Ariel
Ariel
Also, what I can't understand from the protocol spec is - when vpub_new ZEC are inserted to the transparent value pool from a joinsplit - what is the transparent address...
Thanks @str4d . That doesn't seem to be completely well-defined . If there are no transparent outputs or exactly one, it is well-defined. But what if there are multiple transparent...
ahh I think I get it now thanks!
Another issue that came up while discussing something with @str4d. It is described in 4.3 of spec; that we should have h_sig=HASH(randomSeed,nf_old,joinSplitPubKey). But I could not find any place in...
joinsplit.verify checks h_i's are certain function of h_sig.. it does not check anything about h_sig being function of randomSeed,nf_old,joinSplitPubKey (at least according to 4.9)
if what you mean is hSig is computed by the *verifier* from randomSeed,nf_old,joinSplitPubKey, that are given *themselves* to him as input, then I can see that being fine
OK..great! Then that should be made more clear in the spec.
Ok..now reading 4.3 I understand how you thought of it. I would add, just above 4.10, something like "Note that as opposed to the other parts of the primary input...
How about prizes for the best 1/2/3 papers about MiMC in the next year? I could help with the reviewing.
Improved explanation in code https://github.com/zcash-hackworks/sapling-crypto/pull/95