Nullifiers

Double-spending protection
The nullifier is a unique value calculated on the transaction input account. It is included in the public transaction portion. The nullifier depends on the input account, the intermediate key
η\eta
and the account position in the Merke tree (
pathpath
):
Nullifier(Accin)=Hashnullifier(Hashaccount(Accin),I)Nullifier(Acc^\text{in}) = Hash_{nullifier}(Hash_{account}(Acc^\text{in}), I)
where
II
is intermediate nullifier hash calculated as:
I=Hashinh(Hashaccount(Accin),η,path)I = Hash_{inh}(Hash_{account}(Acc^{in}), \eta, path)
HashnullifierHash_{nullifier}
,
HashinhHash_{inh}
and
HashaccountHash_{account}
is a
PoseidonPoseidon
hash functions
There is an archive on the contract side which holds nullifiers. In the case of account double-spending the nullifiers for the same accounts will equal one another. In this case the contract will reject a second transaction with the repeated nullifier value.
A nullifier pre-image could be safely disclosed without opening any sensitive data, like an intermediate key
η\eta
used for encryption and decryption. For example the nullifier disclosure could be useful in compliance reports to prove account-chain linkage.