LogoLogo
zkBob AppLinks & Resources
  • 🦹zkBob Overview
    • zkBob
    • Basic Concepts
      • Getting Started
      • Open-Source and Decentralized
      • Multichain Deployment
      • Usage Statistics
      • Use Cases
        • Employee Salary
        • Vendor Purchasing
      • Development Timeline
      • zk Privacy Solution Comparison
    • zkBob Pools
      • USDC Pool on Polygon (sunsets January 31, 2025)
      • USDC Pool on Optimism
      • ETH Pool on Optimism
      • USDT Pool on Tron (sunsets Oct 29, 2024)
    • Fees
      • Unspent note handling
    • Deposit & Withdrawal Limits
    • Compliance & Security
      • TRM Labs Integration
    • Conferences, Workshops, Videos
      • International Videos
    • Governance
    • BOB Stablecoin
    • zkBob FAQ
  • πŸ¦Έβ€β™‚οΈzkBob Application
    • UI Overview
    • Account Creation
      • Login to an existing account
      • Lost Password
      • Metamask / Web3 Wallet Warning
    • Deposits
    • Transfers
      • Multitransfers
    • Withdrawals
      • Native Token Conversion
    • Generate a Receiving Address
    • Optional KYC
    • zkBob Direct Deposits
    • Support ID
    • Payment Links
    • Integrated Services
    • Multilingual support
      • PortuguΓͺs
      • Русский
      • δΈ­ζ–‡
  • πŸ‘©β€βš•οΈTechnical Implementation
    • zkBob Application Overview
    • Deployed Contracts
    • Smart Contracts
      • zkBob Pool Contract
        • Transaction Calldata
      • Bob Token Contract
      • Verifier contracts
      • Operator Manager Contract
        • Mutable Operator Manager
      • Voucher (XP) Token Contract
    • Accounts and Notes
      • Accounts
      • Notes
    • Relayer Node
      • Relayer Operations
      • Optimistic State
      • REST API
    • zkBob Keys
      • Address derivation
      • Ephemeral keys
    • zkSNARKs & Circuits
      • Transfer verifier circuit overview
    • zkBob Merkle Tree
      • The Poseidon Hash
    • Elliptic Curve Cryptography
    • Transaction Overview
      • Common Structure
      • Memo Block
        • Memo Block Encryption
      • Transaction Types
      • Nullifiers
      • Signing a Transaction
      • The Transaction Lifecycle
    • Client Library SDK
      • Configuration
        • Initializing the client
          • Client Configuration
        • Attaching a User Account
          • Account Configuration
        • Switching Between Pools
      • Account-less Mode Operations
        • Converting Token Amounts
        • Transaction Fees
        • Transaction Constraints
        • Using the Delegated Prover
        • Getting the State
        • Gift Cards
        • Client Library Status
        • Helpers
        • Versioning
      • Full Mode Operations
        • Balances and History
        • Shielded Addresses
        • Account State
        • Fee Estimations
        • Transaction Configuration
        • Sending Transactions
        • Transaction Maintenance
        • Direct Deposits
        • Gift Cards Maintenance
        • Ephemeral Deposits
        • Forced Exit
        • Other Routines
      • Common Types
      • Full Functions List
      • Utilities
  • πŸ‘©β€πŸ«Deployment
    • Trusted Setup Ceremony
    • Contract Deployment
    • Relayer Subsystem
  • πŸ‘·β€β™‚οΈRoadmap
    • On the Roadmap
    • Exploratory Features
      • XP (Experience Points)
        • XP-based Auctions
      • Multi-chain Custom Rollup Deployment
      • Round-robin Operator Manager
      • Compounding
  • πŸ§‘β€πŸ’»Jobs
    • Zero-Knowledge Researcher & Protocol Developer
  • 🧩Resources
    • Visual Assets
    • Hackathons
      • zkBob Cloud
    • Release Notes
      • October 11, 2023
      • July 13, 2023
      • June 13, 2023
      • March 28, 2023
      • January 30, 2023
      • January 16, 2023
      • January 2, 2023
      • Releases 2022
    • Security Audit
    • Github
    • Link tree
Powered by GitBook
On this page
  • Account Encryption
  • Notes Encryption
  • Shared secrets encryption

Was this helpful?

  1. Technical Implementation
  2. Transaction Overview
  3. Memo Block

Memo Block Encryption

Used to encrypt accounts, notes and shared keys

PreviousMemo BlockNextTransaction Types

Last updated 1 year ago

Was this helpful?

The main purpose of the memo block is to publish transaction details. Due to the secret nature of a transaction, the list of admitted users able to access data is strictly restricted. There are two critical data components encrypted in the memo block: an output account and output notes.

Only the transaction sender can access the output account and notes. The output account is used by the sender to maintain the wallet state, and notes are used to retrieve the outgoing history of transactions. The output account should not be available to the transaction receiver. Shared secrets are used to implement this feature.

There are three encrypted entities in the memo block.

  • Account Encryption

  • Notes Encryption

  • Shared Secrets Encryption

Account Encryption

An output account in the memo block is encrypted with the random key keyakey_akeya​ by the symmetric algorithm :

  • Generate a random symmetric 256-bit key: keya=random()key_a = random()keya​=random()

  • Encrypt output account: accenc=ChaCha20Poly1305keyanonce(acc)acc^{enc} = ChaCha20Poly1305_{key_a}^{nonce}(acc)accenc=ChaCha20Poly1305keya​nonce​(acc)

Nonce for ChaCha20Poly1305ChaCha20Poly1305ChaCha20Poly1305 is a fixed value. It's the first 12 bytes of the keccak256("ZeroPool")keccak256("ZeroPool")keccak256("ZeroPool"): 0x5bbdffc6fe73c460f1b2b85d

To decrypt output account user should obtain keyakey_akeya​ from the memo block. The transaction sender only can access this key.

Notes Encryption

Output notes are encrypted with the ephemeral keys. Steps to encrypt a NoteiNote_iNotei​:

  • Generate a random 256-bit ephemeral secret key: ai=random()a_i = random()ai​=random()

  • Calculate an ephemeral public key for the NoteiNote_iNotei​: Ai=aiToSubGroupHashE(Fr)(Notei.d)A_i = a_i \text{ToSubGroupHash}_{E(F_r)}(Note_i.d)Ai​=ai​ToSubGroupHashE(Fr​)​(Notei​.d)

  • Derive a symmetric encryption key for the note: keyi=keccak256(aiNotei.Pd)key_i = keccak256(a_i Note_i.P_d)keyi​=keccak256(ai​Notei​.Pd​)

  • Encrypt note: Noteienc=ChaCha20Poly1305keyinonce(Notei)Note_i^{enc} = ChaCha20Poly1305_{key_i}^{nonce}(Note_i)Noteienc​=ChaCha20Poly1305keyi​nonce​(Notei​)

  • There are two public values for the each note in the memo block: AiA_iAi​ and NoteiencNote_i^{enc}Noteienc​

To decrypt a note the user obtains the corresponding keyikey_ikeyi​. There are two ways to get it:

  • to obtain keyikey_ikeyi​ from the shared secrets (a sender case)

  • to derive keyikey_ikeyi​ from the AiA_iAi​ and account's key Ξ·\etaΞ· (a receiver case): keyi=keccak256(AiΞ·)key_i = keccak256(A_i \eta)keyi​=keccak256(Ai​η)

Shared secrets encryption

Shared secrets block contains symmetric keys for account and notes encryption: keys=(keya,key1,key2,...)keys = (key_a, key_1, key_2, ...)keys=(keya​,key1​,key2​,...). The following actions are used to encrypt these keys:

  • Generate a random 192-bit nonce: nonce=random()nonce = random()nonce=random()

  • Encrypt keyskeyskeys: keysenc=XChaCha20Poly1305ΞΊnonce(keys)keys^{enc} = XChaCha20Poly1305_{\kappa}^{nonce}(keys)keysenc=XChaCha20Poly1305ΞΊnonce​(keys)

  • Put (nonce,keysenc)(nonce, keys^{enc})(nonce,keysenc) in the shared secrets block

keysenckeys^{enc}keysenc could be decrypted with the ΞΊ\kappaΞΊ key only.

πŸ‘©β€βš•οΈ
ChaCha20Poly1305