Comments (4)
My thinking was that it would be harder to analyse and to update the security proof if we didn't use an authenticated encryption scheme. We should revisit this because it would be a significant simplification not to have to implement or rely on Poly1305 in the circuit. (Also a slight performance improvement, but not much because Poly1305 turns out to be very circuit-efficient.)
Edit: the performance saving would be to not have to derive the Poly1305 keys using ChaCha20. But it turns out that this only saves one ChaCha20 block (assuming other known optimizations described on zcash/zcash#406).
from zips.
Oh, I remember the main reason I did this: the security argument for confidentiality of the encryption should be independent of the SNARK. We want everything to stay confidential even if the SNARK (and therefore the enforcement of linking between aoldsk,i and the signature) were completely broken. Confidentiality against chosen ciphertext attacks requires authenticated encryption.
from zips.
But yes, we should document a bunch of additional requirements and security caveats about sending coins out-of-band. (I'd almost like to say that it is not supported, but we can't enforce that it doesn't happen, so let's document it.)
from zips.
We want everything to stay confidential even if the SNARK (and therefore the enforcement of linking between aoldsk,i and the signature) were completely broken.
Ah, that's a very good reason!
from zips.
Related Issues (20)
- Protocol spec version 2024.5.1
- ZIP ?: Deployment of the NU7 Network Upgrade
- [protocol spec] Section 5.4.1.9 (Sinsemilla Hash Function) declares use of LEOS2IP when it should declare use of LEBS2IP HOT 1
- Index is not updated by CI HOT 1
- [ZSA] Describe state that full nodes must store for each asset, and explain the rationale for the 512-bytes asset_id limit
- [ZSA] Ensure that ZIP 209-style issuance tracking is applied to ZSA assets
- [ZSA] Add ZIP for recommended wallet support of ZSAs HOT 1
- [ZSA] Clarify the interaction between enableSpendsOrchard, enableOutputsOrchard, and enableZSAs HOT 1
- Variable block sizes for blocks with large, short-lived memos
- Consider a Zcash-specific namespace for compatibility with CAIP standards HOT 1
- [ZIP idea] Blocks should balance exactly HOT 1
- Update ZIP 32 to document the transparent key hierarchy, including the use of index 2 at the scope/change level
- De-duplicate footnotes in markdown rendering
- [ZIP 0] Document changes in the process for draft ZIPs
- [ZIP 0] Finish re-reviewing ZIP 0
- [ZIPs 315 and 320] Document more about what wallets can assume and must ensure about ZIP 320 tx pairs
- Bring ZIP 307 up-to-date
- [protocol spec] Update consensus rules for NU6
- References are duplicated in the rendering of Markdown ZIPs
- [consensus] Document the block serialization format
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zips.