# zkBob Keys

Different key types
zkBob is based on complex cryptography. There are several keys needed for private transactions. The relationship between these keys is presented in the scheme below. • Spending key (
$\sigma$
) is the top secret key. It is used to derive other keys and to sign transactions. At a high level it is just a random 256-bit number which should be stored securely on the client side. The simplest way to get a spending key is to produce a random number. But in a production client software implementation more complex approaches should be used (e.g. hierarchical deterministic wallets). Concrete approaches for spending key derivation by a client are not discussed here.
• Transaction verifier key (
$A$
) is used for transaction signature verification. It's derived from the spending key and multiplied by the generator point in the JubJub elliptic curve field:
$A = \sigma G$
• Intermediate key (
$\eta$
) is derived from the
$A$
key by the
$Poseidon$
hash function
:
$\eta = Hash(A.x)$
. It is used in several cases:
• to calculate the account nullifier
• to derive the outgoing viewing key (
$\kappa$
)
• to decrypt incoming notes
• Receiving key is used to decrypt incoming notes in the memo block. It is a combination of the intermediate key and ephemeral key generated for each note.
• Outgoing viewing key (
$\kappa$
) is used to decrypt the whole memo block in the transaction which is initiated by itself. The key is derived from the intermediate key by the keccak hash function:
$\kappa = keccak_{256}(\eta, \text{"this is the suffix for the symmetric encryption key"})$
$(d, P_d)$
$d$
$P_d = \eta G_p = \eta \text{ToSubGroupHash}_{E(F_r)}(d)$