Comments (3)
The solution described above increases the complexity of the system because the sender also requires the jubjub point of the recipient for the DH key exchange(the shared key is used to encrypt leaf data.) Furthermore, the wallet should manage the nullifier_seed
together which means if a user only has the private key without the nullifier seed, the user loses UTXOs.
Therefore we can only modify the nullifier computation logic using the EdDSA signature just like
nullifier = hash(EdDSA, leaf_index)
This makes sense because
- EdDSA's signature is derived from the private key, therefore the sender cannot know unless the signer reveals it. It means the sender can infer the nullifier.
- EdDSA signature does not allow malleability by the specification. https://tools.ietf.org/html/rfc8032#section-8.4
Therefore, there is no possibility of double-spending caused by the signature malleability that can allow multiple nullifiers for one UTXO.
But currently, this is not sure that the current circom circuit supports the non-malleability of the EdDSA.
This feature will be part of the Burrito version.
from zkopru.
We've decided to change the UTXO & nullifier's detail structure to follow ZCash's viewing key & spending key structure.
p = random() // spending key
n = ff(sha3(p)) // nullifier seed, viewing key
N = n*G // public nullifier seed, public viewing key
s = random() // tx sender's ephemeral key
K = s*N // shared secret key for chacha20 encryption/decryption
P = poseidon(p*G, n) // public spending key
utxo = poseidon(P, data, salt)
nullifier = poseidon(n, index)
Account shares (P, N) and store (p, n)
For the effective account restoration protocol, we can derive nullifier seed n from p for example (n = ff(sha3(p))
from zkopru.
closed by #44
from zkopru.
Related Issues (20)
- Light node research
- `yarn test` fails with compiling Tester contracts HOT 8
- Synchronizer error handling HOT 1
- Coordinator error handling HOT 5
- Support typed transaction on EIP-1559
- Validator error handling HOT 1
- Tx size calculator mismatch for memoV2
- Auction bid amount always same
- A limit of mass deposits in a single Propose transaction HOT 1
- block-processor worker not stop while syncing
- replace hardhat instead of ganache-cli on docker images
- Error handling for missing deposit proposal
- failed to build docker image on M1 chip HOT 2
- Build errors in local environment
- Core - fix deploy script on refactor/hardhat
- [13pt] Zkopru - refine TxBuilder.build() and add more test cases HOT 1
- Core - local dev mode in zkopru client for web wallet
- Account - ZkAccount not keep L1 private key and replaced by ethers.Wallet HOT 1
- [13pt] Cli/Web Wallet - can't sync with other wallet
- [13pt] Core - Merge Pull Requests on `refactor/hardhat` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zkopru.