9a87098

ZIP 32: Shielded Hierarchical Deterministic Wallets

str4d May 30, 2018

a5309ed

Address Daira's comments

str4d Jun 7, 2018

4ed0316

Use byte sequences for constant single-byte inputs to PRF_expand

str4d Jun 7, 2018

c73733a

Define a diversifier key dk

str4d Jun 7, 2018

aa36706

Fix usage of LEOS2IP in definition of ToScalar

str4d Jun 8, 2018

efd68a4

Define I2LEOSP_l(k) and use it to encode the child key indices

str4d Jun 8, 2018

f07b6d2

Define how to derive diversifiers from Sapling extended keys

str4d Jun 8, 2018

a01dbbb

Note that ZIP 32 is consistently little-endian

str4d Jun 8, 2018

9596aed

ZIP 32: use FF1-AES256 as the PRP.

daira Jul 3, 2018

da683d3

Remove hardening from example public-key HD path

str4d Jul 3, 2018

3f28158

Cosmetic improvements.

daira Jul 4, 2018

1b3ea42

Reference version 2018.0-beta-21 or later of the Sapling protocol spec.

daira Jul 4, 2018

f94b9a4

Define r_J.

daira Jul 4, 2018

ff5affb

Cosmetics.

daira Jul 4, 2018

de065cf

Update another reference to the Sapling spec version.

daira Jul 4, 2018

8a49de8

Cosmetics.

daira Jul 5, 2018

b3c051e

Say that ZIP 32 does not supplant the use of BIPs 32 & 44 for transpa…

daira Jul 5, 2018

6f85acb

Specify the range of j when generating diversifiers.

daira Jul 5, 2018

0fc7c70

Add specifications of key fingerprints, tags, and encodings.

daira Jul 5, 2018

52eac8c

Put human-readable parts in monospace.

daira Jul 5, 2018

3e884f9

Fix formatting.

daira Jul 5, 2018

b9e6ed7

Another formatting improvement.

daira Jul 5, 2018

918ea38

Fix a cut-and-paste error.

daira Jul 5, 2018

0034331

Add MUST NOT to Terminology.

daira Jul 6, 2018

d65629f

Clarify the relation to existing use of BIPs 32 & 44.

daira Jul 6, 2018

633436c

Specify that the seed MUST be at least 32 bytes.

daira Jul 6, 2018

5788c12

Rename s_m to sk_m.

daira Jul 6, 2018

ba56f26

Explain that some diversifiers are invalid, and correct the definitio…

daira Jul 6, 2018

7002be5

Clarify the interpretation of I_L in Sprout key derivation.

daira Jul 6, 2018

5881d3c

Define depth, parent tag, and i for master keys.

daira Jul 6, 2018

ebecd8c

Clarify the encoding of a_sk in a Sprout extended spending key. Also …

daira Jul 6, 2018

42506f0

Define DiversifyHash.

daira Jul 6, 2018

6e9a796

Cosmetics.

daira Jul 6, 2018

1b04d74

Remove unintended addition of a reference to the non-existant (yet) Z…

daira Jul 6, 2018

6f96648

Correct the derivation of a Sapling child full viewing key's nk, and …

daira Jul 6, 2018

777d82a

Factor out the encoding of extended {spending key, full viewing key} …

daira Jul 13, 2018

3018efc

Correct the encoding of a_sk,par for Sprout child derivation.

daira Jul 13, 2018

5cdc691

Factor out Sprout a_sk encoding/decoding into helper functions.

daira Jul 13, 2018

eb60b41

Seeds for Sprout master keys must also be at least 32 bytes.

daira Jul 13, 2018

511c2eb

Fix a link.

daira Jul 19, 2018

813a889

Rename EncodeFVKParts to EncodeXFVKParts, since its input includes dk…

daira Jul 25, 2018

2aee30c

Use the same notation for r_J as the spec.

daira Sep 1, 2018

08b8427

Don't use 'X' to abbreviate 'extended', since it is ambiguous with 'e…

daira Sep 1, 2018

2eec56d

Add specification for seed fingerprints.

daira Sep 1, 2018

55e3cd1

Clarify wording about default payment addresses

str4d Sep 18, 2018

a414e4e

Pull in definition of hardened notation

str4d Sep 18, 2018

1f7b512

Clarify that dk is not part of the standard Sapling derivation

str4d Sep 18, 2018

44e9c03

dk_i -> dk in "Diversifier derivation" section

str4d Sep 18, 2018

606abd1

Be explicit about supported range for the Sapling key path

str4d Sep 18, 2018

888681c

Update references to Sapling protocol spec

str4d Sep 18, 2018

cb1e663

Improve explanation of diversifier sequence choice

arielgabizon Sep 20, 2018

975a2aa

Formatting

str4d Sep 20, 2018