<!DOCTYPE HTML>
<html lang="en" class="sidebar-visible no-js light">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Transaction Constraints - Zero Network Documentation</title>
<!-- Custom HTML head -->
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff" />
<link rel="icon" href="favicon.svg">
<link rel="shortcut icon" href="favicon.png">
<link rel="stylesheet" href="css/variables.css">
<link rel="stylesheet" href="css/general.css">
<link rel="stylesheet" href="css/chrome.css">
<link rel="stylesheet" href="css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" href="highlight.css">
<link rel="stylesheet" href="tomorrow-night.css">
<link rel="stylesheet" href="ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- MathJax -->
<script async src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
</head>
<body>
<!-- Provide site root to javascript -->
<script>
var path_to_root = "";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "light";
</script>
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('no-js')
html.classList.remove('light')
html.classList.add(theme);
html.classList.add('js');
</script>
<!-- Hide / unhide sidebar before it is displayed -->
<script>
var html = document.querySelector('html');
var sidebar = 'hidden';
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
}
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<div class="sidebar-scrollbox">
<ol class="chapter"><li class="chapter-item expanded "><a href="0_0_zero_network.html"><strong aria-hidden="true">1.</strong> Zero Network</a></li><li class="chapter-item expanded "><a href="1_0_overview.html"><strong aria-hidden="true">2.</strong> Overview</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="1_1_what_is_privacy.html"><strong aria-hidden="true">2.1.</strong> What is Privacy</a></li><li class="chapter-item expanded "><a href="1_2_hide_transfer_amount.html"><strong aria-hidden="true">2.2.</strong> Hide Transfer Amount</a></li><li class="chapter-item expanded "><a href="1_3_gas_limit.html"><strong aria-hidden="true">2.3.</strong> Gas Limit</a></li><li class="chapter-item expanded "><a href="1_4_zero_knowledge_scheme.html"><strong aria-hidden="true">2.4.</strong> Zero Knowledge Scheme</a></li><li class="chapter-item expanded "><a href="1_5_transaction_constraints.html"><strong aria-hidden="true">2.5.</strong> Transaction Constraints</a></li></ol></li><li class="chapter-item expanded "><a href="2_0_transaction_constraints.html" class="active"><strong aria-hidden="true">3.</strong> Transaction Constraints</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="2_1_confidential_transfer.html"><strong aria-hidden="true">3.1.</strong> Confidential Transfer</a></li><li class="chapter-item expanded "><a href="2_2_confidential_smart_contract.html"><strong aria-hidden="true">3.2.</strong> Confidential Smart Contract</a></li></ol></li><li class="chapter-item expanded "><a href="3_0_primitive.html"><strong aria-hidden="true">4.</strong> Primitive</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="3_1_crypto.html"><strong aria-hidden="true">4.1.</strong> Crypto</a></li><li class="chapter-item expanded "><a href="3_2_jubjub.html"><strong aria-hidden="true">4.2.</strong> Jubjub</a></li><li class="chapter-item expanded "><a href="3_3_bls12_381.html"><strong aria-hidden="true">4.3.</strong> Bls12 381</a></li><li class="chapter-item expanded "><a href="3_4_elgamal.html"><strong aria-hidden="true">4.4.</strong> ElGamal</a></li><li class="chapter-item expanded "><a href="3_5_pairing.html"><strong aria-hidden="true">4.5.</strong> Pairing</a></li></ol></li><li class="chapter-item expanded "><a href="4_0_pallet.html"><strong aria-hidden="true">5.</strong> Pallet</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="4_1_plonk.html"><strong aria-hidden="true">5.1.</strong> Plonk</a></li><li class="chapter-item expanded "><a href="4_2_encrypted_balance.html"><strong aria-hidden="true">5.2.</strong> Encrypted Balance</a></li><li class="chapter-item expanded "><a href="4_3_confidential_transfer.html"><strong aria-hidden="true">5.3.</strong> Confidential Transfer</a></li></ol></li><li class="chapter-item expanded "><a href="5_0_related_tools.html"><strong aria-hidden="true">6.</strong> Related Tools</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="5_1_stealth_address.html"><strong aria-hidden="true">6.1.</strong> Stealth Address</a></li><li class="chapter-item expanded "><a href="5_2_pedersen_commitment.html"><strong aria-hidden="true">6.2.</strong> Pedersen Commitment</a></li><li class="chapter-item expanded "><a href="5_3_non_interactive_zero_knowlege_proof.html"><strong aria-hidden="true">6.3.</strong> Non Interactive Zero Knowledge Proof</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="5_3_1_qap.html"><strong aria-hidden="true">6.3.1.</strong> QAP</a></li><li class="chapter-item expanded "><a href="5_3_2_polynomial_commitment.html"><strong aria-hidden="true">6.3.2.</strong> Polynomial Commitment</a></li><li class="chapter-item expanded "><a href="5_3_3_homomorphic_encryption.html"><strong aria-hidden="true">6.3.3.</strong> Homomorphic Encryption</a></li></ol></li></ol></li><li class="chapter-item expanded "><a href="6_0_tutorial.html"><strong aria-hidden="true">7.</strong> Tutorial</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="6_1_plonk_pallet.html"><strong aria-hidden="true">7.1.</strong> pallet-plonk</a></li><li class="chapter-item expanded "><a href="6_2_confidential_transfer.html"><strong aria-hidden="true">7.2.</strong> confidential_transfer</a></li></ol></li><li class="chapter-item expanded "><a href="7_0_frequent_errors.html"><strong aria-hidden="true">8.</strong> Frequent Errors</a></li></ol>
</div>
<div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky bordered">
<div class="left-buttons">
<button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</button>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="light">Light (default)</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Zero Network Documentation</h1>
<div class="right-buttons">
<a href="print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="transaction-constraints"><a class="header" href="#transaction-constraints">Transaction Constraints</a></h1>
<p>In this section, we describe the concrete constraints for the transactions.</p>
<ul>
<li><a href="./2_1_confidential_transfer.html">Confidential Transfer</a></li>
<li><a href="./2_2_confidential_smart_contract.html">Confidential Smart Contract</a></li>
</ul>
<h2 id="abstract"><a class="header" href="#abstract">Abstract</a></h2>
<p>The transaction constraints consist of smaller pieces of constraints. There are three types of constraints we have as following.</p>
<div class="table-wrapper"><table><thead><tr><th>Constraint Type</th><th>Checking Condition</th><th>Static or Dynamic</th></tr></thead><tbody>
<tr><td>Common Transaction</td><td>Basic transactions object for example gas, signature and so on</td><td>Static</td></tr>
<tr><td>Confidential Transfer</td><td>Confidential transfer condition</td><td>Static</td></tr>
<tr><td>Confidential Smart Contract</td><td>Confidential smart contract condition</td><td>Dynamic</td></tr>
</tbody></table>
</div>
<p>The <code>Common Transaction</code> checks the basic transactions constraints and used for every transaction. When the users transfer assets, they need to generate the proof satisfying both <code>Common Transaction</code> and <code>Confidential Transfer</code> constraints. This consists of static constraints so the condition that the proof needs to satisfy are always same so we can modularize easily. However, when the users execute the smart contract, they need to generate the proof satisfying both <code>Common Transaction</code> and <code>Confidential Smart Contract</code> constraints. This consists of static and dynamic constraints so the condition that the proof needs to satisfy are always different.</p>
<p>We would like to describe the constraints more detail and how we generate the proof for dynamic constraints.</p>
<h2 id="process"><a class="header" href="#process">Process</a></h2>
<p>Every transaction needs to be attached the proof which satisfies the constraints. The proof is generated by proving key according to <code>plonk</code> protocol. The blockchain needs to setup the parameters and the user needs to generate key pair as following.</p>
<div class="table-wrapper"><table><thead><tr><th>Item</th><th>Description</th></tr></thead><tbody>
<tr><td>x</td><td>user private key</td></tr>
<tr><td>y</td><td>user public key</td></tr>
<tr><td>srs</td><td>setup parameters</td></tr>
<tr><td>s</td><td>randomness used for setup</td></tr>
<tr><td>setup()</td><td>setup function</td></tr>
<tr><td>F</td><td>field</td></tr>
<tr><td>G</td><td>elliptic curve group</td></tr>
<tr><td>g</td><td>elliptic curve generator</td></tr>
<tr><td>d</td><td>polynomial degree</td></tr>
<tr><td>pk</td><td>proving key</td></tr>
<tr><td>vk</td><td>verification key</td></tr>
</tbody></table>
</div>
<h3 id="setup"><a class="header" href="#setup">Setup</a></h3>
<p>Setup the paramaters used for generate and verify proof.</p>
<p>$$ g ∈ G $$
$$ setup(d, s) = [g, [s] g, [s^2] g, ... , [s^{d-1}] g] = (pk, vk) $$</p>
<h3 id="key-pair"><a class="header" href="#key-pair">Key Pair</a></h3>
<p>Generate the key pair for sign the transaction.</p>
<p>$$ x ∈ F $$
$$ y = g^x $$</p>
<h2 id="common-transaction-constraints"><a class="header" href="#common-transaction-constraints">Common Transaction Constraints</a></h2>
<p>Every transaction has common object items and this <code>Common Transaction Constraints</code> checks these condition.
The transaction object items are following.</p>
<div class="table-wrapper"><table><thead><tr><th>Item</th><th>Description</th></tr></thead><tbody>
<tr><td>source</td><td>transactor</td></tr>
<tr><td>target</td><td>destination address</td></tr>
<tr><td>input</td><td>transaction data</td></tr>
<tr><td>value</td><td>message value</td></tr>
<tr><td>gasLimit</td><td>gas limit of transaction</td></tr>
<tr><td>gasPrice</td><td>gas price of transaction</td></tr>
<tr><td>nonce</td><td>user account nonce</td></tr>
</tbody></table>
</div>
<p>The <code>Common Transaction Constraints</code> checks that the <strong>value</strong>, <strong>gasLimit</strong> and <strong>gasPrice</strong> are valid.
We use following function to generate proof and signature.</p>
<div class="table-wrapper"><table><thead><tr><th>Function</th><th>Description</th></tr></thead><tbody>
<tr><td>enc()</td><td>ElGamal encryption</td></tr>
<tr><td>sign()</td><td>sign transaction with private key</td></tr>
<tr><td>prove()</td><td>proof generation</td></tr>
</tbody></table>
</div>
<h3 id="encrypt-variables"><a class="header" href="#encrypt-variables">Encrypt Variables</a></h3>
<p>First of all, the number should be encrypted by ElGamal.</p>
<p>$$ enc(x, value, gasLimit, gasPrice, nonce) = value_{enc}, gasLimit_{enc}, gasPrice_{enc}, nonce_{enc} $$</p>
<h3 id="generate-proof-and-signature"><a class="header" href="#generate-proof-and-signature">Generate Proof and Signature</a></h3>
<p>Generate the proof with proving key and prove that this common params satisfy the statement.</p>
<p>$$ π = Prove(pk, statement_{common_constraint}[value_{enc}, gasLimit_{enc}, gasPrice_{enc}, nonce_{enc}]) $$</p>
<p>Generate the signature with private key and prevent front-running attack.</p>
<p>$$ σ = Sign(x, value_{enc}, gasLimit_{enc}, gasPrice_{enc}, nonce_{enc}, π) $$</p>
<h2 id="confidential-smart-contract"><a class="header" href="#confidential-smart-contract">Confidential Smart Contract</a></h2>
<p>This <code>Confidential Transfer Constraints</code> checks that the users smart constract execution is valid. The condition that users proof needs to satisfy is different for each contracts so it's provided by Dapp owner as the same with that the Ethererum Dapp owner provides the ABI of smart contract. When the developers finish implementing the smart contract, the smart contract is compiled and output the Wasm binary and constraints metadata. The constraints metadata is the polynomials expressing the smart contract constraints. The users need the metadata, their secret key and <code>srs</code> when they generate the proof.</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="1_5_transaction_constraints.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="2_1_confidential_transfer.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="1_5_transaction_constraints.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next" href="2_1_confidential_transfer.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<script>
window.playground_copyable = true;
</script>
<script src="elasticlunr.min.js" charset="utf-8"></script>
<script src="mark.min.js" charset="utf-8"></script>
<script src="searcher.js" charset="utf-8"></script>
<script src="clipboard.min.js" charset="utf-8"></script>
<script src="highlight.js" charset="utf-8"></script>
<script src="book.js" charset="utf-8"></script>
<!-- Custom JS scripts -->
</body>
</html>
