Add change history and reference to zcash/zcash#836

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
zcash · May 6, 2016 · 365fe6d · 365fe6d
1 parent d6d25de
commit 365fe6d
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 1 deletion.
diff --git a/protocol/protocol.tex b/protocol/protocol.tex
@@ -1138,7 +1138,7 @@ \subsection{\JoinSplitCircuit{} and Proofs}
 
 such that the following conditions hold:
 
-\subparagraph{Merkle path validity}
+\subparagraph{Merkle path validity} \label{merklepathvalidity}
 
 for each $i \in \setofOld$ \changed{$\mid$ $\vOld{i} \neq 0$}:
 $\treepath{i}$ must be a valid \merklePath of depth $\MerkleDepth$, as defined in
@@ -1617,6 +1617,10 @@ \subsection{In-band secret distribution}
 
 \todo{}
 
+\subsection{Omission in \Zerocash security proof}
+
+\todo{see \cite{ticket836}}
+
 \subsection{Miscellaneous}
 
 \begin{itemize}
@@ -1643,6 +1647,39 @@ \section{Acknowledgements}
 
 The Faerie Gold attack was found by Zooko Wilcox.
 The internal hash collision attack was found by Taylor Hornby.
+The omission in the \Zerocash security proof relating to collision-resistance
+of $\PRFaddr{}$ was found by Daira Hopwood.
+
+
+\section{Change history}
+
+\subparagraph{2.0-alpha-3}
+
+\begin{itemize}
+    \item Allow anchoring to any previous output \treestate in the same \transaction,
+          rather than just the immediately preceding output \treestate.
+    \item Add change history.
+\end{itemize}
+
+\subparagraph{2.0-alpha-2}
+
+\begin{itemize}
+    \item Change from truncated \BlakeFullLength to \BlakeHashName.
+    \item Clarify endianness, and that uses of \BlakeHashName are unkeyed.
+    \item Minor correction to what \sighashTypes cover.
+    \item Add ``as intended for the \Zcash release of summer 2016" to title page.
+    \item Require $\PRFaddr{}$ to be collision-resistant. \cite{ticket836}
+    \item Add specification of path computation for the \incrementalMerkleTree.
+    \item Add a note in \crossref{merklepathvalidity} about how this condition
+          corresponds to conditions in the \Zerocash paper.
+    \item Changes to terminology around keys.
+\end{itemize}
+
+\subparagraph{2.0-alpha-1}
+
+\begin{itemize}
+    \item First version intended for public review.
+\end{itemize}
 
 
 \section{References}

diff --git a/protocol/zcash.bib b/protocol/zcash.bib
@@ -133,3 +133,10 @@ @misc{GGM2016
    howpublished={Cryptology ePrint Archive: Report 2016/061.
 \url{https://eprint.iacr.org/2016/061}. Last revised \mbox{24 Jan 2016}.}
 }
+
+@misc{ticket836,
+   key={ZcashGithubticket836},
+   title={Zcash {G}ithub ticket \#836: ({N}ot exploitable) flaw in the proof of {B}alance when {PRF}\textasciicircum{}addr is not collision-resistant},
+   howpublished={\url{https://github.com/zcash/zcash/issues/836}},
+   note={Accessed: \mbox{2016-05-06}}
+}