Address derivation
Private payment address
The zkBob account doesn't contain any fixed address. Instead if you want to receive funds you should generate and provide private addresses. In general a new private address can be generated for every incoming transaction. It is not possible to link different private addresses derived from the single account to one another or to the primary account. Only the account owner can confirm a private address belongs to the account.
A new private payment address is generated by:
- Generate a random 80-bit diversifier
- Calculate diversifier subgroup generator point:
- Derive diversifier public part:
- Prepare address data buffer (, 42 bytes): join 10 byte of the diversifier with 32 bytes of the
- Get address checksum:
- Attachfirst 4 bytes to the
- Encodewith Base58 to the string
Thus the address string contains the diversifier public key
protected with checksum to avoid typos. Checking any private addresses for ownership is very straightforward. You decode the address string and extract
and
values. Next you derive
with the your
key. The private address belongs to your account only if
.
Let's imagine you have an account with the intermediate key:
The big numbers representation
All big numbers on this page are presented in the hexadecimal form to reduce line width. If you want to convert them to the decimal form please use a third-party tool (example)
To derive a private address we should generate a random diversifier
and calculate the Poseidon hash for it:
Convert scalar
to the subgroup generator point:
Put
and
into the buffer as little-endian numbers (start with the last significant byte):
Add a checksum. To do it we must compute keccak256 hash from the buffer above:
Get the first 4 bytes from the hash above and append them to the end of buffer:
Finally encode this buffer with Base58 to get private address:
QsnTijXekjRm9hKcq5kLNPsa6P4HtMRrc3RxVx3jsLHeo2AiysYxVJP86mriHfN
Last modified 1yr ago