redshiftzero
redshiftzero
Currently in our key derivation we compute the ovk and dk from a single hash output as follows: ``` let (ovk, dk) = { let hash_result = prf::expand(b"Penumbra_ExpndVK", &nk.0.to_bytes(), ak.as_ref());...
Related to #2 We've prototyped with PLONK (#666, #665) for the `OutputProof`, and we should perform that same prototyping with some of the groth16 libraries we might use, e.g. https://github.com/arkworks-rs/groth16...
Suggested by @hdevalence: > we should change the “FVKHash” to an “Account ID” and make it a Poseidon hash rather than a blake2 instance This is such that we can...
**Is your feature request related to a problem? Please describe.** Currently we have memos on a per-Output basis. They are encrypted to a shared key between the sender and the...
From #1094, the tentative plan is to proceed with Groth16 initially: > While PLONK can be optimized to be faster than what we saw from our prototyping (approx ~10s per...
For #1095 and #1089 (maybe more?) we'll need to support flow crypto in-circuit: https://protocol.penumbra.zone/main/crypto/flow.html (see also #1058)
We need to check value commitment integrity in circuit - i.e. computing `C = v * G_v + blinding * H` and then checking the equality of C against the...
This ticket is for implementing a zk version of the `SpendProof`. It requires #711 such that `SpendProof`s can be generated in `pcli` and verified in `pd`. It also requires #714...
We need to verify TCT proofs of inclusion in circuit. This requires #714.
We will need to check the validity of nullifiers in circuit. We derive nullifiers using rate 3 poseidon so we need #714 to be implemented first.