n
, which is also a nullifier seed, is used to generate the public viewing key N = n*G
where G
is a constant generator EC point. With the public viewing key, the transaction sender makes an ephemeral shared key using ECDH, encrypts the transaction secrets, and puts them into the transaction's memo field. The latter 32 bytes of the total 64 bytes address stands for the public viewing key here.n
also works as a seed value to generate the nullifiers to nullify the owner's UTXOs. Therefore, if Alice knows Bob's n
, Alice can track the transactions by decoding the nullifiers and decrypting the memo field.p
from the Ethereum account's private key and then derive the nullifier seed from the p
. And then, Zkopru uses p
for EdDSA to verify the ownership of a UTXO to spend. Please note that a UTXO is a hash of poseidon(S, data, salt)
. It means that Zkopru uses S
, which contains n
, for its commitment in the commitment-nullifier scheme.p
: Zkopru private spending keyS
: Zkopru public spending keyn
: Zkopru private viewing key & nullifier seedN
: Zkopru public viewing keyS
and N