|
359 | 359 | MUST be sampled uniformly at random by the issuer.</li> |
360 | 360 | </ul> |
361 | 361 | <p>The complete encoding of these fields into an <code>IssueNote</code> is defined in ZIP 230 <a id="footnote-reference-24" class="footnote_reference" href="#zip-0230-issue-note">16</a>.</p> |
362 | | - <section id="computation-of"><h4><span class="section-heading">Computation of ρ</span><span class="section-anchor"> <a rel="bookmark" href="#computation-of"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h4> |
363 | | - <p>TO BE FILLED</p> |
364 | | - </section> |
365 | 362 | </section> |
366 | 363 | <section id="issuance-action"><h3><span class="section-heading">Issuance Action</span><span class="section-anchor"> <a rel="bookmark" href="#issuance-action"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h3> |
367 | 364 | <p>An issuance action, <code>IssueAction</code>, is the instance of issuing a specific Custom Asset, and contains the following fields:</p> |
|
372 | 369 | <span class="math">\(512\!\)</span> |
373 | 370 | .</li> |
374 | 371 | <li><code>asset_desc</code>: the Asset description, a byte string of up to 512 bytes as defined in the <a href="#specification-asset-identifier">Specification: Asset Identifier</a> section.</li> |
375 | | - <li><code>vNotes</code>: an array of <code>Note</code> containing the unencrypted output notes of the recipients of the Asset.</li> |
| 372 | + <li><code>vNotes</code>: an array of Issue Notes containing the unencrypted output notes to the recipients of the Asset.</li> |
376 | 373 | <li><code>flagsIssuance</code>: a byte that stores the |
377 | 374 | <span class="math">\(\mathsf{finalize}\)</span> |
378 | 375 | boolean that defines whether the issuance of that specific Custom Asset is finalized or not.</li> |
|
381 | 378 | <span class="math">\(\mathsf{finalize}\)</span> |
382 | 379 | boolean is set by the Issuer to signal that there will be no further issuance of the specific Custom Asset. As we will see in <a href="#specification-consensus-rule-changes">Specification: Consensus Rule Changes</a>, transactions that attempt to issue further amounts of a Custom Asset that has previously been finalized will be rejected.</p> |
383 | 380 | <p>The complete encoding of these fields into an <code>IssueAction</code> is defined in ZIP 230 <a id="footnote-reference-25" class="footnote_reference" href="#zip-0230-issuance-action-description">15</a>.</p> |
384 | | - <p>We note that the output note commitment of the recipient's notes are not included in the actual transaction, but when added to the global state of the chain, they will be added to the note commitment tree as a shielded note. This prevents future usage of the note from being linked to the issuance transaction, as the nullifier key is not known to the validators and chain observers.</p> |
| 381 | + <p>We note that when the issued note commitments are added to the global state of the chain, they will be added to the note commitment tree as any other shielded note. This prevents future usage of the note from being linked to the issuance transaction, as the nullifier key is not known to the validators and chain observers.</p> |
385 | 382 | </section> |
386 | 383 | <section id="issuance-bundle"><h3><span class="section-heading">Issuance Bundle</span><span class="section-anchor"> <a rel="bookmark" href="#issuance-bundle"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h3> |
387 | 384 | <p>An issuance bundle is the aggregate of all the issuance-related information. Specifically, contains all the issuance actions and the issuer signature on the transaction SIGHASH that validates the issuance itself. It contains the following fields:</p> |
|
400 | 397 | </ul> |
401 | 398 | <p>The issuance bundle is added within the transaction format as a new bundle. The detailed encoding of the issuance bundle as a part of the V6 transaction format is defined in ZIP 230 <a id="footnote-reference-26" class="footnote_reference" href="#zip-0230-transaction-format">17</a>.</p> |
402 | 399 | </section> |
| 400 | + <section id="computation-of"><h3><span class="section-heading">Computation of ρ</span><span class="section-anchor"> <a rel="bookmark" href="#computation-of"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h3> |
| 401 | + <p>We define a function |
| 402 | + <span class="math">\(\mathsf{DeriveIssuedRho} : \mathbb{F}_{q_{\mathbb{P}}} \times \{0 .. 2^{32} - 1\} \times \{0 .. 2^{32} - 1\} \to \mathbb{F}_{q_{\mathbb{P}}}\)</span> |
| 403 | + as follows:</p> |
| 404 | + <div class="math">\(\mathsf{DeriveIssuedRho}(\mathsf{nf}, \mathsf{i_{A}}, \mathsf{i_{N}}) := \mathsf{ToBase}^{\mathsf{Rho}}(\mathsf{PRF}^{\mathsf{Rho}}(\mathsf{I2LEOSP}_{256}(\mathsf{nf}), [\mathtt{0x84}] \| \mathsf{I2LEOSP}_{32}(\mathsf{i_{A}}) \| \mathsf{I2LEOSP}_{32}(\mathsf{i_{N}}))),\)</div> |
| 405 | + <p>where</p> |
| 406 | + <ul> |
| 407 | + <li> |
| 408 | + <span class="math">\(\mathsf{ToBase}^{\mathsf{Rho}} : \mathbb{B}^{512} \to \mathbb{F}_{q_{\mathbb{P}}}\)</span> |
| 409 | + is defined as |
| 410 | + <span class="math">\(\mathsf{ToBase}^{\mathsf{Rho}}(x) := \mathsf{LEOS2IP}_{512}(x) \mod q_{\mathbb{P}}\)</span> |
| 411 | + </li> |
| 412 | + <li> |
| 413 | + <span class="math">\(\mathsf{PRF}^{\mathsf{Rho}} : \mathbb{B}^{256} \times \mathbb{B}^{\mathbb{Y}^{[\mathbb{N}]}} \to \mathbb{B}^{512}\)</span> |
| 414 | + is defined as |
| 415 | + <span class="math">\(\mathsf{PRF}^{\mathsf{Rho}}(\mathsf{k},t) := \textsf{BLAKE2b-512}(\mathtt{"ZSA\_IssueNoteRho"}, \mathsf{LEBS2OSP}_{256}(\mathsf{k}) \| t)\)</span> |
| 416 | + </li> |
| 417 | + </ul> |
| 418 | + <p>The |
| 419 | + <span class="math">\(\text{ρ}\)</span> |
| 420 | + field of an Issue Note is computed as</p> |
| 421 | + <div class="math">\(\text{ρ} := \mathsf{DeriveIssuedRho}(\mathsf{nf}_{1,1}, \mathsf{index_{Action}}, \mathsf{index_{Note}}),\)</div> |
| 422 | + <p>where |
| 423 | + <span class="math">\(\mathsf{nf}_{1,1}\)</span> |
| 424 | + is the nullifier of the first Note in the first Action of the OrchardZSA Bundle of the transaction, |
| 425 | + <span class="math">\(\mathsf{index_{Action}}\)</span> |
| 426 | + is the index of the Issuance Action in the Issuance Bundle, and |
| 427 | + <span class="math">\(\mathsf{index_{Note}}\)</span> |
| 428 | + is the index of the Issue Note in the Issuance Action.</p> |
| 429 | + </section> |
403 | 430 | <section id="issuance-protocol"><h3><span class="section-heading">Issuance Protocol</span><span class="section-anchor"> <a rel="bookmark" href="#issuance-protocol"><img width="24" height="24" class="section-anchor" src="assets/images/section-anchor.png" alt=""></a></span></h3> |
404 | 431 | <p>The issuer program performs the following operations:</p> |
405 | 432 | <p>For all actions <code>IssueAction</code>:</p> |
|
432 | 459 | <span class="math">\(i\!\)</span> |
433 | 460 | : |
434 | 461 | <ul> |
435 | | - <li>generate a ZSA output note that includes the Asset Base. For an OrchardZSA note this is |
436 | | - <span class="math">\(\mathsf{note}_i = (\mathsf{d}_i, \mathsf{pk}_{\mathsf{d}_i}, \mathsf{v}_i, \text{ρ}_i, \mathsf{rseed}_i, \mathsf{AssetBase}, \mathsf{rcm}_i)\!\)</span> |
| 462 | + <li>generate an Issue Note, |
| 463 | + <span class="math">\(\mathsf{note}_i = (\mathsf{d}_i, \mathsf{pk}_{\mathsf{d}_i}, \mathsf{v}_i, \mathsf{AssetBase}, \text{ρ}_i, \mathsf{rseed}_i)\!\)</span> |
437 | 464 | .</li> |
| 465 | + <li>encode the |
| 466 | + <span class="math">\(\mathsf{note}_i\)</span> |
| 467 | + into the vector <code>vNotes</code> of the <code>IssueAction</code>.</li> |
438 | 468 | </ul> |
439 | 469 | </li> |
440 | 470 | <li>encode the <code>IssueAction</code> into the vector <code>vIssueActions</code> of the bundle.</li> |
|
463 | 493 | , to a tuple |
464 | 494 | <span class="math">\((\mathsf{balance}, \mathsf{final})\!\)</span> |
465 | 495 | , for every Asset that has been issued. We use the notation |
466 | | - <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\!\mathsf{balance}\)</span> |
| 496 | + <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\mathsf{balance}\)</span> |
467 | 497 | and |
468 | | - <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\!\mathsf{final}\)</span> |
| 498 | + <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\mathsf{final}\)</span> |
469 | 499 | to access, respectively, the elements of the tuple stored in the global state for a given |
470 | 500 | <span class="math">\(\mathsf{AssetBase}\!\)</span> |
471 | 501 | . If |
472 | 502 | <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}) = \bot\!\)</span> |
473 | 503 | , it is assumed that |
474 | | - <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\!\mathsf{balance} = 0\)</span> |
| 504 | + <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\mathsf{balance} = 0\)</span> |
475 | 505 | and |
476 | | - <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\!\mathsf{final} = 0\!\)</span> |
| 506 | + <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\mathsf{final} = 0\!\)</span> |
477 | 507 | .</p> |
478 | 508 | <p>For any Asset represented by |
479 | 509 | <span class="math">\(\mathsf{AssetBase}\!\)</span> |
480 | 510 | :</p> |
481 | 511 | <ul> |
482 | 512 | <li> |
483 | | - <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\!\mathsf{balance} \in \{0 .. \mathsf{MAX\_ISSUE}\}\)</span> |
| 513 | + <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\mathsf{balance} \in \{0 .. \mathsf{MAX\_ISSUE}\}\)</span> |
484 | 514 | stores the amount of the Asset in circulation, computed as the amount of the Asset that has been issued less the amount of the Asset that has been burnt.</li> |
485 | 515 | <li> |
486 | | - <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\!\mathsf{final} : \mathbb{B}\)</span> |
| 516 | + <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\mathsf{final} : \mathbb{B}\)</span> |
487 | 517 | is a Boolean that stores the finalization status of the Asset (i.e.: whether the |
488 | 518 | <span class="math">\(\mathsf{finalize}\)</span> |
489 | 519 | flag has been set to |
490 | 520 | <span class="math">\(1\)</span> |
491 | 521 | in any preceding issuance transaction for the Asset). The value of |
492 | | - <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\!\mathsf{final}\)</span> |
| 522 | + <span class="math">\(\mathsf{issued\_assets}(\mathsf{AssetBase}).\mathsf{final}\)</span> |
493 | 523 | for any |
494 | 524 | <span class="math">\(\mathsf{AssetBase}\)</span> |
495 | 525 | cannot be changed from |
|
530 | 560 | <li>It MUST be the case that for all |
531 | 561 | <span class="math">\((\mathsf{AssetBase}, \mathsf{v}) \in \mathsf{assetBurn}\!\)</span> |
532 | 562 | , |
533 | | - <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase}).\!\mathsf{balance} \geq \mathsf{v}\!\)</span> |
| 563 | + <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase}).\mathsf{balance} \geq \mathsf{v}\!\)</span> |
534 | 564 | . The node then MUST update |
535 | 565 | <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase})\)</span> |
536 | 566 | prior to processing the issuance bundle in the following manner. For every |
537 | 567 | <span class="math">\((\mathsf{AssetBase}, \mathsf{v}) \in \mathsf{AssetBurn}\!\)</span> |
538 | 568 | , |
539 | | - <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase}).\!\mathsf{balance} = \mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase}).\!\mathsf{balance} - \mathsf{v}\!\)</span> |
| 569 | + <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase}).\mathsf{balance} = \mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase}).\mathsf{balance} - \mathsf{v}\!\)</span> |
540 | 570 | .</li> |
541 | 571 | <li>Let |
542 | 572 | <span class="math">\(\mathsf{SigHash}\)</span> |
543 | 573 | be the SIGHASH transaction hash of this transaction, as defined in §4.10 of the protocol specification <a id="footnote-reference-28" class="footnote_reference" href="#protocol-sighash">28</a> with the modifications described in ZIP 226 <a id="footnote-reference-29" class="footnote_reference" href="#zip-0226-txiddigest">13</a>, using |
544 | 574 | <span class="math">\(\mathsf{SIGHASH\_ALL}\!\)</span> |
545 | 575 | .</li> |
| 576 | + <li>If the transaction contains an Issuance Bundle, it MUST also contain at least one OrchardZSA Action.</li> |
546 | 577 | <li>The issuance authorization signature, |
547 | 578 | <span class="math">\(\mathsf{issueAuthSig}\!\)</span> |
548 | 579 | , MUST be a valid |
|
564 | 595 | is a string of length |
565 | 596 | <span class="math">\(\mathtt{assetDescSize}\)</span> |
566 | 597 | bytes.</li> |
567 | | - <li>Elements of every issue note description in <code>IssueAction</code> MUST be valid encodings of the types given in <a href="#issue-note">Issue Note</a>, and MUST encode the same |
| 598 | + <li>Elements of every Issue Note in <code>IssueAction</code> MUST be valid encodings of the types given in the <a href="#issue-note">Issue Note</a> section, and MUST encode the same |
568 | 599 | <span class="math">\(\mathsf{AssetBase}\!\)</span> |
569 | 600 | .</li> |
570 | 601 | <li>This |
571 | 602 | <span class="math">\(\mathsf{AssetBase}\)</span> |
572 | 603 | MUST satisfy the derivation from the issuance validating key and asset description described in the <a href="#specification-asset-identifier">Specification: Asset Identifier</a> section.</li> |
573 | 604 | <li>It MUST be the case that |
574 | | - <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase}).\!\mathsf{final} \neq 1\!\)</span> |
| 605 | + <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase}).\mathsf{final} \neq 1\!\)</span> |
575 | 606 | .</li> |
576 | 607 | <li>For every issue note description ( |
577 | 608 | <span class="math">\(\mathsf{note}_{\mathsf{j}},\ 1 \leq j \leq \mathtt{nNotes}\!\)</span> |
578 | 609 | ) in <code>IssueAction</code>: |
579 | 610 | <ul> |
| 611 | + <li>The |
| 612 | + <span class="math">\(\text{ρ}\)</span> |
| 613 | + field of the issue note MUST have been computed as described in the <a href="#computation-of">Computation of ρ</a> section.</li> |
580 | 614 | <li>It MUST be the case that |
581 | | - <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}.\!\mathsf{balance} + \mathsf{v} \leq \mathsf{MAX\_ISSUE}\!\)</span> |
| 615 | + <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}.\mathsf{balance} + \mathsf{v} \leq \mathsf{MAX\_ISSUE}\!\)</span> |
582 | 616 | , where |
583 | 617 | <span class="math">\(\mathsf{v}\)</span> |
584 | 618 | is the value of |
585 | 619 | <span class="math">\(\mathsf{note}_{\mathsf{j}}\!\)</span> |
586 | 620 | . The node then MUST update |
587 | | - <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}.\!\mathsf{balance} = \mathsf{issued\_assets}_{\mathsf{OUT}}.\!\mathsf{balance} + \mathsf{v}\!\)</span> |
| 621 | + <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}.\mathsf{balance} = \mathsf{issued\_assets}_{\mathsf{OUT}}.\mathsf{balance} + \mathsf{v}\!\)</span> |
588 | 622 | .</li> |
589 | 623 | <li>The node MUST compute the note commitment, |
590 | 624 | <span class="math">\(\mathsf{cm}_{\mathsf{i,j}}\!\)</span> |
|
594 | 628 | <li>If |
595 | 629 | <span class="math">\(\mathsf{finalize} = 1\)</span> |
596 | 630 | within the <code>flagsIssuance</code> field of <code>IssueAction</code>, the node MUST set |
597 | | - <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase}).\!\mathsf{final} = 1\!\)</span> |
| 631 | + <span class="math">\(\mathsf{issued\_assets}_{\mathsf{OUT}}(\mathsf{AssetBase}).\mathsf{final} = 1\!\)</span> |
598 | 632 | .</li> |
599 | 633 | </ul> |
600 | 634 | </li> |
|
0 commit comments