# zkBob Keys zkBob is based on complex cryptography. There are several keys needed for private transactions. The relationship between these keys is presented in the scheme below. ![](/files/a5ZN0UwEWJ5Rm4toksTc) * **Spending key (**$$\sigma$$**)** is the top secret key. It is used to derive other keys and to sign transactions. At a high level it is just a random 256-bit number which should be stored securely on the client side. The simplest way to get a spending key is to produce a random number. But in a production client software implementation more complex approaches should be used (e.g. [hierarchical deterministic wallets](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki)). Concrete approaches for spending key derivation by a client are not discussed here. * **Transaction verifier key (**$$A$$**)** is used for transaction signature verification. It's derived from the spending key and multiplied by the generator point in the JubJub elliptic curve field: $$A = \sigma G$$ * **Intermediate key (**$$\eta$$**)** is derived from the $$A$$ key by the[ $$Poseidon$$ hash function](/implementation/untitled/the-poseidon-hash.md):$$\eta = Hash(A.x)$$. It is used in several cases: * to calculate the account[ nullifier](/implementation/transaction-overview/the-nullifiers.md) * to derive the outgoing viewing key ($$\kappa$$) * to decrypt incoming notes * **Receiving key** is used to decrypt incoming notes in the memo block. It is a combination of the intermediate key and ephemeral key generated for each note. * **Outgoing viewing key (**$$\kappa$$**)** is used to decrypt the whole memo block in the transaction which is initiated by itself. The key is derived from the intermediate key by the keccak hash function: $$\kappa = keccak\_{256}(\eta, \text{"this is the suffix for the symmetric encryption key"})$$ * **Private payment address** $$(d, P\_d)$$ - is a set of random diversifiers $$d$$ and point $$P\_d = \eta G\_p = \eta \text{ToSubGroupHash}\_{E(F\_r)}(d)$$ --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zkbob.com/implementation/zkbob-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.