Daira-Emma Hopwood
Daira-Emma Hopwood
**Comment by [daira](https://github.com/daira)** _Sunday Feb 12, 2017 at 06:03 UTC_ ---- Deferred to a ZIP (since the protocol spec describes the consensus protocol, not the P2P network protocol).
@nighthawk24 this is likely to be discussed in the [upcoming Arborist call tomorrow](https://forum.zcashcommunity.com/t/zcash-arborist-call-march-11th/38845) (March 11 22:30 UTC). But yes you can also discuss it here.
@leto wrote: > You say `It is possible to send multiple outputs to the same recipient address within a single transaction` but that is a contentious feature that has been...
Note that due to the BCTV14 flaw, there's little value in estimating the discrete-log security of BN-254 [for Zcash, although there are still other projects using it]. Zero knowledge of...
https://eprint.iacr.org/2019/885.pdf gives an estimated cost of 2126 for BLS12-381 (Table 10). This matches the Sapling design security level of 2125. (Although the cost for a Cheon attack is slightly less...
Hmm, this proposal would be putting a lot of power in the hands of the ZIP Editors. (Disclosure of interest: @dconnolly and I are the current ZIP Editors.)
There's a similar but subtly different problem with JoinSplit descriptions. The corresponding consensus rule in section 4.3 is: > Elements of a JoinSplit description MUST have the types given above...
This is not proposed for NU5.
See the end of section 4.3: "Consensus rules: [...] * The proof πJoinSplit MUST be valid given a primary input formed from the other fields and hSig. I.e. it must...
But hSig isn't provided anywhere as protocol input. The only way to compute it is from the other fields as described in 4.3. (I agree that *if* it were provided...