LogoLogo
zkBob AppLinks & Resources
  • 🦹zkBob Overview
    • zkBob
    • Basic Concepts
      • Getting Started
      • Open-Source and Decentralized
      • Multichain Deployment
      • Usage Statistics
      • Use Cases
        • Employee Salary
        • Vendor Purchasing
      • Development Timeline
      • zk Privacy Solution Comparison
    • zkBob Pools
      • USDC Pool on Polygon (sunsets January 31, 2025)
      • USDC Pool on Optimism
      • ETH Pool on Optimism
      • USDT Pool on Tron (sunsets Oct 29, 2024)
    • Fees
      • Unspent note handling
    • Deposit & Withdrawal Limits
    • Compliance & Security
      • TRM Labs Integration
    • Conferences, Workshops, Videos
      • International Videos
    • Governance
    • BOB Stablecoin
    • zkBob FAQ
  • πŸ¦Έβ€β™‚οΈzkBob Application
    • UI Overview
    • Account Creation
      • Login to an existing account
      • Lost Password
      • Metamask / Web3 Wallet Warning
    • Deposits
    • Transfers
      • Multitransfers
    • Withdrawals
      • Native Token Conversion
    • Generate a Receiving Address
    • Optional KYC
    • zkBob Direct Deposits
    • Support ID
    • Payment Links
    • Integrated Services
    • Multilingual support
      • PortuguΓͺs
      • Русский
      • δΈ­ζ–‡
  • πŸ‘©β€βš•οΈTechnical Implementation
    • zkBob Application Overview
    • Deployed Contracts
    • Smart Contracts
      • zkBob Pool Contract
        • Transaction Calldata
      • Bob Token Contract
      • Verifier contracts
      • Operator Manager Contract
        • Mutable Operator Manager
      • Voucher (XP) Token Contract
    • Accounts and Notes
      • Accounts
      • Notes
    • Relayer Node
      • Relayer Operations
      • Optimistic State
      • REST API
    • zkBob Keys
      • Address derivation
      • Ephemeral keys
    • zkSNARKs & Circuits
      • Transfer verifier circuit overview
    • zkBob Merkle Tree
      • The Poseidon Hash
    • Elliptic Curve Cryptography
    • Transaction Overview
      • Common Structure
      • Memo Block
        • Memo Block Encryption
      • Transaction Types
      • Nullifiers
      • Signing a Transaction
      • The Transaction Lifecycle
    • Client Library SDK
      • Configuration
        • Initializing the client
          • Client Configuration
        • Attaching a User Account
          • Account Configuration
        • Switching Between Pools
      • Account-less Mode Operations
        • Converting Token Amounts
        • Transaction Fees
        • Transaction Constraints
        • Using the Delegated Prover
        • Getting the State
        • Gift Cards
        • Client Library Status
        • Helpers
        • Versioning
      • Full Mode Operations
        • Balances and History
        • Shielded Addresses
        • Account State
        • Fee Estimations
        • Transaction Configuration
        • Sending Transactions
        • Transaction Maintenance
        • Direct Deposits
        • Gift Cards Maintenance
        • Ephemeral Deposits
        • Forced Exit
        • Other Routines
      • Common Types
      • Full Functions List
      • Utilities
  • πŸ‘©β€πŸ«Deployment
    • Trusted Setup Ceremony
    • Contract Deployment
    • Relayer Subsystem
  • πŸ‘·β€β™‚οΈRoadmap
    • On the Roadmap
    • Exploratory Features
      • XP (Experience Points)
        • XP-based Auctions
      • Multi-chain Custom Rollup Deployment
      • Round-robin Operator Manager
      • Compounding
  • πŸ§‘β€πŸ’»Jobs
    • Zero-Knowledge Researcher & Protocol Developer
  • 🧩Resources
    • Visual Assets
    • Hackathons
      • zkBob Cloud
    • Release Notes
      • October 11, 2023
      • July 13, 2023
      • June 13, 2023
      • March 28, 2023
      • January 30, 2023
      • January 16, 2023
      • January 2, 2023
      • Releases 2022
    • Security Audit
    • Github
    • Link tree
Powered by GitBook
On this page
  • Transaction hashing
  • Signing
  • Verifying

Was this helpful?

  1. Technical Implementation
  2. Transaction Overview

Signing a Transaction

To prove an input account ownership

PreviousNullifiersNextThe Transaction Lifecycle

Last updated 3 years ago

Was this helpful?

Transactions in zkBob are signed by the spending key σ\sigmaσ. To verify a transaction signature the prover should use an intermediate key A.

Transaction hashing

A client application should sign a 'composite' transaction hash instead of full transaction data. The transaction hash is calculated from the input and output hashes:

H=Hashsponge(Hashaccount(Accin),Hashnote(Note0in),Hashnote(Note1in),Hashnote(Note2in),TxCommit)H = Hash_{sponge}(Hash_{account}(Acc^\text{in}), Hash_{note}(Note_0^\text{in}), Hash_{note}(Note_1^\text{in}), Hash_{note}(Note_2^\text{in}), TxCommit)H=Hashsponge​(Hashaccount​(Accin),Hashnote​(Note0in​),Hashnote​(Note1in​),Hashnote​(Note2in​),TxCommit)

where

  • HashHashHash is a in the different modes

  • AccinAcc^\text{in}Accinis an input account

  • NoteiinNote_i^\text{in}Noteiin​is an input notes,

  • TxCommitTxCommitTxCommit - is a transaction commitment hash (Merkle subtree root). It depends on transaction output account and notes.

Signing

Next, a client uses the account spending key to sign a transaction hash HHH:

r=Blake2s(Οƒ,H)r = Blake2s(\sigma, H)r=Blake2s(Οƒ,H), where

R=rGR = rGR=rG, A=σGA=\sigma GA=σG (moving rrr and σ\sigmaσ to the JubJub Elliptic curve field)

S=r+Hasheddsa(R.x,A.x,H)ΟƒS = r + Hash_{eddsa}(R.x, A.x, H)\sigmaS=r+Hasheddsa​(R.x,A.x,H)Οƒ

The output signature (S,R)(S, R)(S,R) will be sent with a intermediate key A=ΟƒGA = \sigma GA=ΟƒG

Verifying

To verify a transaction signature a validator should perform the following computations:

SG==R+Hasheddsa(R.x,A.x,H)ASG == R + Hash_{eddsa}(R.x, A.x, H)ASG==R+Hasheddsa​(R.x,A.x,H)A

πŸ‘©β€βš•οΈ
Poseidon multi-hash (sponged) routine
Blake2sBlake2sBlake2s is the 256-bit hash function