Add encodings for viewing keys, which should include a_pk#117
Conversation
|
Yay. Updating the offline address generator for encodings! |
| @@ -1026,7 +1033,8 @@ | |||
|
|
|||
| A \keyTuple $(\AuthPrivate, \TransmitPrivate, \PaymentAddress)$ is | |||
There was a problem hiding this comment.
Should the viewing key be included in the key tuple?
There was a problem hiding this comment.
We mentioned key tuples in only two places, so I've simplified the spec (in my local copy) by removing that concept and just referring to the key components.
| instead.) | ||
| \item 256 bits specifying $\AuthPublic$. | ||
| \item 256 bits specifying $\TransmitPrivate$, using the normal encoding | ||
| of a Curve25519 private key \cite{Bern2006}. |
There was a problem hiding this comment.
It might pay to clarify that this is a clamped Curve25519 private key, to avoid implementation divergence. Although zcashd could work around this inconsistency, it would be good to avoid it in the first place, as the Base58 encoding means that the viewing key would look significantly different with and without clamping, which could confuse users.
There was a problem hiding this comment.
That's a good point. Should we reject keys that are not clamped (and less than the group order)? That seems the simplest way to avoid divergence.
There was a problem hiding this comment.
A counter-argument I've heard to clamping is that when multiplying the private key by some scalar mod p (e.g. for blinding), the clamping is not preserved if it overflows (that would only the case mod l). But I can't see a way in which blinding might want to be applied to sk_enc, that would be affected by requiring clamping here. So I think it's fine to just require clamping.
There was a problem hiding this comment.
daira
force-pushed
the
zips101.viewing-key-format.1
branch
from
c5fc148 to
c2a4d14
Compare
|
@str4d's comments have been addressed. |
|
@daira do you want to rebase this before or after I re-review? |
|
@str4d After; you can rereview now. |
| instead.) | ||
| \item 256 bits specifying $\AuthPublic$. | ||
| \item 256 bits specifying $\TransmitPrivate$, using the normal encoding | ||
| of a Curve25519 private key \cite{Bern2006}. |
There was a problem hiding this comment.
A counter-argument I've heard to clamping is that when multiplying the private key by some scalar mod p (e.g. for blinding), the clamping is not preserved if it overflows (that would only the case mod l). But I can't see a way in which blinding might want to be applied to sk_enc, that would be affected by requiring clamping here. So I think it's fine to just require clamping.
| instead.) | ||
| \item 256 bits specifying $\AuthPublic$. | ||
| \item 256 bits specifying $\TransmitPrivate$, using the normal encoding | ||
| of a Curve25519 private key \cite{Bern2006}. |
There was a problem hiding this comment.
|
The rendered protocol pdf suddenly has the old key diagram |
Also fix a minor error in the specification of note decryption. Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
daira
force-pushed
the
zips101.viewing-key-format.1
branch
from
c2a4d14 to
d4e2da7
Compare
This PR makes updates to ZIP 246 (aka the V6 SIGHASH algorithm) based on the changes being made as a part of zcash#1048. A minor broken link is also fixed.
4 participants
fixes #101. refs zcash/zcash#1997