diff options
-rw-r--r-- | design-documents/024-age-restriction.rst | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst index c156842a..b97d833b 100644 --- a/design-documents/024-age-restriction.rst +++ b/design-documents/024-age-restriction.rst @@ -375,15 +375,15 @@ the following additional computation and checks: Using the κ-1 transfer secrets :math:`\tau_i` from the reveal request, the exchange derives κ-1 age commitments from the ``old_age_commitment`` by calling -``Edx25519_derive_public()`` on each `Edx25519PublicKey` with :math:`\tau_i` as -the seed. It then calculates the corresponding κ-1 age commitment hash values -:math:`h_i` of those commitments. +``Edx25519_derive_public()`` on each `Edx25519PublicKey`, with :math:`\tau_i` +as the seed, and then calculates the corresponding κ-1 hash values :math:`h_i` +of those age commitments. It then calculates the κ-1 blinded hashes -:math:`m_i = r^{e_i}\text{FDH}_N(C_p, h_i)` (using the notation from Florian's +:math:`m_i = r^{e_i}\text{FDH}_N(C^{(i)}_p, h_i)` (using the notation from Florian's thesis) of the disclosed coins and together with the :math:`m_\gamma` of the undisclosed coin, calculates the hash -:math:`h'_m = H(m_i,\cdots,m_\gamma,\cdots,m_\kappa)` which is then used in the +:math:`h'_m = H(m_1,\cdots,m_\gamma,\cdots,m_\kappa)` which is then used in the final verification step of the cut&choose protocol. |