n, which is also a nullifier seed, is used to generate the public viewing key
N = n*Gwhere
Gis a constant generator EC point. With the public viewing key, the transaction sender makes an ephemeral shared key using ECDH, encrypts the transaction secrets, and puts them into the transaction's memo field. The latter 32 bytes of the total 64 bytes address stands for the public viewing key here.
nalso works as a seed value to generate the nullifiers to nullify the owner's UTXOs. Therefore, if Alice knows Bob's
n, Alice can track the transactions by decoding the nullifiers and decrypting the memo field.
pfrom the Ethereum account's private key and then derive the nullifier seed from the
p. And then, Zkopru uses
pfor EdDSA to verify the ownership of a UTXO to spend. Please note that a UTXO is a hash of
poseidon(S, data, salt). It means that Zkopru uses
S, which contains
n, for its commitment in the commitment-nullifier scheme.