LogoLogo
  • WELCOME TO ALEPH ZERO
  • EXPLORE
    • About Aleph Zero
    • AlephBFT Consensus
    • The Economy of Aleph Zero
    • Where to Buy AZERO
    • Decentralized Governance on Aleph Zero
    • Ecosystem
    • Aleph Zero Foundation Treasury Management
    • Community
    • Glossary
    • Audit & Research Papers
  • USE
    • Wallets
    • Explorer
    • Ledger
    • Telegram Notifications
    • Aleph Zero Signer
      • General introduction
      • What does Signer do?
      • What are Sub-accounts and Sub-account paths?
      • Why is it critical to store your Secret Phrase in a safe place?
      • How to forget and restore accounts?
      • What are Networks?
      • What are Trusted apps?
    • Dashboard
      • Dashboard basics
      • Overview
    • Stake
      • Staking Basics
      • Staking Menu Overview
      • How to Start Staking with the Aleph Zero Dashboard
      • How to Start Staking With the Developer Wallet
      • How to start staking using Ledger hardware wallet
      • How to Change Nominations
      • How to Stop Staking
      • Staking Rewards
      • Validators
      • Commission and Foundation Nodes
      • Proxy Accounts
    • Validate
      • Validating Overview
      • Hardware requirements
      • Running an Aleph Node on Testnet
        • Downloading and running the node
        • Verifying your setup
        • Customizing your setup
        • Building and running from source [advanced]
          • Building from source
          • Set environment variables
          • Download DB snapshot
          • Running the binary
        • Appendix: Ports, addresses, validators, and archivists
      • Running an Aleph Node on Mainnet
        • Running the node
        • Building and running from source [advanced]
      • Setting your identity
      • Making the node validate
      • Securing your validator
      • Troubleshooting
      • Elections and Rewards Math
      • Testnet Validator Airdrop
      • Foundation Nomination Program
    • Using the EVM-layer
    • Governance
      • Token
      • Multisig Accounts
  • BUILD
    • Aleph Zero smart contracts basics
      • Setting up a Testnet account
      • Installing required tools
      • Creating your first contract
      • Deploying your contract to Aleph Zero Testnet
      • Extending your contract
    • Cross contract calls
      • Using references
      • Using dynamic calls
    • Migrating from Solidity
    • Writing e2e tests with ink-wrapper
    • Aleph Zero Signer integration
    • Front-end app: smart contract interaction
    • Security Course by Kudelski Security
      • ink! Developers Security Guideline
      • Lesson 1 - Getting started with ink!
      • Lesson 2 - Threat Assessment
      • Lesson 3 - Integer Overflow
      • Lesson 4 - Signed-integer
      • Lesson 5 - Role-Based Access Control
      • Lesson 6 - Address Validation
      • Lesson 7 - Smart Contract Control
    • Development on EVM-layer
  • PROTOCOL DETAILS
    • Shielder
      • Overview
      • Design against Bad Actors
      • Preliminaries - ZK-relations
      • Notes and Accounts
      • ZK-ID and Registrars
      • Anonymity Revokers
      • PoW Anonymity Revoking
      • Relayers
      • Deterministic Secret Management
      • SNARK-friendly Symmetric Encryption
      • SNARK-friendly Asymmetric Encryption
      • Cryptography
      • Token shortlist
      • User Wallet
      • Versioning
      • PoC
      • Version 0.1.0
      • Version 0.2.0
    • Common DEX
      • Common Whitepaper - Differences
      • Dutch Auctions
  • FAQ
  • Tutorials
    • Withdrawing coins from exchanges
      • How to withdraw your AZERO coins from KuCoin
      • How to withdraw your AZERO coins from MEXC Global
      • How to withdraw your AZERO coins from HTX
  • Setting up or restoring a wallet
    • How to set up or recover your AZERO account using Aleph Zero Signer
    • How to set up or recover your AZERO account using the official mainnet web wallet
    • How to set up or recover your AZERO account using Nova Wallet
    • How to set up or recover your AZERO account using SubWallet
    • How to set up or recover your AZERO account using Talisman
  • Staking
    • How to stake via a direct nomination using the Aleph Zero Dashboard
    • How to stake via a nomination pool using the Aleph Zero Dashboard
    • How to destroy a nomination pool via the Aleph Zero Dashboard
Powered by GitBook
On this page
  • Current State and Creating Transactions
  • Restoring the State from the master seed
  • Improving the collection phase

Was this helpful?

  1. PROTOCOL DETAILS
  2. Shielder

User Wallet

In this section we sketch how a user wallet could work, i.e., what kind of state would it need to store, how to retrieve the state and how to make new transactions. We assume Deterministic Secret Management is used.

Current State and Creating Transactions

The current state of the user consists of:

  • seed -- the master seed used to derive all secrets

  • id -- the ZK-ID of the user

  • Current note:

    • trapdoor

    • nullifier

    • account -- the current account state

Given all the above it's possible to update the state with the update_note transaction, as explained in Notes and Accounts (or the adjusted version in Anonymity Revokers) indeed the reader is encouraged to check that all the proofs necessary to craft a new transactions can be generated using the data listed above.

Restoring the State from the master seed

The whole premise behind using a single master seed is that the user can recover the entire state as above just from the seed and the on-chain data. Of course the recovery process might be lengthy, but should be possible. On the other hand, for everyday operation the user is supposed to keep its current state, and preserve it, for efficiency.

Recovering the current state of a user consists of several steps:

  1. Generate the ZK-ID id of the user deterministically from seed

  2. Compute the key key=key(id)

  3. Obtain the chronological list of all transactions tx_1, tx_2, ... tx_n that were finalized on chain:

    • To this end filter the list of all transactions sent to the shielder from all users. The filtering rule is as follows:

      • let tx be a transaction

      • let mac = (m_0, m_1) be the mac of tx

      • If m_1 = hash(m_0, key) then keep the tx as it means it belongs to the user

    • (Note that this step is quite inefficient as written, below we explain how one can go about improving the efficiency).

  4. tx_1 is the new_note transaction and can be thus ignored. For the remaining ones perform the following procedure to recover the current account.

    1. Set account := Account::new()

    2. For tx in [tx_2, tx_3, ..., tx_n] do:

      1. Extract op_pub out of tx

      2. Extract op_priv out of e_op using the key key to decrypt it

      3. Combine op = combine(op_pub, op_priv)

      4. Update the account account = Account::update(account, op)

  5. Derive the trapdoor and nullifier of the last note deterministically from seed

Improving the collection phase

To collect all transactions relevant to the account one has to filter all shielder transactions which is quite slow. There are several ideas on how to improve upon that:

  1. To the nth shielder transaction of a user attach an encrypted (using SymEnc with key key(id)) number k being the block number where the n-1th transation landed. This way the only thing the user needs to do is: find its last transaction, and scan n blocks in total.

  2. Use fuzzy message detection techniques.

PreviousToken shortlistNextVersioning

Last updated 9 months ago

Was this helpful?