LogoLogo
zkBob AppLinks & Resources
  • đŸŠčzkBob Overview
    • zkBob
    • Basic Concepts
      • Getting Started
      • Open-Source and Decentralized
      • Multichain Deployment
      • Usage Statistics
      • Use Cases
        • Employee Salary
        • Vendor Purchasing
      • Development Timeline
      • zk Privacy Solution Comparison
    • zkBob Pools
      • USDC Pool on Polygon (sunsets January 31, 2025)
      • USDC Pool on Optimism
      • ETH Pool on Optimism
      • USDT Pool on Tron (sunsets Oct 29, 2024)
    • Fees
      • Unspent note handling
    • Deposit & Withdrawal Limits
    • Compliance & Security
      • TRM Labs Integration
    • Conferences, Workshops, Videos
      • International Videos
    • Governance
    • BOB Stablecoin
    • zkBob FAQ
  • đŸŠžâ€â™‚ïžzkBob Application
    • UI Overview
    • Account Creation
      • Login to an existing account
      • Lost Password
      • Metamask / Web3 Wallet Warning
    • Deposits
    • Transfers
      • Multitransfers
    • Withdrawals
      • Native Token Conversion
    • Generate a Receiving Address
    • Optional KYC
    • zkBob Direct Deposits
    • Support ID
    • Payment Links
    • Integrated Services
    • Multilingual support
      • PortuguĂȘs
      • РуссĐșĐžĐč
      • äž­æ–‡
  • đŸ‘©â€âš•ïžTechnical Implementation
    • zkBob Application Overview
    • Deployed Contracts
    • Smart Contracts
      • zkBob Pool Contract
        • Transaction Calldata
      • Bob Token Contract
      • Verifier contracts
      • Operator Manager Contract
        • Mutable Operator Manager
      • Voucher (XP) Token Contract
    • Accounts and Notes
      • Accounts
      • Notes
    • Relayer Node
      • Relayer Operations
      • Optimistic State
      • REST API
    • zkBob Keys
      • Address derivation
      • Ephemeral keys
    • zkSNARKs & Circuits
      • Transfer verifier circuit overview
    • zkBob Merkle Tree
      • The Poseidon Hash
    • Elliptic Curve Cryptography
    • Transaction Overview
      • Common Structure
      • Memo Block
        • Memo Block Encryption
      • Transaction Types
      • Nullifiers
      • Signing a Transaction
      • The Transaction Lifecycle
    • Client Library SDK
      • Configuration
        • Initializing the client
          • Client Configuration
        • Attaching a User Account
          • Account Configuration
        • Switching Between Pools
      • Account-less Mode Operations
        • Converting Token Amounts
        • Transaction Fees
        • Transaction Constraints
        • Using the Delegated Prover
        • Getting the State
        • Gift Cards
        • Client Library Status
        • Helpers
        • Versioning
      • Full Mode Operations
        • Balances and History
        • Shielded Addresses
        • Account State
        • Fee Estimations
        • Transaction Configuration
        • Sending Transactions
        • Transaction Maintenance
        • Direct Deposits
        • Gift Cards Maintenance
        • Ephemeral Deposits
        • Forced Exit
        • Other Routines
      • Common Types
      • Full Functions List
      • Utilities
  • đŸ‘©â€đŸ«Deployment
    • Trusted Setup Ceremony
    • Contract Deployment
    • Relayer Subsystem
  • đŸ‘·â€â™‚ïžRoadmap
    • On the Roadmap
    • Exploratory Features
      • XP (Experience Points)
        • XP-based Auctions
      • Multi-chain Custom Rollup Deployment
      • Round-robin Operator Manager
      • Compounding
  • đŸ§‘â€đŸ’»Jobs
    • Zero-Knowledge Researcher & Protocol Developer
  • đŸ§©Resources
    • Visual Assets
    • Hackathons
      • zkBob Cloud
    • Release Notes
      • October 11, 2023
      • July 13, 2023
      • June 13, 2023
      • March 28, 2023
      • January 30, 2023
      • January 16, 2023
      • January 2, 2023
      • Releases 2022
    • Security Audit
    • Github
    • Link tree
Powered by GitBook
On this page

Was this helpful?

  1. Technical Implementation

zkBob Keys

Different key types

PreviousREST APINextAddress derivation

Last updated 1 year ago

Was this helpful?

zkBob is based on complex cryptography. There are several keys needed for private transactions. The relationship between these keys is presented in the scheme below.

  • Spending key (σ\sigmaσ) is the top secret key. It is used to derive other keys and to sign transactions. At a high level it is just a random 256-bit number which should be stored securely on the client side. The simplest way to get a spending key is to produce a random number. But in a production client software implementation more complex approaches should be used (e.g. ). Concrete approaches for spending key derivation by a client are not discussed here.

  • Transaction verifier key (AAA) is used for transaction signature verification. It's derived from the spending key and multiplied by the generator point in the JubJub elliptic curve field: A=σGA = \sigma GA=σG

  • Intermediate key (η\etaη) is derived from the AAA key by the:η=Hash(A.x)\eta = Hash(A.x)η=Hash(A.x). It is used in several cases:

    • to calculate the account

    • to derive the outgoing viewing key (Îș\kappaÎș)

    • to decrypt incoming notes

  • Receiving key is used to decrypt incoming notes in the memo block. It is a combination of the intermediate key and ephemeral key generated for each note.

  • Outgoing viewing key (Îș\kappaÎș) is used to decrypt the whole memo block in the transaction which is initiated by itself. The key is derived from the intermediate key by the keccak hash function: Îș=keccak256(η,"this is the suffix for the symmetric encryption key")\kappa = keccak_{256}(\eta, \text{"this is the suffix for the symmetric encryption key"})Îș=keccak256​(η,"this is the suffix for the symmetric encryption key")

  • Private payment address (d,Pd)(d, P_d)(d,Pd​) - is a set of random diversifiers ddd and point Pd=ηGp=ηToSubGroupHashE(Fr)(d)P_d = \eta G_p = \eta \text{ToSubGroupHash}_{E(F_r)}(d)Pd​=ηGp​=ηToSubGroupHashE(Fr​)​(d)

đŸ‘©â€âš•ïž
hierarchical deterministic wallets
PoseidonPoseidonPoseidon hash function
nullifier