diff --git a/whitepaper/v3/Makefile b/whitepaper/v3/Makefile new file mode 100644 index 0000000..3c05a9e --- /dev/null +++ b/whitepaper/v3/Makefile @@ -0,0 +1,18 @@ +hush-v3.pdf: hush-v3.tex hush.bib + $(MAKE) pdf + +LATEX=pdflatex + +.PHONY: pdf +pdf: + printf '\\renewcommand{\\docversion}{Version %s}' "$$(git describe --tags --abbrev=6)" |tee hush-v3.ver + # If $(LATEX) fails, touch an input so that 'make' won't think it is up-to-date next time. + rm -f hush-v3.aux hush-v3.bbl hush-v3.blg hush-v3.brf hush-v3.bcf + $(LATEX) hush-v3.tex + biber hush-v3 + $(LATEX) hush-v3.tex + $(LATEX) hush-v3.tex + $(LATEX) hush-v3.tex +.PHONY: clean +clean: + rm -f hush-v3.dvi hush-v3.pdf hush-v3.bbl hush-v3.blg hush-v3.brf hush-v3.toc hush-v3.aux hush-v3.out hush-v3.log hush-v3.bcf hush-v3.run.xml hush-v3.ver diff --git a/whitepaper/v3/README.md b/whitepaper/v3/README.md new file mode 100644 index 0000000..6d5bcf3 --- /dev/null +++ b/whitepaper/v3/README.md @@ -0,0 +1,9 @@ + # Hush V3 WhitePaper + +Build dependencies on Debian-based systems include, at least: + + apt-get install texlive texlive-science texlive-fonts-extra texlive-generic-recommended biber + +# Building the WhitePaper + + make diff --git a/whitepaper/v3/hush-v3.tex b/whitepaper/v3/hush-v3.tex new file mode 100644 index 0000000..ff79561 --- /dev/null +++ b/whitepaper/v3/hush-v3.tex @@ -0,0 +1,485 @@ +\documentclass{article} +\RequirePackage{amsmath} +\RequirePackage{bytefield} +\RequirePackage{graphicx} +\RequirePackage{newtxmath} +\RequirePackage{mathtools} +\RequirePackage{xspace} +\RequirePackage{url} +\RequirePackage{changepage} +\RequirePackage{enumitem} +\RequirePackage{tabularx} +\RequirePackage{hhline} +\RequirePackage[usestackEOL]{stackengine} +\RequirePackage{comment} +\RequirePackage{needspace} +\RequirePackage[nobottomtitles]{titlesec} +\RequirePackage[hang]{footmisc} +\RequirePackage{xstring} +\RequirePackage[unicode,bookmarksnumbered,bookmarksopen,pdfview=Fit]{hyperref} +\RequirePackage{cleveref} +\RequirePackage{nameref} + +\RequirePackage[style=alphabetic,maxbibnames=99,dateabbrev=false,urldate=iso8601,backref=true,backrefstyle=none,backend=biber]{biblatex} +\addbibresource{hush.bib} + +% Fonts +\RequirePackage{lmodern} +\RequirePackage{quattrocento} +\RequirePackage[bb=ams]{mathalfa} + +% Quattrocento is beautiful but doesn't have an italic face. So we scale +% New Century Schoolbook italic to fit in with slanted Quattrocento and +% match its x height. +\renewcommand{\emph}[1]{\hspace{0.15em}{\fontfamily{pnc}\selectfont\scalebox{1.02}[0.999]{\textit{#1}}}\hspace{0.02em}} + +% While we're at it, let's match the tt x height to Quattrocento as well. +\let\oldtexttt\texttt +\let\oldmathtt\mathtt +\renewcommand{\texttt}[1]{\scalebox{1.02}[1.07]{\oldtexttt{#1}}} +\renewcommand{\mathtt}[1]{\scalebox{1.02}[1.07]{$\oldmathtt{#1}$}} + +\newcommand{\zsendmany}{\textbf{z\_sendmany}} + +% bold but not extended +\newcommand{\textbnx}[1]{{\fontseries{b}\selectfont #1}} + + +\crefformat{footnote}{#2\footnotemark[#1]#3} + +\DeclareLabelalphaTemplate{ + \labelelement{\field{citekey}} +} + +\DefineBibliographyStrings{english}{ + page = {page}, + pages = {pages}, + backrefpage = {\mbox{$\uparrow$ p\!}}, + backrefpages = {\mbox{$\uparrow$ p\!}} +} + +\setlength{\oddsidemargin}{-0.25in} +\setlength{\textwidth}{7in} +\setlength{\topmargin}{-0.75in} +\setlength{\textheight}{9.2in} +\setlength{\parindent}{0ex} +\renewcommand{\arraystretch}{1.4} +\overfullrule=2cm + +\setlength{\footnotemargin}{0.6em} +\setlength{\footnotesep}{2ex} +\addtolength{\skip\footins}{3ex} + +\renewcommand{\bottomtitlespace}{8ex} + +% Use rubber lengths between paragraphs to improve default pagination. +% https://tex.stackexchange.com/questions/17178/vertical-spacing-pagination-and-ideal-results +\setlength{\parskip}{1.5ex plus 1pt minus 1pt} + +\setlist[enumerate]{before=\vspace{-1ex}} +\setlist[itemize]{itemsep=0.5ex,topsep=0.2ex,before=\vspace{-1ex},after=\vspace{1.5ex}} + +\newlist{formulae}{itemize}{3} +\setlist[formulae]{itemsep=0.2ex,topsep=0ex,leftmargin=1.5em,label=,after=\vspace{1.5ex}} + +\newcommand{\docversion}{Pre-Release Version} +\newcommand{\termbf}[1]{\textbf{#1}\xspace} +\newcommand{\Hushlist}{\termbf{HushList}} +\newcommand{\HushList}{\termbf{HushList}} +\newcommand{\Hushlists}{\termbf{HushLists}} +\newcommand{\HushLists}{\termbf{HushLists}} + +\newcommand{\doctitle}{Hush Version 3} +\newcommand{\leadauthor}{Duke Leto} + +\newcommand{\keywords}{anonymity, freedom of speech, cryptographic protocols,\ +electronic commerce and payment, financial privacy, proof of work, zero knowledge} + +\hypersetup{ + pdfborderstyle={/S/U/W 0.7}, + pdfinfo={ + Title={\doctitle, \docversion}, + Author={\leadauthor}, + Keywords={\keywords} + } +} + +\makeatletter +\renewcommand*{\@fnsymbol}[1]{\ensuremath{\ifcase#1\or \dagger\or \ddagger\or + \mathsection\or \mathparagraph\else\@ctrerr\fi}} +\makeatother + +\renewcommand{\sectionautorefname}{\S\!} +\renewcommand{\subsectionautorefname}{\S\!} +\renewcommand{\subsubsectionautorefname}{\S\!} +\renewcommand{\subparagraphautorefname}{\S\!} +\newcommand{\crossref}[1]{\autoref{#1}\, \emph{`\nameref*{#1}\kern -0.05em'} on p.\,\pageref*{#1}} + +\newcommand{\nstrut}[1]{\texorpdfstring{#1\rule[-.2\baselineskip]{0pt}{\baselineskip}}{#1}} +\newcommand{\nsection}[1]{\section{\nstrut{#1}}} +\newcommand{\nsubsection}[1]{\subsection{\nstrut{#1}}} +\newcommand{\nsubsubsection}[1]{\subsubsection{\nstrut{#1}}} + +\newcommand{\introlist}{\needspace{15ex}} +\newcommand{\introsection}{\needspace{30ex}} + +\mathchardef\mhyphen="2D + +% http://tex.stackexchange.com/a/309445/78411 +\DeclareFontFamily{U}{FdSymbolA}{} +\DeclareFontShape{U}{FdSymbolA}{m}{n}{ + <-> s*[.4] FdSymbolA-Regular +}{} +\DeclareSymbolFont{fdsymbol}{U}{FdSymbolA}{m}{n} +\DeclareMathSymbol{\smallcirc}{\mathord}{fdsymbol}{"60} + +\makeatletter +\newcommand{\hollowcolon}{\mathpalette\hollow@colon\relax} +\newcommand{\hollow@colon}[2]{ + \mspace{0.7mu} + \vbox{\hbox{$\m@th#1\smallcirc$}\nointerlineskip\kern.45ex \hbox{$\m@th#1\smallcirc$}\kern-.06ex} + \mspace{1mu} +} +\makeatother +\newcommand{\typecolon}{\;\hollowcolon\;} + +% We just want one ampersand symbol from boisik. +\DeclareSymbolFont{bskadd}{U}{bskma}{m}{n} +\DeclareFontFamily{U}{bskma}{\skewchar\font130 } +\DeclareFontShape{U}{bskma}{m}{n}{<->bskma10}{} +\DeclareMathSymbol{\binampersand}{\mathbin}{bskadd}{"EE} + +\newcommand{\hairspace}{~\!} +\newcommand{\hparen}{\hphantom{(}} + +\newcommand{\hfrac}[2]{\scalebox{0.8}{$\genfrac{}{}{0.5pt}{0}{#1}{#2}$}} + + +\RequirePackage[usenames,dvipsnames]{xcolor} +% https://en.wikibooks.org/wiki/LaTeX/Colors#The_68_standard_colors_known_to_dvips +\newcommand{\todo}[1]{{\color{Sepia}\sf{TODO: #1}}} + +\newcommand{\changedcolor}{magenta} +\newcommand{\setchanged}{\color{\changedcolor}} +\newcommand{\changed}[1]{\texorpdfstring{{\setchanged{#1}}}{#1}} + +% terminology + +\newcommand{\term}[1]{\textsl{#1}\kern 0.05em\xspace} +\newcommand{\titleterm}[1]{#1} +\newcommand{\quotedterm}[1]{``~\!\!\term{#1}''} +\newcommand{\conformance}[1]{\textbnx{#1}\xspace} + +\newcommand{\Zcash}{\termbf{Zcash}} +\newcommand{\Hush}{\termbf{Hush}} +\newcommand{\Zerocash}{\termbf{Zerocash}} +\newcommand{\Bitcoin}{\termbf{Bitcoin}} +\newcommand{\CryptoNote}{\termbf{CryptoNote}} +\newcommand{\ZEC}{\termbf{ZEC}} +\newcommand{\ZEN}{\termbf{ZEN}} +\newcommand{\ZCL}{\termbf{ZCL}} +\newcommand{\KMD}{\termbf{KMD}} +\newcommand{\BTCH}{\termbf{BTCH}} +\newcommand{\BTCP}{\termbf{BTCP}} +\newcommand{\ZAU}{\termbf{ZAU}} +\newcommand{\VOT}{\termbf{VOT}} +\newcommand{\BTCZ}{\termbf{BTCZ}} +\newcommand{\LTZ}{\termbf{LTZ}} +\newcommand{\HUSH}{\termbf{HUSH}} +\newcommand{\zatoshi}{\term{zatoshi}} +\newcommand{\puposhi}{\term{puposhi}} +\newcommand{\zcashd}{\textsf{zcashd}\,} +\newcommand{\hushd}{\textsf{hushd}\,} + +\newcommand{\MUST}{\conformance{MUST}} +\newcommand{\MUSTNOT}{\conformance{MUST NOT}} +\newcommand{\SHOULD}{\conformance{SHOULD}} +\newcommand{\SHOULDNOT}{\conformance{SHOULD NOT}} +\newcommand{\ALLCAPS}{\conformance{ALL CAPS}} + +\newcommand{\note}{\term{note}} +\newcommand{\notes}{\term{notes}} +\newcommand{\Note}{\titleterm{Note}} +\newcommand{\Notes}{\titleterm{Notes}} +\newcommand{\dummy}{\term{dummy}} +\newcommand{\dummyNotes}{\term{dummy notes}} +\newcommand{\DummyNotes}{\titleterm{Dummy Notes}} +\newcommand{\commitmentScheme}{\term{commitment scheme}} +\newcommand{\commitmentTrapdoor}{\term{commitment trapdoor}} +\newcommand{\commitmentTrapdoors}{\term{commitment trapdoors}} +\newcommand{\trapdoor}{\term{trapdoor}} +\newcommand{\noteCommitment}{\term{note commitment}} +\newcommand{\noteCommitments}{\term{note commitments}} +\newcommand{\NoteCommitment}{\titleterm{Note Commitment}} +\newcommand{\NoteCommitments}{\titleterm{Note Commitments}} +\newcommand{\noteCommitmentTree}{\term{note commitment tree}} +\newcommand{\NoteCommitmentTree}{\titleterm{Note Commitment Tree}} +\newcommand{\noteTraceabilitySet}{\term{note traceability set}} +\newcommand{\noteTraceabilitySets}{\term{note traceability sets}} +\newcommand{\joinSplitDescription}{\term{JoinSplit description}} +\newcommand{\joinSplitDescriptions}{\term{JoinSplit descriptions}} +\newcommand{\JoinSplitDescriptions}{\titleterm{JoinSplit Descriptions}} +\newcommand{\sequenceOfJoinSplitDescriptions}{\changed{sequence of} \joinSplitDescription\changed{\term{s}}\xspace} +\newcommand{\joinSplitTransfer}{\term{JoinSplit transfer}} +\newcommand{\joinSplitTransfers}{\term{JoinSplit transfers}} +\newcommand{\JoinSplitTransfer}{\titleterm{JoinSplit Transfer}} +\newcommand{\JoinSplitTransfers}{\titleterm{JoinSplit Transfers}} +\newcommand{\joinSplitSignature}{\term{JoinSplit signature}} +\newcommand{\joinSplitSignatures}{\term{JoinSplit signatures}} +\newcommand{\joinSplitSigningKey}{\term{JoinSplit signing key}} +\newcommand{\joinSplitVerifyingKey}{\term{JoinSplit verifying key}} +\newcommand{\joinSplitStatement}{\term{JoinSplit statement}} +\newcommand{\joinSplitStatements}{\term{JoinSplit statements}} +\newcommand{\JoinSplitStatement}{\titleterm{JoinSplit Statement}} +\newcommand{\joinSplitProof}{\term{JoinSplit proof}} +\newcommand{\statement}{\term{statement}} +\newcommand{\zeroKnowledgeProof}{\term{zero-knowledge proof}} +\newcommand{\ZeroKnowledgeProofs}{\titleterm{Zero-Knowledge Proofs}} +\newcommand{\provingSystem}{\term{proving system}} +\newcommand{\zeroKnowledgeProvingSystem}{\term{zero-knowledge proving system}} +\newcommand{\ZeroKnowledgeProvingSystem}{\titleterm{Zero-Knowledge Proving System}} +\newcommand{\ppzkSNARK}{\term{preprocessing zk-SNARK}} +\newcommand{\provingKey}{\term{proving key}} +\newcommand{\zkProvingKeys}{\term{zero-knowledge proving keys}} +\newcommand{\verifyingKey}{\term{verifying key}} +\newcommand{\zkVerifyingKeys}{\term{zero-knowledge verifying keys}} +\newcommand{\joinSplitParameters}{\term{JoinSplit parameters}} +\newcommand{\JoinSplitParameters}{\titleterm{JoinSplit Parameters}} +\newcommand{\arithmeticCircuit}{\term{arithmetic circuit}} +\newcommand{\rankOneConstraintSystem}{\term{Rank 1 Constraint System}} +\newcommand{\primary}{\term{primary}} +\newcommand{\primaryInput}{\term{primary input}} +\newcommand{\primaryInputs}{\term{primary inputs}} +\newcommand{\auxiliaryInput}{\term{auxiliary input}} +\newcommand{\auxiliaryInputs}{\term{auxiliary inputs}} +\newcommand{\fullnode}{\term{full node}} +\newcommand{\fullnodes}{\term{full nodes}} +\newcommand{\anchor}{\term{anchor}} +\newcommand{\anchors}{\term{anchors}} +\newcommand{\UTXO}{\term{UTXO}} +\newcommand{\UTXOs}{\term{UTXOs}} +\newcommand{\block}{\term{block}} +\newcommand{\blocks}{\term{blocks}} +\newcommand{\header}{\term{header}} +\newcommand{\headers}{\term{headers}} +\newcommand{\blockHeader}{\term{block header}} +\newcommand{\blockHeaders}{\term{block headers}} +\newcommand{\Blockheader}{\term{Block header}} +\newcommand{\BlockHeader}{\titleterm{Block Header}} +\newcommand{\blockVersionNumber}{\term{block version number}} +\newcommand{\blockVersionNumbers}{\term{block version numbers}} +\newcommand{\Blockversions}{\term{Block versions}} +\newcommand{\blockTime}{\term{block time}} +\newcommand{\blockHeight}{\term{block height}} +\newcommand{\blockHeights}{\term{block heights}} +\newcommand{\genesisBlock}{\term{genesis block}} +\newcommand{\transaction}{\term{transaction}} +\newcommand{\transactions}{\term{transactions}} +\newcommand{\Transactions}{\titleterm{Transactions}} +\newcommand{\transactionFee}{\term{transaction fee}} +\newcommand{\transactionFees}{\term{transaction fees}} +\newcommand{\transactionVersionNumber}{\term{transaction version number}} +\newcommand{\transactionVersionNumbers}{\term{transaction version numbers}} +\newcommand{\Transactionversion}{\term{Transaction version}} +\newcommand{\coinbaseTransaction}{\term{coinbase transaction}} +\newcommand{\coinbaseTransactions}{\term{coinbase transactions}} +\newcommand{\CoinbaseTransactions}{\titleterm{Coinbase Transactions}} +\newcommand{\transparent}{\term{transparent}} +\newcommand{\xTransparent}{\term{Transparent}} +\newcommand{\Transparent}{\titleterm{Transparent}} +\newcommand{\transparentValuePool}{\term{transparent value pool}} +\newcommand{\deshielding}{\term{deshielding}} +\newcommand{\shielding}{\term{shielding}} +\newcommand{\shielded}{\term{shielded}} +\newcommand{\shieldedXTN}{\term{shielded} $ t \rightarrow z $ transaction} +\newcommand{\shieldedXTNs}{\term{shielded} $ t \rightarrow z $ transactions} +\newcommand{\shieldedNote}{\term{shielded note}} +\newcommand{\shieldedNotes}{\term{shielded notes}} +\newcommand{\xShielded}{\term{Shielded}} +\newcommand{\Shielded}{\titleterm{Shielded}} +\newcommand{\blockchain}{\term{block chain}} +\newcommand{\blockchains}{\term{block chains}} +\newcommand{\mempool}{\term{mempool}} +\newcommand{\treestate}{\term{treestate}} +\newcommand{\treestates}{\term{treestates}} +\newcommand{\nullifier}{\term{nullifier}} +\newcommand{\nullifiers}{\term{nullifiers}} +\newcommand{\xNullifiers}{\term{Nullifiers}} +\newcommand{\Nullifier}{\titleterm{Nullifier}} +\newcommand{\Nullifiers}{\titleterm{Nullifiers}} +\newcommand{\nullifierSet}{\term{nullifier set}} +\newcommand{\NullifierSet}{\titleterm{Nullifier Set}} +% Daira: This doesn't adequately distinguish between zk stuff and transparent stuff +\newcommand{\paymentAddress}{\term{payment address}} +\newcommand{\paymentAddresses}{\term{payment addresses}} +\newcommand{\viewingKey}{\term{viewing key}} +\newcommand{\viewingKeys}{\term{viewing keys}} +\newcommand{\spendingKey}{\term{spending key}} +\newcommand{\spendingKeys}{\term{spending keys}} +\newcommand{\payingKey}{\term{paying key}} +\newcommand{\transmissionKey}{\term{transmission key}} +\newcommand{\transmissionKeys}{\term{transmission keys}} +\newcommand{\keyTuple}{\term{key tuple}} +\newcommand{\notePlaintext}{\term{note plaintext}} +\newcommand{\notePlaintexts}{\term{note plaintexts}} +\newcommand{\NotePlaintexts}{\titleterm{Note Plaintexts}} +\newcommand{\notesCiphertext}{\term{transmitted notes ciphertext}} +\newcommand{\incrementalMerkleTree}{\term{incremental Merkle tree}} +\newcommand{\merkleRoot}{\term{root}} +\newcommand{\merkleNode}{\term{node}} +\newcommand{\merkleNodes}{\term{nodes}} +\newcommand{\merkleHash}{\term{hash value}} +\newcommand{\merkleHashes}{\term{hash values}} +\newcommand{\merkleLeafNode}{\term{leaf node}} +\newcommand{\merkleLeafNodes}{\term{leaf nodes}} +\newcommand{\merkleInternalNode}{\term{internal node}} +\newcommand{\merkleInternalNodes}{\term{internal nodes}} +\newcommand{\MerkleInternalNodes}{\term{Internal nodes}} +\newcommand{\merklePath}{\term{path}} +\newcommand{\merkleLayer}{\term{layer}} +\newcommand{\merkleLayers}{\term{layers}} +\newcommand{\merkleIndex}{\term{index}} +\newcommand{\merkleIndices}{\term{indices}} +\newcommand{\zkSNARK}{\term{zk-SNARK}} +\newcommand{\zkSNARKs}{\term{zk-SNARKs}} +\newcommand{\libsnark}{\term{libsnark}} +\newcommand{\memo}{\term{memo field}} +\newcommand{\memos}{\term{memo fields}} +\newcommand{\Memos}{\titleterm{Memo Fields}} +\newcommand{\keyAgreementScheme}{\term{key agreement scheme}} +\newcommand{\KeyAgreement}{\titleterm{Key Agreement}} +\newcommand{\keyDerivationFunction}{\term{Key Derivation Function}} +\newcommand{\KeyDerivation}{\titleterm{Key Derivation}} +\newcommand{\encryptionScheme}{\term{encryption scheme}} +\newcommand{\symmetricEncryptionScheme}{\term{authenticated one-time symmetric encryption scheme}} +\newcommand{\SymmetricEncryption}{\titleterm{Authenticated One-Time Symmetric Encryption}} +\newcommand{\signatureScheme}{\term{signature scheme}} +\newcommand{\pseudoRandomFunction}{\term{Pseudo Random Function}} +\newcommand{\pseudoRandomFunctions}{\term{Pseudo Random Functions}} +\newcommand{\PseudoRandomFunctions}{\titleterm{Pseudo Random Functions}} + +% conventions +\newcommand{\bytes}[1]{\underline{\raisebox{-0.22ex}{}\smash{#1}}} +\newcommand{\zeros}[1]{[0]^{#1}} +\newcommand{\bit}{\mathbb{B}} +\newcommand{\Nat}{\mathbb{N}} +\newcommand{\PosInt}{\mathbb{N}^+} +\newcommand{\Rat}{\mathbb{Q}} +\newcommand{\typeexp}[2]{{#1}\vphantom{)}^{[{#2}]}} +\newcommand{\bitseq}[1]{\typeexp{\bit}{#1}} +\newcommand{\byteseqs}{\typeexp{\bit}{8\mult\Nat}} +\newcommand{\concatbits}{\mathsf{concat}_\bit} +\newcommand{\listcomp}[1]{[~{#1}~]} +\newcommand{\for}{\text{ for }} +\newcommand{\from}{\text{ from }} +\newcommand{\upto}{\text{ up to }} +\newcommand{\downto}{\text{ down to }} +\newcommand{\squash}{\!\!\!} +\newcommand{\caseif}{\squash\text{if }} +\newcommand{\caseotherwise}{\squash\text{otherwise}} +\newcommand{\sorted}{\mathsf{sorted}} +\newcommand{\length}{\mathsf{length}} +\newcommand{\mean}{\mathsf{mean}} +\newcommand{\median}{\mathsf{median}} +\newcommand{\clamp}[2]{\mathsf{clamp\,}_{#1}^{#2}} +\newcommand{\Lower}{\mathsf{lower}} +\newcommand{\Upper}{\mathsf{upper}} +\newcommand{\bitlength}{\mathsf{bitlength}} +\newcommand{\size}{\mathsf{size}} +\newcommand{\mantissa}{\mathsf{mantissa}} +\newcommand{\ToCompact}{\mathsf{ToCompact}} +\newcommand{\ToTarget}{\mathsf{ToTarget}} +\newcommand{\hexint}[1]{\mathbf{0x{#1}}} +\newcommand{\dontcare}{\kern -0.06em\raisebox{0.1ex}{\footnotesize{$\times$}}} +\newcommand{\ascii}[1]{\textbf{``\texttt{#1}"}} +\newcommand{\Justthebox}[2][-1.3ex]{\;\raisebox{#1}{\usebox{#2}}\;} +\newcommand{\hSigCRH}{\mathsf{hSigCRH}} +\newcommand{\hSigLength}{\mathsf{\ell_{hSig}}} +\newcommand{\hSigType}{\bitseq{\hSigLength}} +\newcommand{\EquihashGen}[1]{\mathsf{EquihashGen}_{#1}} +\newcommand{\CRH}{\mathsf{CRH}} +\newcommand{\CRHbox}[1]{\SHA\left(\Justthebox{#1}\right)} +\newcommand{\SHA}{\mathtt{SHA256Compress}} +\newcommand{\SHAName}{\term{SHA-256 compression}} +\newcommand{\FullHash}{\mathtt{SHA256}} +\newcommand{\FullHashName}{\mathsf{SHA\mhyphen256}} +\newcommand{\Blake}[1]{\mathsf{BLAKE2b\kern 0.05em\mhyphen{#1}}} +\newcommand{\BlakeGeneric}{\mathsf{BLAKE2b}} +\newcommand{\FullHashbox}[1]{\FullHash\left(\Justthebox{#1}\right)} +\newcommand{\setof}[1]{\{{#1}\}} +\newcommand{\range}[2]{\{{#1}\,..\,{#2}\}} +\newcommand{\minimum}{\mathsf{min}} +\newcommand{\maximum}{\mathsf{max}} +\newcommand{\floor}[1]{\mathsf{floor}\!\left({#1}\right)} +\newcommand{\trunc}[1]{\mathsf{trunc}\!\left({#1}\right)} +\newcommand{\ceiling}[1]{\mathsf{ceiling}\left({#1}\right)} +\newcommand{\vsum}[2]{\smashoperator[r]{\sum_{#1}^{#2}}} +\newcommand{\vxor}[2]{\smashoperator[r]{\bigoplus_{#1}^{#2}}} +\newcommand{\xor}{\oplus} +\newcommand{\band}{\binampersand} +\newcommand{\mult}{\cdot} +\newcommand{\rightarrowR}{\buildrel{\scriptstyle\mathrm{R}}\over\rightarrow} +\newcommand{\leftarrowR}{\buildrel{\scriptstyle\mathrm{R}}\over\leftarrow} + +\newcommand{\JoinSplit}{\text{\footnotesize\texttt{JoinSplit}}} + +\newcommand{\affiliation}{\hairspace$^\dagger$\;} +\newcommand{\affiliationDuke}{\hairspace$^\ddagger$\;} + +\begin{document} + +\title{\doctitle \\ +\Large \docversion} +\author{ +\Large \leadauthor\hairspace\thanks{\;duke@leto.net} +} +\date{\today} +\maketitle + +\renewcommand{\abstractname}{} +\vspace{-8ex} +\begin{abstract} +\normalsize \noindent \textbf{Abstract.} + +\Hush originally was a source code fork of the \Zcash 1.0.8 codebase. Hush was + originally called "Zdash" and is not a chain fork, Hush mined it's own + unique genesis block. + + ... + +\vspace{2.5ex} +\noindent \textbf{Keywords:}~ \StrSubstitute[0]{\keywords}{,}{, }. +\end{abstract} + +\vspace{-10ex} +\phantomsection +\addcontentsline{toc}{section}{\Large\nstrut{Contents}} + +\renewcommand{\contentsname}{} +% http://tex.stackexchange.com/a/182744/78411 +\renewcommand{\baselinestretch}{0.85}\normalsize +\tableofcontents +\renewcommand{\baselinestretch}{1.0}\normalsize +\newpage + + +\nsection{Introduction} + +\nsection{Special Thanks} + +Special thanks to jl777 and the greater Komodo community for inspiring a new +generation of cypherpunks to innovate outside the constraints of Bitcoin and +Zcash core communities. + +Remember, remember, the 5th Of November. + +\nsection{References} + +\begingroup +\hfuzz=2pt +\renewcommand{\section}[2]{} +\renewcommand{\emph}[1]{\textit{#1}} +\printbibliography +\endgroup + +\end{document} diff --git a/whitepaper/v3/hush-v3.ver b/whitepaper/v3/hush-v3.ver new file mode 100644 index 0000000..42fdb3c --- /dev/null +++ b/whitepaper/v3/hush-v3.ver @@ -0,0 +1 @@ +\renewcommand{\docversion}{Version } \ No newline at end of file diff --git a/whitepaper/v3/hush.bib b/whitepaper/v3/hush.bib new file mode 100644 index 0000000..0121c1f --- /dev/null +++ b/whitepaper/v3/hush.bib @@ -0,0 +1,576 @@ +@misc{Zcash, + author={Daira Hopwood}, + title={Zcash Protocol Specification}, + url={https://github.com/zcash/zips/blob/master/protocol/protocol.pdf}, + urldate={2017-12-28} +} + +@misc{Komodo, + author={superNET}, + title={Komodo Platform}, + url={https://komodoplatform.com}, + urldate={2017-12-28} +} + +@misc{BarterDEX, + author={jl777}, + title={barterDEX - Atomic Swap Decentralized Exchange of Native Coins}, + url={https://github.com/SuperNETorg/komodo/wiki/barterDEX-Whitepaper-v2}, + urldate={2017-12-28} +} + +@misc{dPOW, + author={jl777}, + title={Delayed Proof of Work (dPoW)}, + url={https://supernet.org/en/technology/whitepapers/delayed-proof-of-work-dpow}, + urldate={2017-12-27} +} + +@misc{BCG+2014, + author={Eli Ben-Sasson and Alessandro Chiesa and Christina Garman and Matthew Green and Ian Miers and Eran Tromer and Madars Virza}, + title={Zerocash: Decentralized {A}nonymous {P}ayments from {B}itcoin (extended version)}, + url={http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf}, + urldate={2016-08-06}, + addendum={A condensed version appeared in \textsl{Proceedings of the IEEE Symposium on Security and Privacy (Oakland) 2014}, +pages 459--474; IEEE, 2014.} +} + +@misc{BCTV2015, + author={Eli Ben-Sasson and Alessandro Chiesa and Eran Tromer and Madars Virza}, + title={Succinct {N}on-{I}nteractive {Z}ero {K}nowledge for a von {N}eumann {A}rchitecture}, + url={https://eprint.iacr.org/2013/879}, + urldate={2016-08-21}, + howpublished={Cryptology ePrint Archive: Report 2013/879. +Last revised \mbox{May 19,} 2015.} +} + +@misc{PGHR2013, + author={Bryan Parno and Craig Gentry and Jon Howell and Mariana Raykova}, + title={Pinocchio: {N}early {P}ractical {V}erifiable {C}omputation}, + url={https://eprint.iacr.org/2013/279}, + urldate={2016-08-31}, + howpublished={Cryptology ePrint Archive: Report 2013/279. Last revised \mbox{May 13,} 2013.} +} + +@misc{BCGTV2013, + author={Eli Ben-Sasson and Alessandro Chiesa and Daniel Genkin and Eran Tromer and Madars Virza}, + title={{SNARK}s for {C}: {V}erifying {P}rogram {E}xecutions {S}uccinctly and in {Z}ero {K}nowledge}, + url={https://eprint.iacr.org/2013/507}, + urldate={2016-08-31}, + howpublished={Cryptology ePrint Archive: Report 2013/507. +Last revised \mbox{October 7,} 2013.}, + addendum={An earlier version appeared in \textsl{Proceedings of the 33rd Annual International Cryptology Conference, +CRYPTO '13}, pages 90--108; IACR, 2013.} +} + +@misc{GGPR2013, + author={Rosario Gennaro and Craig Gentry and Bryan Parno and Mariana Raykova}, + title={Quadratic {S}pan {P}rograms and {S}uccinct {NIZK}s without {PCP}s}, + howpublished={Cryptology ePrint Archive: Report 2012/215. +Last revised \mbox{June 18,} 2012.}, + addendum={Also published in \textsl{Advances in Cryptology - EUROCRYPT 2013}, Vol. 7881 pages 626--645; +Lecture Notes in Computer Science; Springer, 2013.}, + url={https://eprint.iacr.org/2012/215}, + urldate={2016-09-01} +} + +@inproceedings{BCTV2014, + author={Eli Ben-Sasson and Alessandro Chiesa and Eran Tromer and Madars Virza}, + title={Scalable {Z}ero {K}nowledge via {C}ycles of {E}lliptic {C}urves (extended version)}, + booktitle={Advances in Cryptology - CRYPTO 2014}, + volume={8617}, + series={Lecture Notes in Computer Science}, + pages={276--294}, + year={2014}, + publisher={Springer}, + url={https://www.cs.tau.ac.il/~tromer/papers/scalablezk-20140803.pdf}, + urldate={2016-09-01} +} + +@misc{BGG2016, + author={Sean Bowe and Ariel Gabizon and Matthew Green}, + title={A multi-party protocol for constructing the public parameters of the {P}inocchio zk-{SNARK}}, + date={2016-11-24}, + url={https://github.com/zcash/mpc/blob/master/whitepaper.pdf}, + urldate={2017-02-11} +} + +@misc{Bitcoin, + author={Satoshi Nakamoto}, + title={Bitcoin:\, {A}\, {P}eer-to-{P}eer\, {E}lectronic\, {C}ash\, {S}ystem}, + date={2008-10-31}, + url={https://bitcoin.org/en/bitcoin-paper}, + urldate={2016-08-14} +} + +@misc{BK2016, + author={Alex Biryukov and Dmitry Khovratovich}, + title={Equihash: {A}symmetric {P}roof-of-{W}ork {B}ased on the {G}eneralized {B}irthday {P}roblem (full version)}, + url={https://eprint.iacr.org/2015/946}, + urldate={2016-10-30}, + howpublished={Cryptology ePrint Archive: Report 2015/946. +Last revised \mbox{October 27,} 2016.} +} + +@inproceedings{Bern2006, + author={Daniel Bernstein}, + title={Curve25519: new {D}iffie-{H}ellman speed records}, + booktitle={Public Key Cryptography - PKC 2006. Proceedings of the 9th International Conference on Theory and Practice in Public-Key Cryptography, New York, NY, USA, April 24-26}, + publisher={Springer-Verlag}, + date={2006-02-09}, + url={http://cr.yp.to/papers.html#curve25519}, + urldate={2016-08-14}, + addendum={Document ID: 4230efdfa673480fc079449d90f322c0.} +} + +@article{BDL+2012, + author={Daniel Bernstein and Niels Duif and Tanja Lange and Peter Schwabe and Bo-Yin Yang}, + title={High-speed high-security signatures}, + journal={Journal of Cryptographic Engineering}, + volume={2}, + pages={77-89}, + date={2011-09-26}, + url={http://cr.yp.to/papers.html#ed25519}, + urldate={2016-08-14}, + addendum={Document ID: a1a62a2f76d23f65d622484ddd09caf8.} +} + +@misc{Zave2012, + author={Gregory M. Zaverucha}, + title={Hybrid {E}ncryption in the {M}ulti-{U}ser {S}etting}, + url={https://eprint.iacr.org/2012/159}, + urldate={2016-09-24}, + howpublished={Cryptology ePrint Archive: Report 2012/159. +Received \mbox{March 20,} 2012.} +} + +@inproceedings{Bern2005, + author={Daniel Bernstein}, + title={Understanding brute force}, + date={2005-04-25}, + booktitle={ECRYPT STVL Workshop on Symmetric Key Encryption, eSTREAM report 2005/036}, + url={https://cr.yp.to/papers.html#bruteforce}, + urldate={2016-09-24}, + addendum={Document ID: 73e92f5b71793b498288efe81fe55dee.} +} + +@book{Unicode, + author={The Unicode Consortium}, + publisher={The Unicode Consortium}, + year={2016}, + title={The Unicode Standard}, + url={http://www.unicode.org/versions/latest/}, + urldate={2016-08-31} +} + +@misc{libsodium-Seal, + title={Sealed boxes \hspace{0.2em}---\hspace{0.2em} libsodium}, + url={https://download.libsodium.org/doc/public-key_cryptography/sealed_boxes.html}, + urldate={2016-02-01} +} + +@misc{NIST2015, + author={NIST}, + title={{FIPS} 180-4: Secure {H}ash {S}tandard ({SHS})}, + month={August}, + year={2015}, + doi={10.6028/NIST.FIPS.180-4}, + url={http://csrc.nist.gov/publications/PubsFIPS.html#180-4}, + urldate={2016-08-14} +} + +@misc{RIPEMD160, + author={Hans Dobbertin and Antoon Bosselaers and Bart Preneel}, + title={{RIPEMD}-160, a strengthened version of {RIPEMD}}, + url={http://homes.esat.kuleuven.be/~bosselae/ripemd160.html}, + urldate={2016-09-24} +} + +@misc{ANWW2013, + author={Jean-Philippe Aumasson and \;Samuel Neves and \;Zooko Wilcox-O'Hearn and +\;Christian Winnerlein}, + date={2013-01-29}, + title={{BLAKE2}: simpler, smaller, fast as {MD5}}, + url={https://blake2.net/#sp}, + urldate={2016-08-14} +} + +@misc{RFC-7693, + author={Markku-Juhani Saarinen (ed.)}, + title={Request for {C}omments 7693: {T}he {BLAKE2} {C}ryptographic {H}ash and +{M}essage {A}uthentication {C}ode ({MAC})}, + howpublished={Internet Engineering Task Force (IETF)}, + date={2015-11}, + url={https://tools.ietf.org/html/rfc7693}, + urldate={2016-08-31} +} + +@misc{RFC-2119, + author={Scott Bradner}, + title={Request for {C}omments 7693: {K}ey words for use in {RFC}s to {I}ndicate +{R}equirement {L}evels}, + howpublished={Internet Engineering Task Force (IETF)}, + date={1997-03}, + url={https://tools.ietf.org/html/rfc2119}, + urldate={2016-09-14} +} + +@misc{Cert2010, + author={Certicom Research}, + title={Standards for {E}fficient {C}ryptography 2 ({SEC} 2)}, + date={2010-01-27}, + addendum={Version 2.0.}, + url={http://www.secg.org/sec2-v2.pdf}, + urldate={2016-08-14} +} + +@inproceedings{MAEA2010, + author={V. Gayoso Mart{\'i}nez and F. Hern{\'a}ndez Alvarez and +L. Hern{\'a}ndez Encinas and C. S{\'a}nchez {\'A}vila}, + title={A {C}omparison of the {S}tandardized {V}ersions of {ECIES}}, + booktitle={Proceedings of Sixth International Conference on Information Assurance and Security, +23--25 August 2010, Atlanta, GA, USA. ISBN: 978-1-4244-7407-3}, + year={2010}, + pages={1-4}, + publisher={IEEE}, + doi={10.1109/ISIAS.2010.5604194}, + url={https://digital.csic.es/bitstream/10261/32674/1/Gayoso_A%20Comparison%20of%20the%20Standardized%20Versions%20of%20ECIES.pdf}, + urldate={2016-08-14} +} + +@misc{ABR1999, + author={Michel Abdalla and Mihir Bellare and Phillip Rogaway}, + title={{DHAES}: {A}n {E}ncryption {S}cheme {B}ased on the {D}iffie-{H}ellman {P}roblem}, + url={https://eprint.iacr.org/1999/007}, + urldate={2016-08-21}, + date={1998-09}, + howpublished={Cryptology ePrint Archive: Report 1999/007. Received \mbox{March 17,} 1999.} +} + +@misc{DGKM2011, + author={Dana Dachman-Soled and Rosario Gennaro and Hugo Krawczyk and Tal Malkin}, + title={Computational {E}xtractors and {P}seudorandomness}, + url={https://eprint.iacr.org/2011/708}, + urldate={2016-09-02}, + howpublished={Cryptology ePrint Archive: Report 2011/708. \mbox{December 28,} 2011.} +} + +@misc{BDEHR2011, + author={Johannes Buchmann and Erik Dahmen and Sarah Ereth and Andreas H{\"u}lsing and Markus R{\"u}ckert}, + title={On the {S}ecurity of the {W}internitz {O}ne-{T}ime {S}ignature {S}cheme (full version)}, + url={https://eprint.iacr.org/2011/191}, + urldate={2016-09-05}, + howpublished={Cryptology ePrint Archive: Report 2011/191. +Received \mbox{April 13,} 2011.} +} + +@misc{vanS2014, + author={Nicolas van Saberhagen}, + title={CryptoNote v 2.0}, + note={Date disputed.}, + url={https://cryptonote.org/whitepaper.pdf}, + urldate={2016-08-17}, +} + +@misc{Bitcoin-Base58, + title={Base58{C}heck encoding --- {B}itcoin {W}iki}, + url={https://en.bitcoin.it/wiki/Base58Check_encoding}, + urldate={2016-01-26} +} + +@misc{Bitcoin-secp256k1, + title={Secp256k1 --- {B}itcoin {W}iki}, + url={https://en.bitcoin.it/wiki/Secp256k1}, + urldate={2016-03-14} +} + +@misc{Bitcoin-CoinJoin, + title={Coin{J}oin --- {B}itcoin {W}iki}, + url={https://en.bitcoin.it/wiki/CoinJoin}, + urldate={2016-08-17} +} + +@misc{Bitcoin-Format, + title={Raw {T}ransaction {F}ormat --- {B}itcoin {D}eveloper {R}eference}, + url={https://bitcoin.org/en/developer-reference#raw-transaction-format}, + urldate={2016-03-15} +} + +@misc{Bitcoin-Block, + title={Block {H}eaders --- {B}itcoin {D}eveloper {R}eference}, + url={https://bitcoin.org/en/developer-reference#block-headers}, + urldate={2017-04-25} +} + +@misc{Bitcoin-nBits, + title={Target n{B}its --- {B}itcoin {D}eveloper {R}eference}, + url={https://bitcoin.org/en/developer-reference#target-nbits}, + urldate={2016-08-13} +} + +@misc{Bitcoin-Multisig, + title={P2SH multisig (definition) --- {B}itcoin {D}eveloper {R}eference}, + url={https://bitcoin.org/en/developer-guide#term-p2sh-multisig}, + urldate={2016-08-19} +} + +@misc{Bitcoin-P2SH, + title={P2SH (definition) --- {B}itcoin {D}eveloper {R}eference}, + url={https://bitcoin.org/en/developer-guide#term-p2sh}, + urldate={2016-08-24} +} + +@misc{Bitcoin-P2PKH, + title={P2PKH (definition) -- {B}itcoin {D}eveloper {R}eference}, + url={https://bitcoin.org/en/developer-guide#term-p2pkh}, + urldate={2016-08-24} +} + +@misc{Bitcoin-Protocol, + title={Protocol documentation --- {B}itcoin {W}iki}, + url={https://en.bitcoin.it/wiki/Protocol_documentation}, + urldate={2016-10-02} +} + +@misc{BIP-11, + author={Gavin Andresen}, + title={M-of-{N} {S}tandard {T}ransactions}, + howpublished={Bitcoin Improvement Proposal 11. Created October 18, 2011}, + url={https://github.com/bitcoin/bips/blob/master/bip-0011.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-13, + author={Gavin Andresen}, + title={Address {F}ormat for pay-to-script-hash}, + howpublished={Bitcoin Improvement Proposal 13. Created October 18, 2011}, + url={https://github.com/bitcoin/bips/blob/master/bip-0013.mediawiki}, + urldate={2016-09-24} +} + +@misc{BIP-14, + author={Amir Taaki and Patrick Strateman}, + title={Protocol {V}ersion and {U}ser {A}gent}, + howpublished={Bitcoin Improvement Proposal 14. Created November 10, 2011}, + url={https://github.com/bitcoin/bips/blob/master/bip-0014.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-16, + author={Gavin Andresen}, + title={Pay to {S}cript {H}ash}, + howpublished={Bitcoin Improvement Proposal 16. Created January 3, 2012}, + url={https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-30, + author={Pieter Wuille}, + title={Duplicate transactions}, + howpublished={Bitcoin Improvement Proposal 30. Created February 22, 2012}, + url={https://github.com/bitcoin/bips/blob/master/bip-0030.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-31, + author={Mike Hearn}, + title={Pong message}, + howpublished={Bitcoin Improvement Proposal 31. Created April 11, 2012}, + url={https://github.com/bitcoin/bips/blob/master/bip-0031.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-32, + author={Pieter Wuille}, + title={Hierarchical {D}eterministic {W}allets}, + howpublished={Bitcoin Improvement Proposal 32. Created February 11, 2012. Last updated January 15, 2014}, + url={https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki}, + urldate={2016-09-24} +} + +@misc{BIP-34, + author={Gavin Andresen}, + title={Block v2, {H}eight in {C}oinbase}, + howpublished={Bitcoin Improvement Proposal 34. Created July 6, 2012}, + url={https://github.com/bitcoin/bips/blob/master/bip-0034.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-35, + author={Jeff Garzik}, + title={mempool message}, + howpublished={Bitcoin Improvement Proposal 35. Created August 16, 2012}, + url={https://github.com/bitcoin/bips/blob/master/bip-0035.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-37, + author={Mike Hearn and Matt Corallo}, + title={Connection Bloom filtering}, + howpublished={Bitcoin Improvement Proposal 37. Created October 24, 2012}, + url={https://github.com/bitcoin/bips/blob/master/bip-0037.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-61, + author={Gavin Andresen}, + title={Reject P2P message}, + howpublished={Bitcoin Improvement Proposal 61. Created June 18, 2014}, + url={https://github.com/bitcoin/bips/blob/master/bip-0061.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-62, + author={Pieter Wuille}, + title={Dealing with malleability}, + howpublished={Bitcoin Improvement Proposal 62. Withdrawn Nov\-ember 17, 2015}, + url={https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki}, + urldate={2016-09-05} +} + +@misc{BIP-65, + author={Peter Todd}, + title={\ScriptOP{CHECKLOCKTIMEVERIFY}}, + howpublished={Bitcoin Improvement Proposal 65. Created October 10, 2014}, + url={https://github.com/bitcoin/bips/blob/master/bip-0065.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-66, + author={Pieter Wuille}, + title={Strict {DER} signatures}, + howpublished={Bitcoin Improvement Proposal 66. Created January 10, 2015}, + url={https://github.com/bitcoin/bips/blob/master/bip-0066.mediawiki}, + urldate={2016-10-02} +} + +@misc{BIP-68, + author={Mark Friedenbach and BtcDrak and Nicolas Dorier and kinoshitajona}, + title={Relative lock-time using con\-sensus-enforced sequence numbers}, + howpublished={Bitcoin Improvement Proposal 68. Last revised November 21, 2015}, + url={https://github.com/bitcoin/bips/blob/master/bip-0068.mediawiki}, + urldate={2016-09-02} +} + +@misc{DigiByte-PoW, + author={DigiByte Core Developers}, + title={DigiSpeed 4.0.0 source code, functions GetNextWorkRequiredV3/4 in src/main.cpp as of commit 178e134}, + url={https://github.com/digibyte/digibyte/blob/178e1348a67d9624db328062397fde0de03fe388/src/main.cpp#L1587}, + urldate={2017-01-20} +} + +@misc{GitHub-mpc, + author={Sean Bowe and Ariel Gabizon and Matthew Green}, + title={GitHub repository `\hairspace zcash/mpc'\hairspace: zk-SNARK parameter multi-party computation protocol}, + url={https://github.com/zcash/mpc}, + urldate={2017-01-06} +} + +@misc{ZcashIssue-2113, + author={Simon Liu}, + title={GitHub repository `\hairspace zcash/zcash'\hairspace: Issue 2113}, + url={https://github.com/zcash/zcash/issues/2113}, + urldate={2017-02-20} +} + +@book{IEEE2000, + author={IEEE Computer Society}, + publisher={IEEE}, + date={2000-08-29}, + title={IEEE {S}td 1363-2000: {S}tandard {S}pecifications for {P}ublic-{K}ey {C}ryptography}, + url={http://ieeexplore.ieee.org/servlet/opac?punumber=7168}, + urldate={2016-08-03}, + doi={10.1109/IEEESTD.2000.92292} +} + +@book{IEEE2004, + author={IEEE Computer Society}, + publisher={IEEE}, + date={2004-09-02}, + title={IEEE {S}td 1363a-2004: {S}tandard {S}pecifications for {P}ublic-{K}ey {C}ryptography -- +{A}mendment 1: {A}dditional {T}echniques}, + url={http://ieeexplore.ieee.org/servlet/opac?punumber=9276}, + urldate={2016-08-03}, + doi={10.1109/IEEESTD.2004.94612} +} + +@misc{libsnark-fork, + title={libsnark: {C}++ library for {zkSNARK} proofs (Zcash fork)}, + url={https://github.com/zcash/libsnark}, + urldate={2016-08-14} +} + +@misc{RFC-7539, + author={Yoav Nir and Adam Langley}, + title={Request for {C}omments 7539: Cha{C}ha20 and {P}oly1305 for {IETF} {P}rotocols}, + howpublished={Internet Research Task Force (IRTF)}, + date={2015-05}, + url={https://tools.ietf.org/html/rfc7539}, + urldate={2016-09-02}, + addendum={As modified by verified errata at \url{https://www.rfc-editor.org/errata_search.php?rfc=7539} +(visited on 2016-09-02).} +} + +@misc{BN2007, + author={Mihir Bellare and Chanathip Namprempre}, + title={Authenticated {E}ncryption: {R}elations among notions and analysis of the +generic composition paradigm}, + url={https://eprint.iacr.org/2000/025}, + urldate={2016-09-02}, + howpublished={Cryptology ePrint Archive: Report 2000/025. Last revised \mbox{July 14,} 2007.} +} + +@misc{BBDP2001, + author={Mihir Bellare and Alexandra Boldyreva and Anand Desai and David Pointcheval}, + title={Key-{P}rivacy in {P}ublic-{K}ey {E}ncryption}, + addendum={Full version.}, + month={September}, + year={2001}, + url={https://cseweb.ucsd.edu/~mihir/papers/anonenc.html}, + urldate={2016-08-14} +} + +@book{LG2004, + author={Eddie Lenihan and Carolyn Eve Green}, + title={Meeting the {O}ther {C}rowd: {T}he {F}airy {S}tories of {H}idden {I}reland}, + month={February}, + year={2004}, + publisher={TarcherPerigee}, + pages={109-110}, + isbn={1-58542-206-1} +} + +@misc{GGM2016, + author={Christina Garman\; and \;Matthew Green\; and \;Ian Miers}, + title={Accountable\, {P}rivacy\, for\, {D}ecentralized\, {A}nonymous\, {P}ayments}, + howpublished={Cryptology ePrint Archive: Report 2016/061. Last revised \mbox{January 24,} 2016}, + url={https://eprint.iacr.org/2016/061}, + urldate={2016-09-02} +} + +@misc{WG2016, + author={Zooko Wilcox and Jack Grigg}, + title={Why {E}quihash?}, + howpublished={Zcash blog}, + date={2016-04-15}, + url={https://z.cash/blog/why-equihash.html}, + urldate={2016-08-05} +} + +@misc{HW2016, + author={Taylor Hornby\; and \;Zooko Wilcox}, + title={Fixing\, {V}ulnerabilities\, in\, the\, {Z}cash\, {P}rotocol}, + howpublished={Zcash blog}, + date={2016-04-25}, + url={https://z.cash/blog/fixing-zcash-vulns.html}, + urldate={2016-06-22} +} + +@misc{EWD-831, + author={Edsger W. Dijkstra}, + title={Why\, numbering\, should\, start\, at\, zero}, + howpublished={\;Manuscript}, + date={1982-08-11}, + url={https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD831.html}, + urldate={2016-08-09} +}