diff --git a/whitepaper/protocol.pdf b/whitepaper/protocol.pdf index 9041865..bef33ac 100644 Binary files a/whitepaper/protocol.pdf and b/whitepaper/protocol.pdf differ diff --git a/whitepaper/protocol.tex b/whitepaper/protocol.tex index b9046f0..99e1fd0 100644 --- a/whitepaper/protocol.tex +++ b/whitepaper/protocol.tex @@ -419,209 +419,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg \newcommand{\rightarrowR}{\buildrel{\scriptstyle\mathrm{R}}\over\rightarrow} \newcommand{\leftarrowR}{\buildrel{\scriptstyle\mathrm{R}}\over\leftarrow} -% key pairs: -\newcommand{\PaymentAddress}{\mathsf{addr_{pk}}} -\newcommand{\PaymentAddressLeadByte}{\hexint{16}} -\newcommand{\PaymentAddressSecondByte}{\hexint{9A}} -\newcommand{\SpendingKeyLeadByte}{\hexint{AB}} -\newcommand{\SpendingKeySecondByte}{\hexint{36}} -\newcommand{\PtoSHAddressLeadByte}{\hexint{1C}} -\newcommand{\PtoSHAddressSecondByte}{\hexint{BD}} -\newcommand{\PtoPKHAddressLeadByte}{\hexint{1C}} -\newcommand{\PtoPKHAddressSecondByte}{\hexint{B8}} -\newcommand{\PaymentAddressTestnetLeadByte}{\hexint{16}} -\newcommand{\PaymentAddressTestnetSecondByte}{\hexint{B6}} -\newcommand{\SpendingKeyTestnetLeadByte}{\hexint{AC}} -\newcommand{\SpendingKeyTestnetSecondByte}{\hexint{08}} -\newcommand{\PtoSHAddressTestnetLeadByte}{\hexint{1C}} -\newcommand{\PtoSHAddressTestnetSecondByte}{\hexint{BA}} -\newcommand{\PtoPKHAddressTestnetLeadByte}{\hexint{1D}} -\newcommand{\PtoPKHAddressTestnetSecondByte}{\hexint{25}} -\newcommand{\NotePlaintextLeadByte}{\hexint{00}} -\newcommand{\AuthPublic}{\mathsf{a_{pk}}} -\newcommand{\AuthPrivate}{\mathsf{a_{sk}}} -\newcommand{\AuthPublicX}[1]{\mathsf{a^\mathrm{#1}_{pk}}} -\newcommand{\AuthPrivateX}[1]{\mathsf{a^\mathrm{#1}_{sk}}} -\newcommand{\AuthPrivateLength}{\mathsf{\ell_{\AuthPrivate}}} -\newcommand{\AuthPublicOld}[1]{\mathsf{a^{old}_{pk,\mathnormal{#1}}}} -\newcommand{\AuthPrivateOld}[1]{\mathsf{a^{old}_{sk,\mathnormal{#1}}}} -\newcommand{\AuthEmphPublicOld}[1]{\mathsf{a^{old}_{\textsf{\textbf{pk}},\mathnormal{#1}}}} -\newcommand{\AuthPublicOldX}[1]{\mathsf{a^{old}_{pk,\mathrm{#1}}}} -\newcommand{\AuthPrivateOldX}[1]{\mathsf{a^{old}_{sk,\mathrm{#1}}}} -\newcommand{\AuthPublicNew}[1]{\mathsf{a^{new}_{pk,\mathnormal{#1}}}} -\newcommand{\AuthPrivateNew}[1]{\mathsf{a^{new}_{sk,\mathnormal{#1}}}} -\newcommand{\AddressPublicNew}[1]{\mathsf{addr^{new}_{pk,\mathnormal{#1}}}} -\newcommand{\enc}{\mathsf{enc}} -\newcommand{\DHSecret}[1]{\mathsf{sharedSecret}_{#1}} -\newcommand{\EphemeralPublic}{\mathsf{epk}} -\newcommand{\EphemeralPrivate}{\mathsf{esk}} -\newcommand{\TransmitPublic}{\mathsf{pk_{enc}}} -\newcommand{\TransmitPublicSup}[1]{\mathsf{pk}^{#1}_\mathsf{enc}} -\newcommand{\TransmitPublicNew}[1]{\mathsf{pk^{new}_{\enc,\mathnormal{#1}}}} -\newcommand{\TransmitPrivate}{\mathsf{sk_{enc}}} -\newcommand{\TransmitPrivateSup}[1]{\mathsf{sk}^{#1}_\mathsf{enc}} - -% Money supply -\newcommand{\MAXMONEY}{\mathsf{MAX\_MONEY}} -\newcommand{\BlockSubsidy}{\mathsf{BlockSubsidy}} -\newcommand{\MinerSubsidy}{\mathsf{MinerSubsidy}} -\newcommand{\FoundersReward}{\mathsf{FoundersReward}} -\newcommand{\SlowStartInterval}{\mathsf{SlowStartInterval}} -\newcommand{\SlowStartShift}{\mathsf{SlowStartShift}} -\newcommand{\SlowStartRate}{\mathsf{SlowStartRate}} -\newcommand{\HalvingInterval}{\mathsf{HalvingInterval}} -\newcommand{\MaxBlockSubsidy}{\mathsf{MaxBlockSubsidy}} -\newcommand{\NumFounderAddresses}{\mathsf{NumFounderAddresses}} -\newcommand{\FounderAddressChangeInterval}{\mathsf{FounderAddressChangeInterval}} -\newcommand{\FoundersFraction}{\mathsf{FoundersFraction}} -\newcommand{\BlockHeight}{\mathsf{height}} -\newcommand{\Halving}{\mathsf{Halving}} -\newcommand{\FounderAddress}{\mathsf{FounderAddress}} -\newcommand{\FounderAddressList}{\mathsf{FounderAddressList}} -\newcommand{\FounderAddressIndex}{\mathsf{FounderAddressIndex}} -\newcommand{\RedeemScriptHash}{\mathsf{RedeemScriptHash}} - -\newcommand{\blockSubsidy}{\term{block subsidy}} -\newcommand{\minerSubsidy}{\term{miner subsidy}} -\newcommand{\foundersReward}{\term{Founders' Reward}} -\newcommand{\slowStartPeriod}{\term{slow-start period}} -\newcommand{\halvingInterval}{\term{halving interval}} - -\newcommand{\PoWLimit}{\mathsf{PoWLimit}} -\newcommand{\PoWAveragingWindow}{\mathsf{PoWAveragingWindow}} -\newcommand{\PoWMedianBlockSpan}{\mathsf{PoWMedianBlockSpan}} -\newcommand{\PoWMaxAdjustDown}{\mathsf{PoWMaxAdjustDown}} -\newcommand{\PoWMaxAdjustUp}{\mathsf{PoWMaxAdjustUp}} -\newcommand{\PoWDampingFactor}{\mathsf{PoWDampingFactor}} -\newcommand{\PoWTargetSpacing}{\mathsf{PoWTargetSpacing}} -\newcommand{\MeanTarget}{\mathsf{MeanTarget}} -\newcommand{\MedianTime}{\mathsf{MedianTime}} -\newcommand{\AveragingWindowTimespan}{\mathsf{AveragingWindowTimespan}} -\newcommand{\MinActualTimespan}{\mathsf{MinActualTimespan}} -\newcommand{\MaxActualTimespan}{\mathsf{MaxActualTimespan}} -\newcommand{\ActualTimespan}{\mathsf{ActualTimespan}} -\newcommand{\ActualTimespanDamped}{\mathsf{ActualTimespanDamped}} -\newcommand{\ActualTimespanClamped}{\mathsf{ActualTimespanClamped}} -\newcommand{\Threshold}{\mathsf{Threshold}} -\newcommand{\ThresholdBits}{\mathsf{ThresholdBits}} - -\newcommand{\targetThreshold}{\term{target threshold}} -\newcommand{\targetThresholds}{\term{target thresholds}} - -% Signatures -\newcommand{\Sig}{\mathsf{Sig}} -\newcommand{\SigPublic}{\mathsf{Sig.Public}} -\newcommand{\SigPrivate}{\mathsf{Sig.Private}} -\newcommand{\SigMessage}{\mathsf{Sig.Message}} -\newcommand{\SigSignature}{\mathsf{Sig.Signature}} -\newcommand{\SigGen}{\mathsf{Sig.Gen}} -\newcommand{\SigSign}[1]{\mathsf{Sig.Sign}_{#1}} -\newcommand{\SigVerify}[1]{\mathsf{Sig.Verify}_{#1}} -\newcommand{\JoinSplitSig}{\mathsf{JoinSplitSig}} -\newcommand{\JoinSplitSigPublic}{\mathsf{JoinSplitSig.Public}} -\newcommand{\JoinSplitSigPrivate}{\mathsf{JoinSplitSig.Private}} -\newcommand{\JoinSplitSigMessage}{\mathsf{JoinSplitSig.Message}} -\newcommand{\JoinSplitSigSignature}{\mathsf{JoinSplitSig.Signature}} -\newcommand{\JoinSplitSigGen}{\mathsf{JoinSplitSig.Gen}} -\newcommand{\JoinSplitSigSign}[1]{\mathsf{JoinSplitSig.Sign}_{#1}} -\newcommand{\JoinSplitSigVerify}[1]{\mathsf{JoinSplitSig.Verify}_{#1}} -\newcommand{\JoinSplitSigSpecific}{\mathsf{Ed25519}} -\newcommand{\JoinSplitSigHashName}{\mathsf{SHA\mhyphen512}} -\newcommand{\EdDSAr}{R} -\newcommand{\EdDSAs}{S} -\newcommand{\EdDSAR}{\bytes{R}} -\newcommand{\EdDSAS}{\bytes{S}} -\newcommand{\RandomSeedLength}{\mathsf{\ell_{Seed}}} -\newcommand{\RandomSeedType}{\bitseq{\mathsf{\ell_{Seed}}}} -\newcommand{\pksig}{\mathsf{pk_{sig}}} -\newcommand{\sk}{\mathsf{sk}} -\newcommand{\hSigInput}{\mathsf{hSigInput}} -\newcommand{\dataToBeSigned}{\mathsf{dataToBeSigned}} - -% Merkle tree -\newcommand{\MerkleDepth}{\mathsf{d_{Merkle}}} -\newcommand{\MerkleNode}[2]{\mathsf{M}^{#1}_{#2}} -\newcommand{\MerkleSibling}{\mathsf{sibling}} -\newcommand{\MerkleCRH}{\mathsf{MerkleCRH}} -\newcommand{\MerkleHashLength}{\mathsf{\ell_{Merkle}}} -\newcommand{\MerkleHash}{\bitseq{\MerkleHashLength}} - -\newcommand{\SHAd}{\term{SHA-256d}} - -% Proving system -\newcommand{\ZK}{\mathsf{ZK}} -\newcommand{\ZKProvingKey}{\mathsf{ZK.ProvingKey}} -\newcommand{\ZKVerifyingKey}{\mathsf{ZK.VerifyingKey}} -\newcommand{\pk}{\mathsf{pk}} -\newcommand{\vk}{\mathsf{vk}} -\newcommand{\ZKGen}{\mathsf{ZK.Gen}} -\newcommand{\ZKProof}{\mathsf{ZK.Proof}} -\newcommand{\ZKPrimary}{\mathsf{ZK.PrimaryInput}} -\newcommand{\ZKAuxiliary}{\mathsf{ZK.AuxiliaryInput}} -\newcommand{\ZKSatisfying}{\mathsf{ZK.SatisfyingInputs}} -\newcommand{\ZKProve}[1]{\mathsf{ZK.}\mathtt{Prove}_{#1}} -\newcommand{\ZKVerify}[1]{\mathsf{ZK.}\mathtt{Verify}_{#1}} -\newcommand{\Simulator}{\mathcal{S}} -\newcommand{\Distinguisher}{\mathcal{D}} \newcommand{\JoinSplit}{\text{\footnotesize\texttt{JoinSplit}}} -\newcommand{\ZKJoinSplit}{\mathsf{ZK}_{\JoinSplit}} -\newcommand{\ZKJoinSplitVerify}{\ZKJoinSplit\mathsf{.Verify}} -\newcommand{\ZKJoinSplitProve}{\ZKJoinSplit\mathsf{.Prove}} -\newcommand{\ZKJoinSplitProof}{\ZKJoinSplit\mathsf{.Proof}} -\newcommand{\Proof}{\pi} -\newcommand{\JoinSplitProof}{\Proof_{\JoinSplit}} -\newcommand{\zkproof}{\mathtt{zkproof}} -\newcommand{\POUR}{\texttt{POUR}} -\newcommand{\Prob}[2]{\mathrm{Pr}\scalebox{0.88}{\ensuremath{ - \left[\!\!\begin{array}{c}#1\end{array} \middle| \begin{array}{l}#2\end{array}\!\!\right] -}}} - -% JoinSplit -\newcommand{\hSig}{\mathsf{h_{Sig}}} -\newcommand{\hSigText}{\texorpdfstring{$\hSig$}{hSig}} -\newcommand{\h}[1]{\mathsf{h_{\mathnormal{#1}}}} -\newcommand{\NOld}{\mathrm{N}^\mathsf{old}} -\newcommand{\NNew}{\mathrm{N}^\mathsf{new}} -\newcommand{\allN}[1]{\mathrm{1}..\mathrm{N}^\mathsf{#1}} -\newcommand{\allOld}{\allN{old}} -\newcommand{\allNew}{\allN{new}} -\newcommand{\setofOld}{\setof{\allOld}} -\newcommand{\setofNew}{\setof{\allNew}} -\newcommand{\vmacs}{\mathtt{vmacs}} -\newcommand{\GroupG}[1]{\mathbb{G}_{#1}} -\newcommand{\GroupGstar}[1]{\mathbb{G}^\ast_{#1}} -\newcommand{\PointP}[1]{\mathcal{P}_{#1}} -\newcommand{\xP}{{x_{\hspace{-0.12em}P}}} -\newcommand{\yP}{{y_{\hspace{-0.03em}P}}} -\newcommand{\AtInfinity}[1]{\mathcal{O}_{#1}} -\newcommand{\GF}[1]{\mathbb{F}_{#1}} -\newcommand{\GFstar}[1]{\mathbb{F}^\ast_{#1}} -\newcommand{\ECtoOSP}{\mathsf{EC2OSP}} -\newcommand{\ECtoOSPXL}{\mathsf{EC2OSP\mhyphen{}XL}} -\newcommand{\ECtoOSPXS}{\mathsf{EC2OSP\mhyphen{}XS}} -\newcommand{\ItoOSP}[1]{\mathsf{I2OSP}_{#1}} -\newcommand{\ItoBSP}[1]{\mathsf{I2BSP}_{#1}} -\newcommand{\FEtoIP}{\mathsf{FE2IP}} -\newcommand{\BNImpl}{\mathtt{ALT\_BN128}} -\newcommand{\vpubOld}{\mathsf{v_{pub}^{old}}} -\newcommand{\vpubNew}{\mathsf{v_{pub}^{new}}} -\newcommand{\nOld}[1]{\NoteTuple{#1}^\mathsf{old}} -\newcommand{\nNew}[1]{\NoteTuple{#1}^\mathsf{new}} -\newcommand{\vOld}[1]{\mathsf{v}_{#1}^\mathsf{old}} -\newcommand{\vNew}[1]{\mathsf{v}_{#1}^\mathsf{new}} -\newcommand{\RandomSeed}{\mathsf{randomSeed}} -\newcommand{\rt}{\mathsf{rt}} -\newcommand{\treepath}[1]{\mathsf{path}_{#1}} -\newcommand{\Receive}{\mathsf{Receive}} -\newcommand{\EnforceMerklePath}[1]{\mathsf{enforceMerklePath}_{~\!\!#1}} - - -\newcommand{\consensusrule}[1]{\needspace{3ex}\subparagraph{Consensus rule:}{#1}} -\newenvironment{consensusrules}{\introlist\subparagraph{Consensus rules:}\begin{itemize}}{\end{itemize}} -\newcommand{\securityrequirement}[1]{\needspace{3ex}\subparagraph{Security requirement:}{#1}} -\newenvironment{securityrequirements}{\introlist\subparagraph{Security requirements:}\begin{itemize}}{\end{itemize}} -\newcommand{\pnote}[1]{\subparagraph{Note:}{#1}} -\newenvironment{pnotes}{\introlist\subparagraph{Notes:}\begin{itemize}}{\end{itemize}} \newcommand{\affiliation}{\hairspace$^\dagger$\;} \newcommand{\affiliationDuke}{\hairspace$^\ddagger$\;} @@ -992,7 +790,7 @@ https://explorer.myhush.org/tx/30a38c7ba0929efb7cd54d3b724d9eb1d9cb03f35381a94d8 One may note that the zaddr associated with this transaction does not appear anywhere in the explorer, because shielded addresses never show up directly in the public blockchain. Network transaction analysis is not possible on zaddrs. The explorer only -shows that a JoinSplit occured and that change was given to a taddr. +shows that a \JoinSplit occured and that change was given to a taddr. Nevertheless, the follow text is forever embedded in the 512 byte memo field of the above transaction: