LogoLogo
  • WELCOME TO ALEPH ZERO
  • EXPLORE
    • About Aleph Zero
    • AlephBFT Consensus
    • The Economy of Aleph Zero
    • Where to Buy AZERO
    • Decentralized Governance on Aleph Zero
    • Ecosystem
    • Aleph Zero Foundation Treasury Management
    • Community
    • Glossary
    • Audit & Research Papers
  • USE
    • Wallets
    • Explorer
    • Ledger
    • Telegram Notifications
    • Aleph Zero Signer
      • General introduction
      • What does Signer do?
      • What are Sub-accounts and Sub-account paths?
      • Why is it critical to store your Secret Phrase in a safe place?
      • How to forget and restore accounts?
      • What are Networks?
      • What are Trusted apps?
    • Dashboard
      • Dashboard basics
      • Overview
    • Stake
      • Staking Basics
      • Staking Menu Overview
      • How to Start Staking with the Aleph Zero Dashboard
      • How to Start Staking With the Developer Wallet
      • How to start staking using Ledger hardware wallet
      • How to Change Nominations
      • How to Stop Staking
      • Staking Rewards
      • Validators
      • Commission and Foundation Nodes
      • Proxy Accounts
    • Validate
      • Validating Overview
      • Hardware requirements
      • Running an Aleph Node on Testnet
        • Downloading and running the node
        • Verifying your setup
        • Customizing your setup
        • Building and running from source [advanced]
          • Building from source
          • Set environment variables
          • Download DB snapshot
          • Running the binary
        • Appendix: Ports, addresses, validators, and archivists
      • Running an Aleph Node on Mainnet
        • Running the node
        • Building and running from source [advanced]
      • Setting your identity
      • Making the node validate
      • Securing your validator
      • Troubleshooting
      • Elections and Rewards Math
      • Testnet Validator Airdrop
      • Foundation Nomination Program
    • Using the EVM-layer
    • Governance
      • Token
      • Multisig Accounts
  • BUILD
    • Aleph Zero smart contracts basics
      • Setting up a Testnet account
      • Installing required tools
      • Creating your first contract
      • Deploying your contract to Aleph Zero Testnet
      • Extending your contract
    • Cross contract calls
      • Using references
      • Using dynamic calls
    • Migrating from Solidity
    • Writing e2e tests with ink-wrapper
    • Aleph Zero Signer integration
    • Front-end app: smart contract interaction
    • Security Course by Kudelski Security
      • ink! Developers Security Guideline
      • Lesson 1 - Getting started with ink!
      • Lesson 2 - Threat Assessment
      • Lesson 3 - Integer Overflow
      • Lesson 4 - Signed-integer
      • Lesson 5 - Role-Based Access Control
      • Lesson 6 - Address Validation
      • Lesson 7 - Smart Contract Control
    • Development on EVM-layer
  • PROTOCOL DETAILS
    • Shielder
      • Overview
      • Design against Bad Actors
      • Preliminaries - ZK-relations
      • Notes and Accounts
      • ZK-ID and Registrars
      • Anonymity Revokers
      • PoW Anonymity Revoking
      • Relayers
      • Deterministic Secret Management
      • SNARK-friendly Symmetric Encryption
      • SNARK-friendly Asymmetric Encryption
      • Cryptography
      • Token shortlist
      • User Wallet
      • Versioning
      • PoC
      • Version 0.1.0
      • Version 0.2.0
    • Common DEX
      • Common Whitepaper - Differences
      • Dutch Auctions
  • FAQ
  • Tutorials
    • Withdrawing coins from exchanges
      • How to withdraw your AZERO coins from KuCoin
      • How to withdraw your AZERO coins from MEXC Global
      • How to withdraw your AZERO coins from HTX
  • Setting up or restoring a wallet
    • How to set up or recover your AZERO account using Aleph Zero Signer
    • How to set up or recover your AZERO account using the official mainnet web wallet
    • How to set up or recover your AZERO account using Nova Wallet
    • How to set up or recover your AZERO account using SubWallet
    • How to set up or recover your AZERO account using Talisman
  • Staking
    • How to stake via a direct nomination using the Aleph Zero Dashboard
    • How to stake via a nomination pool using the Aleph Zero Dashboard
    • How to destroy a nomination pool via the Aleph Zero Dashboard
Powered by GitBook
On this page
  • Deployment information
  • Basic Information
  • Technical Information on Circuits
  • Notes and Hashing
  • Circuits and Constraints

Was this helpful?

  1. PROTOCOL DETAILS
  2. Shielder

Version 0.1.0

PreviousPoCNextVersion 0.2.0

Last updated 5 months ago

Was this helpful?

Deployment information

Source code:

Testnet Contracts:

  • Shielder:

Mainnet Contracts:

  • Shielder:

Basic Information

This is the first release, considered beta, and thus it has several limitations aimed to provide protection for users while the code awaits a full audit and a few features are still under active development. The following list characterizes Version 0.1.0, with most of the restrictions expected to be lifted in the next release:

  1. Only AZERO is supported for shielding. Stable coins and ERC20 tokens are not yet supported.

  2. There is a limit of maximum 100 AZERO to be deposited at once. Also, the user interface (Common App browser Extension) does not allow a user to hold more than 100 AZEROin the shielded account, at any time.

  3. Instead of the mechanism with Anonymity Revokers (Anonymity Revokers), another scheme with limited privacy is used in this release (see PoW Anonymity Revoking). This will be replaced by the proper mechanism in the subsequent version.

  4. The access to Shielder is fully permissionless and there are no Registrars (see ZK-ID and Registrars), this means anybody can create an account and there are no additional requirements.

Technical Information on Circuits

While awaiting a full audit, the source code of the Halo2 circuits that we use stays in a private Github repository. The code of circuits will be published after the audit is finished and all findings have been addressed.

Notes and Hashing

For this release the structure of the note is as follows:

struct Note {
    version: Scalar, // version of the note structure. We start at 0
    id: Scalar, // the ZK-ID of a user
    trapdoor: Scalar, // a secret needed to prove ownership of the note
    nullifier: Scalar, // a secret used to invalidate the note
    balance_hash: Scalar, // the hash of the user's balance
}

Specifically

balance_hash = hash(balance, 0, 0, 0, 0, 0, 0)

Where balanceis the user's AZERObalance — it is followed by 6zeros before hashing (using Poseidon2 Hash). The reason for including the zeros, is to make it possible for a quite simple migration to a version that supports a limited number of ERC20 tokens (they would populate the 6 zeros). Since the maximum constant-arity Poseidon2 Hash that we support in out circuits is 7the 6zeros is the most natural choice.

The Noteis then hashed simply as:

hash(version, id, trapdoor, nullifier, balance_hash)

using a 5-aryPoseidon2 Hash.

Circuits and Constraints

Apart from some changes in hashing (explained above) the circuits in Version 0.1.0 mostly follow the PoC Version — see PoC. The only significant difference is related to the introduction of:

  • Versioning. Starting with this initial release each note has a version. We refer to #versioning for a detailed discussion on that.

  • PoW Revoking. We refer to PoW Anonymity Revoking.

https://github.com/Cardinal-Cryptography/zkOS-monorepo/releases/tag/v0.1.0
0x0019849f3fBA1ECd3fB4A2e27759e9432b19F6F3
0x48237d5B3659182b1B70Ccf8E4D077e812AaA5FF