Signing a Transaction
To prove an input account ownership
Transactions in zkBob are signed by the spending key
. To verify a transaction signature the prover should use an intermediate key A.
A client application should sign a 'composite' transaction hash instead of full transaction data. The transaction hash is calculated from the input and output hashes:
- is an input account
- is an input notes,
- - is a transaction commitment hash (Merkle subtree root). It depends on transaction output account and notes.
Next, a client uses the account spending key to sign a transaction hash
to the JubJub Elliptic curve field)
The output signature
will be sent with a intermediate key
To verify a transaction signature a validator should perform the following computations: