Co-authored-by: daniben31 <danielbenarroch92@gmail.com>
Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Jonathan S. Rouach <jon@rouach.net>
Co-authored-by: str4d <thestr4d@gmail.com>
Co-authored-by: Paul <lauxpaul@protonmail.com>

Co-authored-by: Daira Hopwood <daira@jacaranda.org>

Includes improvements to mathematical notation, and typographical edits.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com>

This covers the changes made to derive the issuance key independently of the Orchard key structure, using the techniques from [ZIP 32](https://zips.z.cash/zip-0032).

…ations (#13)

Minor changes to the Security and Privacy Considerations
to make it more in line with the format specified in ZIP 0.

This rearranges and rewrites various sections of the ZIP to make it more in line with the suggestions in ZIP 0.
It also updates the Split Notes, Circuit Statement and Burn Mechanism sections with more information.

This adds in the reference links to the test vectors and reference implementations corresponding to the ZSA Protocol. Some corrections to the notation for better consistency and some updates to the formulae for syncing with the implementation are also included here.

Co-authored-by: Daira Hopwood <daira@jacaranda.org>

Link to the nested README in `protocol/README` to install all the dependencies needed to build ZIPs and the specs.

Making updates based on pending reviews from
[PR#649](zcash#649) and
[PR#628](zcash#628).

This details the changes to the transaction digest algorithm for the
ZSA protocol.
- A new branch is added for hashing the information in a transaction
related to issuance.
- Some branches are added and modified in the orchard_digest subtree to
account for the additional Asset Base value that needs to be hashed.

Improved style and content of ZIP 227.

---------

Co-authored-by: Vivek Arte <vivek@qed-it.com>

This adds details of the changes to the Orchard Action encodings and
the changes to the transaction format that occur due to the ZSA
Protocol. It also improves the formatting of existing tables for Asset
Burn.

A few of the issue bundle hash personalizations were 15 characters long
instead of the required 16. This is being fixed here.

As per the title, this is a tiny fix to adjust the boundary of the
math environment which wasn't properly closed and thus rendered poorly
on the html.

This makes the naming conventions for variables more consistent, largely with a view to using double backticks for terms that appear in the transaction format and datatype description tables.

These tables have also been reformatted to be consistent with other ZIPs in their rst form.

The `previously_finalized` set is renamed to `finalized_assets`, and this set now stores `AssetDigest` values rather than `AssetId` values for more compactness in the global state.

Removed redundant terminology in ZIP226, building on ZIP227, fixed abstract and used consistent terminology to stick to issuance instead of creation of assets.

---------

Co-authored-by: Vivek Arte <46618816+vivek-arte@users.noreply.github.com>

…mentation (#29)

This makes the changes in ZIP 227 based on [this
comment](QED-it/orchard#66 (comment)).

This PR adds missing indices over sums. It also fixes and makes improvements to the burn mechanism description.

---------

Co-authored-by: Vivek Arte <46618816+vivek-arte@users.noreply.github.com>

…on (#30)

This PR improves the naming of variables to make them consistent with
the broader ZIPs conventions.

It also makes changes to the issuance key derivation and the terms used
for the various keys.

- Add the new nullifier equation for split notes
- Add a link to Orchard circuit document
- Add is_native_asset auxiliary witness
- Remove constraint (split_flag=1) => (v_old != 0)
- Add constraint (split_flag=1) => (is_native_asset=0)

These are the changes to the rst files based on ZIP editors typographical changes.

Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com>

…les to match

This adds to the specification to provide wallets instructions on displaying Asset information to users in an unambiguous way.

This addresses [this comment](zcash#680 (comment)).

#33)

This addresses [this comment](zcash#680 (comment)).

This rearranges the positioning of the burn mechanism in order to remove duplication of material between the burn mechanism section and the value balance verification section.
There is also some simplification of the naming convention for the Asset Base variable.

This PR adds enable_zsa flag into ZIP 226.

This is a consistent renaming of the issuance derivation key to call it the issuance master key.

This removes the transaction structure fields from ZIP 226 in favour
of adding them to ZIP 230, for the v6 Transaction Format.

---------

Co-authored-by: Deirdre Connolly <durumcrustulum@gmail.com>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
Co-authored-by: str4d <thestr4d@gmail.com>
Co-authored-by: Paul <lauxpaul@protonmail.com>
Co-authored-by: Antoine Rondelet <rondelet.antoine@gmail.com>
Co-authored-by: Constance Beguier <constance@qed-it.com>

…over `secp256k1`, as in BIP 340. (#40)

We switch the `issueAuthSig` scheme from RedPallas without
key re-randomization to the Bitcoin Schnorr signature (as described in
bip340).
We also perform notation changes of `idk` to `imk`, and adjust the
derivation of the issuance keys to fit with the updated Issuance
Authorization Signature scheme.

Minor addition to burn mechanism description

Co-authored-by: Daira Emma Hopwood <daira@jacaranda.org>

Co-authored-by: Daira Emma Hopwood <daira@jacaranda.org>

This performs a rename of the Issuance keys as follows:

- `imk : Issuance master key` is renamed to `isk: Issuance authorizing
key`

This adds some details to the ZIP 226 Security and Privacy
Considerations section to address this
[comment](zcash#680 (comment))

This makes it clear that the encoding of `ik` used in the Asset Base
derivation is big-endian, as in the case of the underlying BIP 340
Schnorr signature scheme.

It also adds a clarification about the version byte used in the Asset
Base derivation.

Signed-off-by: Daira Emma Hopwood <daira@jacaranda.org>

This fixes a typo in the ZSA-Orchard Action Description table,
wherein one table entry was not updated from 580 to 612 bytes.

This updates the ZSA ZIPs based on the comments made on PR#680.