Sig}{\mathsf{Sig}} |
|
|
|
\newcommand{\SigPublic}{\mathsf{Sig.Public}} |
|
|
|
\newcommand{\SigPrivate}{\mathsf{Sig.Private}} |
|
|
|
\newcommand{\SigMessage}{\mathsf{Sig.Message}} |
|
|
|
\newcommand{\SigSignature}{\mathsf{Sig.Signature}} |
|
|
|
\newcommand{\SigGen}{\mathsf{Sig.Gen}} |
|
|
|
\newcommand{\SigSign}[1]{\mathsf{Sig.Sign}_{#1}} |
|
|
|
\newcommand{\SigVerify}[1]{\mathsf{Sig.Verify}_{#1}} |
|
|
|
\newcommand{\JoinSplitSig}{\mathsf{JoinSplitSig}} |
|
|
|
\newcommand{\JoinSplitSigPublic}{\mathsf{JoinSplitSig.Public}} |
|
|
|
\newcommand{\JoinSplitSigPrivate}{\mathsf{JoinSplitSig.Private}} |
|
|
|
\newcommand{\JoinSplitSigMessage}{\mathsf{JoinSplitSig.Message}} |
|
|
|
\newcommand{\JoinSplitSigSignature}{\mathsf{JoinSplitSig.Signature}} |
|
|
|
\newcommand{\JoinSplitSigGen}{\mathsf{JoinSplitSig.Gen}} |
|
|
|
\newcommand{\JoinSplitSigSign}[1]{\mathsf{JoinSplitSig.Sign}_{#1}} |
|
|
|
\newcommand{\JoinSplitSigVerify}[1]{\mathsf{JoinSplitSig.Verify}_{#1}} |
|
|
|
\newcommand{\JoinSplitSigSpecific}{\mathsf{Ed25519}} |
|
|
|
\newcommand{\JoinSplitSigHashName}{\mathsf{SHA\mhyphen512}} |
|
|
|
\newcommand{\EdDSAr}{R} |
|
|
|
\newcommand{\EdDSAs}{S} |
|
|
|
\newcommand{\EdDSAR}{\bytes{R}} |
|
|
|
\newcommand{\EdDSAS}{\bytes{S}} |
|
|
|
\newcommand{\RandomSeedLength}{\mathsf{\ell_{Seed}}} |
|
|
|
\newcommand{\RandomSeedType}{\bitseq{\mathsf{\ell_{Seed}}}} |
|
|
|
\newcommand{\pksig}{\mathsf{pk_{sig}}} |
|
|
|
\newcommand{\sk}{\mathsf{sk}} |
|
|
|
\newcommand{\hSigInput}{\mathsf{hSigInput}} |
|
|
|
\newcommand{\dataToBeSigned}{\mathsf{dataToBeSigned}} |
|
|
|
|
|
|
|
% Merkle tree |
|
|
|
\newcommand{\MerkleDepth}{\mathsf{d_{Merkle}}} |
|
|
|
\newcommand{\MerkleNode}[2]{\mathsf{M}^{#1}_{#2}} |
|
|
|
\newcommand{\MerkleSibling}{\mathsf{sibling}} |
|
|
|
\newcommand{\MerkleCRH}{\mathsf{MerkleCRH}} |
|
|
|
\newcommand{\MerkleHashLength}{\mathsf{\ell_{Merkle}}} |
|
|
|
\newcommand{\MerkleHash}{\bitseq{\MerkleHashLength}} |
|
|
|
|
|
|
|
\newcommand{\SHAd}{\term{SHA-256d}} |
|
|
|
|
|
|
|
% Proving system |
|
|
|
\newcommand{\ZK}{\mathsf{ZK}} |
|
|
|
\newcommand{\ZKProvingKey}{\mathsf{ZK.ProvingKey}} |
|
|
|
\newcommand{\ZKVerifyingKey}{\mathsf{ZK.VerifyingKey}} |
|
|
|
\newcommand{\pk}{\mathsf{pk}} |
|
|
|
\newcommand{\vk}{\mathsf{vk}} |
|
|
|
\newcommand{\ZKGen}{\mathsf{ZK.Gen}} |
|
|
|
\newcommand{\ZKProof}{\mathsf{ZK.Proof}} |
|
|
|
\newcommand{\ZKPrimary}{\mathsf{ZK.PrimaryInput}} |
|
|
|
\newcommand{\ZKAuxiliary}{\mathsf{ZK.AuxiliaryInput}} |
|
|
|
\newcommand{\ZKSatisfying}{\mathsf{ZK.SatisfyingInputs}} |
|
|
|
\newcommand{\ZKProve}[1]{\mathsf{ZK.}\mathtt{Prove}_{#1}} |
|
|
|
\newcommand{\ZKVerify}[1]{\mathsf{ZK.}\mathtt{Verify}_{#1}} |
|
|
|
\newcommand{\Simulator}{\mathcal{S}} |
|
|
|
\newcommand{\Distinguisher}{\mathcal{D}} |
|
|
|
\newcommand{\JoinSplit}{\text{\footnotesize\texttt{JoinSplit}}} |
|
|
|
\newcommand{\ZKJoinSplit}{\mathsf{ZK}_{\JoinSplit}} |
|
|
|
\newcommand{\ZKJoinSplitVerify}{\ZKJoinSplit\mathsf{.Verify}} |
|
|
|
\newcommand{\ZKJoinSplitProve}{\ZKJoinSplit\mathsf{.Prove}} |
|
|
|
\newcommand{\ZKJoinSplitProof}{\ZKJoinSplit\mathsf{.Proof}} |
|
|
|
\newcommand{\Proof}{\pi} |
|
|
|
\newcommand{\JoinSplitProof}{\Proof_{\JoinSplit}} |
|
|
|
\newcommand{\zkproof}{\mathtt{zkproof}} |
|
|
|
\newcommand{\POUR}{\texttt{POUR}} |
|
|
|
\newcommand{\Prob}[2]{\mathrm{Pr}\scalebox{0.88}{\ensuremath{ |
|
|
|
\left[\!\!\begin{array}{c}#1\end{array} \middle| \begin{array}{l}#2\end{array}\!\!\right] |
|
|
|
}}} |
|
|
|
|
|
|
|
% JoinSplit |
|
|
|
\newcommand{\hSig}{\mathsf{h_{Sig}}} |
|
|
|
\newcommand{\hSigText}{\texorpdfstring{$\hSig$}{hSig}} |
|
|
|
\newcommand{\h}[1]{\mathsf{h_{\mathnormal{#1}}}} |
|
|
|
\newcommand{\NOld}{\mathrm{N}^\mathsf{old}} |
|
|
|
\newcommand{\NNew}{\mathrm{N}^\mathsf{new}} |
|
|
|
\newcommand{\allN}[1]{\mathrm{1}..\mathrm{N}^\mathsf{#1}} |
|
|
|
\newcommand{\allOld}{\allN{old}} |
|
|
|
\newcommand{\allNew}{\allN{new}} |
|
|
|
\newcommand{\setofOld}{\setof{\allOld}} |
|
|
|
\newcommand{\setofNew}{\setof{\allNew}} |
|
|
|
\newcommand{\vmacs}{\mathtt{vmacs}} |
|
|
|
\newcommand{\GroupG}[1]{\mathbb{G}_{#1}} |
|
|
|
\newcommand{\GroupGstar}[1]{\mathbb{G}^\ast_{#1}} |
|
|
|
\newcommand{\PointP}[1]{\mathcal{P}_{#1}} |
|
|
|
\newcommand{\xP}{{x_{\hspace{-0.12em}P}}} |
|
|
|
\newcommand{\yP}{{y_{\hspace{-0.03em}P}}} |
|
|
|
\newcommand{\AtInfinity}[1]{\mathcal{O}_{#1}} |
|
|
|
\newcommand{\GF}[1]{\mathbb{F}_{#1}} |
|
|
|
\newcommand{\GFstar}[1]{\mathbb{F}^\ast_{#1}} |
|
|
|
\newcommand{\ECtoOSP}{\mathsf{EC2OSP}} |
|
|
|
\newcommand{\ECtoOSPXL}{\mathsf{EC2OSP\mhyphen{}XL}} |
|
|
|
\newcommand{\ECtoOSPXS}{\mathsf{EC2OSP\mhyphen{}XS}} |
|
|
|
\newcommand{\ItoOSP}[1]{\mathsf{I2OSP}_{#1}} |
|
|
|
\newcommand{\ItoBSP}[1]{\mathsf{I2BSP}_{#1}} |
|
|
|
\newcommand{\FEtoIP}{\mathsf{FE2IP}} |
|
|
|
\newcommand{\BNImpl}{\mathtt{ALT\_BN128}} |
|
|
|
\newcommand{\vpubOld}{\mathsf{v_{pub}^{old}}} |
|
|
|
\newcommand{\vpubNew}{\mathsf{v_{pub}^{new}}} |
|
|
|
\newcommand{\nOld}[1]{\NoteTuple{#1}^\mathsf{old}} |
|
|
|
\newcommand{\nNew}[1]{\NoteTuple{#1}^\mathsf{new}} |
|
|
|
\newcommand{\vOld}[1]{\mathsf{v}_{#1}^\mathsf{old}} |
|
|
|
\newcommand{\vNew}[1]{\mathsf{v}_{#1}^\mathsf{new}} |
|
|
|
\newcommand{\RandomSeed}{\mathsf{randomSeed}} |
|
|
|
\newcommand{\rt}{\mathsf{rt}} |
|
|
|
\newcommand{\treepath}[1]{\mathsf{path}_{#1}} |
|
|
|
\newcommand{\Receive}{\mathsf{Receive}} |
|
|
|
\newcommand{\EnforceMerklePath}[1]{\mathsf{enforceMerklePath}_{~\!\!#1}} |
|
|
|
|
|
|
|
|
|
|
|
\newcommand{\consensusrule}[1]{\needspace{3ex}\subparagraph{Consensus rule:}{#1}} |
|
|
|
\newenvironment{consensusrules}{\introlist\subparagraph{Consensus rules:}\begin{itemize}}{\end{itemize}} |
|
|
|
\newcommand{\securityrequirement}[1]{\needspace{3ex}\subparagraph{Security requirement:}{#1}} |
|
|
|
\newenvironment{securityrequirements}{\introlist\subparagraph{Security requirements:}\begin{itemize}}{\end{itemize}} |
|
|
|
\newcommand{\pnote}[1]{\subparagraph{Note:}{#1}} |
|
|
|
\newenvironment{pnotes}{\introlist\subparagraph{Notes:}\begin{itemize}}{\end{itemize}} |
|
|
|
|
|
|
|
\newcommand{\affiliation}{\hairspace$^\dagger$\;} |
|
|
|
\newcommand{\affiliationDuke}{\hairspace$^\ddagger$\;} |
|
|
@ -992,7 +790,7 @@ https://explorer.myhush.org/tx/30a38c7ba0929efb7cd54d3b724d9eb1d9cb03f35381a94d8 |
|
|
|
One may note that the zaddr associated with this transaction does not appear anywhere in the explorer, because |
|
|
|
shielded addresses never show up directly in the public blockchain. Network transaction |
|
|
|
analysis is not possible on zaddrs. The explorer only |
|
|
|
shows that a JoinSplit occured and that change was given to a taddr. |
|
|
|
shows that a \JoinSplit occured and that change was given to a taddr. |
|
|
|
|
|
|
|
Nevertheless, the follow text is forever embedded in the 512 byte memo field of the above |
|
|
|
transaction: |
|
|
|