Knowledge Base
  • Introduction
  • SHIELDING
    • Shielded pools
    • Key generation process
    • Privacy best practices
  • Fraud protection
  • Web App – User Guide
  • SMART YIELD
    • How does Smart Yield work?
    • Governance Model
    • Shielding
  • COMMON ECONOMY
    • The Economy of Common
    • CMN Token
    • CMN Tokenomics and Vesting Schedules
    • CMN Airdrops
    • Shared Fees and Reward Economics of Common
  • Wallet (Extension)
    • Introduction
    • Getting Started
    • Usage
    • Settings
  • DEX and Bridge (Aleph Zero WASM layer 1)
    • Account
      • How to Connect Your Wallet
      • Video Guide: How to Connect Your Wallet
      • How to Check Your Balance
      • Video Guide: How to Check Your Balance
    • Swap
      • How to Swap Tokens
      • Video Guide: How to Swap Tokens
    • Farm
      • How to Farm
      • Video Guide: How to Farm
    • Pool
      • Explaining Liquidity Pools
      • Video guide: Explaining Liquidity Pools
      • Managing Liquidity Pools with Custom Tokens
      • Video Guide: Managing Liquidity Pools with Custom Tokens
    • Bridge
      • How to Bridge With Most
        • Ethereum to Aleph Zero WASM
        • Aleph Zero WASM to Aleph Zero EVM
      • Video Guide: How to Bridge With MOST?
      • Bridging 10,000+ AZERO from Aleph Zero WASM to EVM
  • Protocol Details
    • Shielder
    • Overview
    • Design Against Bad Actors
    • Preliminaries: ZK Relations
    • Notes and Accounts
    • ZK-ID and Registrars
    • Anonymity Revokers
    • PoW Anonymity Revoking
    • Relayers
    • Deterministic Secret Management
    • SNARK-friendly Symmetric Encryption
    • SNARK-friendly Asymmetric Encryption
    • Cryptography
    • Token Shortlist
    • User Wallet
    • Versioning
    • PoC
    • Version 0.1.0
    • Version 0.2.0
Powered by GitBook
On this page
  • Technical Details
  • Impact on Circuits

Was this helpful?

  1. Protocol Details

PoW Anonymity Revoking

PreviousAnonymity RevokersNextRelayers

Last updated 5 days ago

Was this helpful?

In Version 0.1.0 (see ) the Anonymity Revoking mechanism as described in is not yet available (it's planned for subsequent releases). Instead this version features a mechanism that we call "PoW Anonymity Revoking" (Proof of Work Revoking) in which any actor can reveal traces of particular users, given that they invest appropriate computational resources (similarly as when mining blocks in Bitcoin). Note that this does not guarantee the level of privacy achieved by the system, however Version 0.1.0 is considered a beta-release with limited functionality and with safety precautions included (see ). Subsequent versions will replace PoW AR with the mechanism described in .

Technical Details

As introduced in each user holds a secret idthat represents their secret key of their Shielder account. In the Version 0.1.0 upon creating a new account the user publicly reveals h_id = hash(id) — one can think of this as a public key of this shielder account.

Subsequently, upon each operation involving this account, the user is forced to include a digest (called id_hiding) of the form hash(h_id, nonce)where nonce is chosen by the user at random from an interval [0, 2^L)where Lis the anonymity parameter (the larger the Lthe more work is required to deanonymize).

Now, given the h_id of a particular user, it is possible to test if a given transaction was issued by this user or not. Specifically, if the AR digest of a transaction is d then by trying if any of hash(h_id, nonce) == d for all the nonces in the specified range, one can check if this transaction is from this user or not. By repeating this test on all transactions sent to the shielder contract it is possible to track a given user activities. Note however that the more transactions and the higher the Lis, the more resources and time must be invested, hence the name "PoW Anonymity Revoking".

Impact on Circuits

To support PoW AR in circuits we must force the user to include the correct "revealing" digest as part of each of their transactions. This is quite easy, the digest becomes one of the public inputs and we verify the following constraint on it:

  • 0 <= nonce < 2^L

  • id_hiding == hash(hash(id), nonce)

Version 0.1.0
Anonymity Revokers
Anonymity Revokers
Version 0.1.0
Anonymity Revokers
Notes and Accounts