Knowledge Base
  • Introduction
  • SHIELDING
    • Shielded pools
    • Key generation process
    • Privacy best practices
  • Fraud protection
  • Web App – User Guide
  • SMART YIELD
    • How does Smart Yield work?
    • Governance Model
    • Shielding
  • COMMON ECONOMY
    • The Economy of Common
    • CMN Token
    • CMN Tokenomics and Vesting Schedules
    • CMN Airdrops
    • Shared Fees and Reward Economics of Common
  • Wallet (Extension)
    • Introduction
    • Getting Started
    • Usage
    • Settings
  • DEX and Bridge (Aleph Zero WASM layer 1)
    • Account
      • How to Connect Your Wallet
      • Video Guide: How to Connect Your Wallet
      • How to Check Your Balance
      • Video Guide: How to Check Your Balance
    • Swap
      • How to Swap Tokens
      • Video Guide: How to Swap Tokens
    • Farm
      • How to Farm
      • Video Guide: How to Farm
    • Pool
      • Explaining Liquidity Pools
      • Video guide: Explaining Liquidity Pools
      • Managing Liquidity Pools with Custom Tokens
      • Video Guide: Managing Liquidity Pools with Custom Tokens
    • Bridge
      • How to Bridge With Most
        • Ethereum to Aleph Zero WASM
        • Aleph Zero WASM to Aleph Zero EVM
      • Video Guide: How to Bridge With MOST?
      • Bridging 10,000+ AZERO from Aleph Zero WASM to EVM
  • Protocol Details
    • Shielder
    • Overview
    • Design Against Bad Actors
    • Preliminaries: ZK Relations
    • Notes and Accounts
    • ZK-ID and Registrars
    • Anonymity Revokers
    • PoW Anonymity Revoking
    • Relayers
    • Deterministic Secret Management
    • SNARK-friendly Symmetric Encryption
    • SNARK-friendly Asymmetric Encryption
    • Cryptography
    • Token Shortlist
    • User Wallet
    • Versioning
    • PoC
    • Version 0.1.0
    • Version 0.2.0
Powered by GitBook
On this page

Was this helpful?

  1. Protocol Details

Deterministic Secret Management

When making transactions the user needs to come up with various secrets: trapdoor, nullifier which all must be stored (or at least the most recent one) in order to keep using the shielder. Backing up so many secrets is problematic hence we introduce a deterministic secret management scheme that allows the user to keep just one secret seed and derive all the remaining secrets out of it.

The simplest attempt at such a scheme could be as follows:

  • The user starts by generating a master seed: seed with say 256 bits,

  • The user generates its ZK-ID: id = hash(seed, "id")

  • Whenever a new secret is required, for instance nullifier, it is derived as

    • nullifier = hash(seed, "nullifier-X") where X is a unique nonce, for instance the index of the transaction or so,

    • trapdoor = hash(seed, "trapdoor-X")

    • similarly for the case of generating randomness for the sake of encryption or mac -- special care must be taken to never reuse the same randomness, because it is revealed right away (recall that mac = (r, hash(r, k))). If the nonce for generating r depended only on the transaction number, then it could happen that the user would use the same r when resubmitting a transaction, compromising privacy and maybe even security.

Note that in the above, the choice of nonces is crucial for security.

PreviousRelayersNextSNARK-friendly Symmetric Encryption

Last updated 6 days ago

Was this helpful?