interface zkERC20 {
event CreateConfidentialNote(address indexed _owner, bytes _metadata);
event DestroyConfidentialNote(address indexed _owner, bytes32 _noteHash);
function cryptographyEngine() external view returns (address); //返回验证此令牌的零知识证明的智能合约的地址
function confidentialIsApproved(address _spender, bytes32 _noteHash) external view returns (bool);
//该功能允许票据持有人批准批准的地址“使用”一个零知识的票据从confidentialTransferFrom 转移。
function confidentialTotalSupply() external view returns (uint256); //所有机密令牌总和
function publicToken() external view returns (address); //对应erc20地址
function supportsProof(uint16 _proofId) external view returns (bool);
//此函数返回此令牌是否支持特定的零知识证明ID。密码引擎可以支持多个零知识证明。令牌创建者可能希望只支持这些证明的一个子集。
function scalingFactor() external view returns (uint256);
function confidentialApprove(bytes32 _noteHash, address _spender, bool _status, bytes _signature) public;
function confidentialTransfer(bytes _proofData) public;
//1 confidentialTransfer
//2
Successfully execute cryptographyEngine.validateProof(1, proofData)
If this proof is valid, then for every note being consumed in the transaction, the note owner has provided a satisfying ECDSA signature
Examine the output of cryptographyEngine.validateProof (createdNotes, destroyedNotes, publicOwner, publicValue) and validate the following:
Every Note in destroyedNotes exists in the token's note registry
Every Note in createdNotes does not exist in the token's note registry
function confidentialTransferFrom(uint16 _proofId, bytes _proofOutput) public;
}
与传统余额不同,值是通过由notes表示的uxto样式的模型来表示的。一份说明有下列公开资料:
note 有如下私人信息:
note的所有者字段是公共的,以便于使用,因为我们希望传统的Ethereum私钥能够针对零知识票据和零知识开销证明进行签名。可以使用monero风格的隐式地址协议来确保纸币所有者的Ethereum地址不包含关于纸币真正所有者的标识信息。
符合zkERC20标准的令牌必须具有存储令牌未使用的零知识笔记集的方法。密码引擎通过以下元组来识别notes:
1 A bytes32 _noteHash variable, a keccak256 hash of a note’s encrypted data
2 A address _owner variable, an address that defines a note’s owner
3 A bytes _notedata variable, the notedata is a combination of the note’s public key and the note metadata. When implemented using the AZTEC protocol, secp256k1 and bn128 group elements that allows a note owner to recover and decrypt the note.
An example implementation of zkERC20 represents this as a mapping from noteHash to owner: mapping(bytes32 => address) noteRegistry;. The metadata is required for logging purposes only, the noteHash and owner variables alone are enough to define a unique note.
发送机密消息的操作需要零知识证明,由给定的zk-ERC20契约侦听的加密引擎进行验证。这个证明的语义会随证明ID的不同而不同。例如,在两个零知识资产之间部分填充订单所需的零知识证明和单边“join-split”事务所需的零知识证明是不同的证明,具有不同的验证逻辑。密码引擎支持的每一个证明都有以下共同特征:
zkdai
:https://cn.etherscan.com/address/0xc5c0B2E7a265c96D29aE1E4e70Cd542deDc87aee#code
AZTEC:
https://github.com/AztecProtocol/AZTEC
tornadocash:
https://github.com/tornadocash/tornado-core/blob/master/contracts/ERC20Tornado.sol
https://www.jianshu.com/p/7b772e5cdaef?utm_source=oschina-app
zcash通俗文章
电路:
https://zhuanlan.zhihu.com/p/53765211
ZoKrates :
https://hackernoon.com/zokrates-zksnarks-on-ethereum-made-easy-ql5oc3638
https://rinkeby.etherscan.io/tx/0x36eb10e163878654b05dd72e74d2fb08abefd8c3f381ce1c26639656aa991693
code:
https://github.com/yurenju/aztec-demo/blob/master/src/demo.js