Nullifiers

Double-spending protection
The nullifier is a unique value calculated on the transaction input account. It is included in the public transaction portion. The nullifier depends on the input account, the intermediate key η\etaη
 and the account position in the Merke tree (pathpathpath
):
​Nullifier(Accin)=Hashnullifier(Hashaccount(Accin),I)Nullifier(Acc^\text{in}) = Hash_{nullifier}(Hash_{account}(Acc^\text{in}), I)Nullifier(Accin)=Hashnullifier​(Hashaccount​(Accin),I)
​
where III
is intermediate nullifier hash calculated as:
​I=Hashinh(Hashaccount(Accin),η,path)I = Hash_{inh}(Hash_{account}(Acc^{in}), \eta, path)I=Hashinh​(Hashaccount​(Accin),η,path)
​
​HashnullifierHash_{nullifier}Hashnullifier​
, HashinhHash_{inh}Hashinh​
 and HashaccountHash_{account}Hashaccount​
 is a PoseidonPoseidonPoseidon
 hash functions​
There is an archive on the contract side which holds nullifiers. In the case of account double-spending the nullifiers for the same accounts will equal one another. In this case the contract will reject a second transaction with the repeated nullifier value.
A nullifier pre-image could be safely disclosed without opening any sensitive data, like an intermediate key η\etaη
 used for encryption and decryption. For example the nullifier disclosure could be useful in compliance reports to prove account-chain linkage.
Transaction Types
Signing a Transaction
Last modified 7mo ago