Skip to content
This repository was archived by the owner on Mar 11, 2025. It is now read-only.

Commit 6a8cf4f

Browse files
samkim-cryptojoncinque
samkim-crypto
and
joncinque
authored
[docs] Add formal spec for the public-key validity proof (#3863)
* ci: Bump rust stable version for twotx build * [docs] add public-key validity proof formal spec Co-authored-by: Jon Cinque <[email protected]>
1 parent c7c12f9 commit 6a8cf4f

File tree

2 files changed

+18
-6
lines changed

2 files changed

+18
-6
lines changed

docs/src/confidential-token/deep-dive/pubkey_proof.pdf

263 KB
Binary file not shown.

docs/src/confidential-token/deep-dive/zkps.md

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -187,9 +187,10 @@ amount. Specifically, a transaction fee is determined by two paramters:
187187
the fee rate of 1%, and `bp = 10000` represents the fee rate of 100%.
188188

189189
- `max_fee`: the max fee rate. A transfer fee is calculated using the fee rate
190-
that is determined by `bp`, but it is capped by `max_fee`.
190+
that is determined by `bp`, but it is capped by `max_fee`.
191191

192192
For example, consider a transfer amount of 200 tokens.
193+
193194
- For fee parameter `bp = 100` and `max_fee = 3`, the fee is simply 1% of the
194195
transfer amount, which is 2.
195196
- For fee parameter `bp = 200` and `max_fee = 3`, the fee is 3 since 2% of 200
@@ -221,7 +222,7 @@ The actual amount of a transfer fee cannot be included in the confidential
221222
extension `TransferWithFee` instruction in the clear since the transfer amount
222223
can be inferred from the fee. Therefore, in the confidential extension, the
223224
transfer fee is encrypted under the destination and withheld authority ElGamal
224-
public key.
225+
public key.
225226

226227
```rust
227228
struct FeeEncryption {
@@ -264,11 +265,22 @@ We refer to the proof specifications below for the additional details.
264265

265266
## Sigma Protocols
266267

267-
### Validity Proof
268+
### (Public-key) Validity Proof
268269

269-
A validity proof certifies that a twisted ElGamal ciphertext is a well-formed
270-
ciphertext. The precise description of the system is specified in the following
271-
notes.
270+
A public-key validity proof certifies that a twisted ElGamal public-key is a
271+
well-formed public key. The precise description of the system is specified in
272+
the following notes.
273+
274+
[[Notes]](./pubkey_proof.pdf)
275+
276+
The public-key validity proof is required for the `ConfigureAccount`
277+
instruction.
278+
279+
### (Ciphertext) Validity Proof
280+
281+
A ciphertext validity proof certifies that a twisted ElGamal ciphertext is a
282+
well-formed ciphertext. The precise description of the system is specified in
283+
the following notes.
272284

273285
[[Notes]](./validity_proof.pdf)
274286

0 commit comments

Comments
 (0)