ZK Circuits & Privacy Model
Commitments: Pedersen/Poseidon commitment computed from note fields: value shares, owner field, blind, nullifier secret, and bound
assetId.Nullifiers: Derived from per-note secrets to prevent double-spend; revealed only upon spending.
Merkle Tree: Commitments are inserted; spend proofs include membership (path elements and indices).
Asset binding: Circuits bind
assetIdto prevent cross-asset replay or linkage across pools/assets.Memos: Encrypted blobs attached to commitments; contain sender/receiver context and note data for off-chain recovery (recipient UX and scanning).
Last updated