From c70e0fd92bb347c8c0306d781ead724d948d789b Mon Sep 17 00:00:00 2001 From: Vivek Arte Date: Wed, 7 Feb 2024 14:56:12 +0000 Subject: [PATCH] Adding explicit assumption for canonical encodings for the Asset Base. (#33) This addresses [this comment](https://github.com/zcash/zips/pull/680#discussion_r1268669667). --- zip-0226.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/zip-0226.rst b/zip-0226.rst index 9f115256b..14cd653d5 100644 --- a/zip-0226.rst +++ b/zip-0226.rst @@ -90,7 +90,9 @@ where - :math:`\mathsf{AssetBase}^{\mathsf{Orchard}} : \mathbb{P}*` is the unique element of the Pallas group [#protocol-pallasandvesta]_ that identifies each Asset in the Orchard protocol, defined as the Asset Base in ZIP 227 [#zip-0227]_, a valid non-bottom group element that is not the identity. The byte representation of the Asset Base is defined as :math:`\mathsf{asset\_base} : \mathbb{B}^{[\ell_{\mathbb{P}}]} := \mathsf{repr}_{\mathbb{P}}(\mathsf{AssetBase}^{\mathsf{Orchard}})`. -Specifically, we define the note commitment scheme :math:`\mathsf{NoteCommit^{OrchardZSA}_{rcm}}` as follows: +Note that the above assumes a canonical encoding, which is true for the Pallas group, but may not hold for future shielded protocols. + +We define the note commitment scheme :math:`\mathsf{NoteCommit^{OrchardZSA}_{rcm}}` as follows: .. math:: \mathsf{NoteCommit}^{\mathsf{OrchardZSA}} : \mathsf{NoteCommit}^{\mathsf{Orchard}}.\mathsf{Trapdoor} \times \mathbb{B}^{[\ell_{\mathbb{P}}]} \times \mathbb{B}^{[\ell_{\mathbb{P}}]} \times \{0 .. 2^{\ell_{\mathsf{value}}} - 1\} \times \mathbb{F}_{q_{\mathbb{P}}} \times \mathbb{F}_{q_{\mathbb{P}}} \times \mathbb{P}* \to \mathsf{NoteCommit}^{\mathsf{Orchard}}.\mathsf{Output}