Enables private UTXO transfers on a public ledger using ZKP to prove transaction validity.
Noir circuits implementing a simplified shielded pool. See spec for details and README for instructions.
(These circuits are unaudited and should not be used in production.)
(The beginnings of) a TS library for interacting with the shielded pool, e.g. as a validator or wallet. See README for instructions.
A proper implementation would include encrypted notes containing the asset information and UTXO commitment randomness, which the Receiver will need in order to later spend the UTXO.
For now we'll pretend that Sender/Receiver have a private communication channel.
Each transaction ought to be formed using ephemeral keys derived from the original keypair. This adds an additional layer of privacy, as one can no longer observe the same public key appearing in multiple transactions.
A key derived from the secret key that allows a trusted third-party to produce proofs on one's behalf, but does not grant final signing authority. This key would be sent, for example, from a hardware wallet to a user's computer to produce the ZKP. The transaction post is then signed by the hardware wallet before being sent to the ledger.
Yet another step in the key hierarchy, the viewing key enables third-party auditors to decrypt the encrypted notes but does not grant proof authorization or signing authority. This key would be shared, for example, with auditors for compliance.
Currently all UTXOs are private, but of course a proper implementation would support transactions containing a mix of private and public assets. Otherwise it's hard to imagine how an asset would ever enter the shielded pool to begin with...