Zec #zec
Halo 2 builds proofs only through the algebraic properties of groups and polynomials,
without fixing the secret intersection at the start.
1. You have hidden polynomials P(x) and Q(x).
2. You publish their encrypted commits: Commit(P), Commit(Q).
3. The public chooses a random point: x0.
4. You compute:
- P(x0) is kept secret,
- Q(x0) is kept secret.
5. You prove that:
Commit(P) on x0 minus Commit(Q) on x0 = Commitment(0).
6. The public verifies this equality without knowing P(x0) and Q(x0) themselves.
Commit to the secret - You fix the polynomial in a hidden form, and everyone can verify the properties of the safe without seeing the contents.
When you want to create a new transaction:
• You locally open your secrets (for example, “spending keys”) and read your notes.
• You compute everything necessary: which notes you want to redeem, which to create.
• You locally create a zk-proof that proves:
• that you own the necessary notes (Commitments),
• that you honestly reduced the sum,
• that you did not spend notes twice.
When you work with your wallet:
• Your wallet knows your private viewing key (“Incoming Viewing Key”, IVK).
• With its help, you can:
• View incoming transactions (find your notes in the blockchain),
• Decode sums and addresses,
• Manage your assets.
On the blockchain appear:
• New commits (new notes),
• State updates,
• And the zk-proof itself, confirming the correctness of the actions.
No one else can do this without your viewing key.
You spend your notes by creating proof of ownership + a nullifying code,
but the note itself and your identity remain hidden.
Your note is an encrypted sum in the commit.
Your spending actions are algebraic checks on encrypted sums through polynomials.
The public only sees the correctness of the operations, but does not see the sums themselves.