You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the whitepaper https://tornado.cash/audits/TornadoCash_whitepaper_v1.4.pdf at definition (1) the very bottom of page 1, "...And O is the opening of H2(r||k)" should read "...And O is the opening of H1(r||k)", changing the MiMC hash H2 to the Pederson hash H1.
In addition the definition (1) of the statement of knowledge S[R, h, A, f, t] does not bind the symbols A, f, and t -- leaving them undefined. Later in the whitepaper, they can be inferred to mean address, fee, and relayer, but I don't think the actual proof circuits need these values. S[R, h] would be more succinct.
The text was updated successfully, but these errors were encountered:
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In the whitepaper https://tornado.cash/audits/TornadoCash_whitepaper_v1.4.pdf at definition (1) the very bottom of page 1, "...And O is the opening of H2(r||k)" should read "...And O is the opening of H1(r||k)", changing the MiMC hash H2 to the Pederson hash H1.
In addition the definition (1) of the statement of knowledge S[R, h, A, f, t] does not bind the symbols A, f, and t -- leaving them undefined. Later in the whitepaper, they can be inferred to mean address, fee, and relayer, but I don't think the actual proof circuits need these values. S[R, h] would be more succinct.
The text was updated successfully, but these errors were encountered: