Hash Function
H() is a hash function which takes message m of an arbitrary size as an input and produces constant-size output x:
x ← H(m).
To be considered cryptographically secure, hash functions are required to comply
with the following requirements:
1. Pre-image resistance. The probability of a Probabilistic Polynomial- Time (PPT) Adversary A finding m given x (i.e. m ← H−1(x)) is negli- gible.
2. Second preimage resistance. The probability of A finding m2 given m1, where H(m1) = H(m2) and m1 ̸= m2, is negligible.
3. Collision resistance. The probability of A finding m1 and m2, where H(m1) = H(m2) and m1 ̸= m2, is negligible.
Specifically, Preal is instantiated with Blake2b hash function [Aum+14] as Chain,A
Hblake2b for general-purpose computations and with Poseidon hash function [Gra+19] as Hposeidon for zero-knowledge proof friendly computations.
Merkle Tree
Merkle Tree [Mer80] is a tree-like cryptographic structure which is constructed through recursive hashing of the child nodes beginning with leaf nodes and end- ing with a single root node. In order to prove the inclusion of a certain leaf node in a Merkle Tree merkleTree, prover P has to provide verifier V with the Merkle Tree path opening the leaf node N, NP , which includes the aforementioned leaf node as well as the neighboring node for every level of the tree.
Specifically, Preal is instantiated with Merkle Trees computed with Hblake2b, Chain,A
denoted with a blake2b subscript, e.g. merkleTreeblake2b, for general-purpose structures and with Hposeidon, denoted with a poseidon subscript, e.g. merkleTreeposeidon, for zero-knowledge proof friendly structures.
Elliptic Curve
Elliptic curves are algebraic structures constructed over finite fields. The secu- rity of elliptic curves relies on the hardness of elliptic curve discrete logarithm problem (ECDLP) The goal of ECDLP is to find a scalar s, given points G and H on the curve, such that s·G = H, where · is the scalar multiplication in group G.
Specifically, Preal is instantiated with JubJub [Hop+21] for general-purpose Chain,A
computations and with BLS12-381 [BLS02] for pairing computations.
Stealth Address Scheme
Stealth address is a one-time public key generated via a scheme based on Diffie- Hellman Key Exchange (DHKE) [DH76], proposed in [Sab13]. The scheme conceives three key pair types:
1. secret spend key, ssk ← (a, b); where a and b are randomly generated scalars and represent a pair of secret keys.
2. public spend key, psk ← (A,B); where A = a·G (G is a generator of a JubJub group G) and B = b · G are compact representations of points on elliptic curve and represent a pair of public keys.
3. view key, vk ← (a,B); where a is a randomly generated scalar and B = b · G is a compact representation of a point on elliptic curve and represent a secret and public key respectively.
To generate a one-time key (i.e. stealth address), the receiver R is required to share his public spend key, psk, with the sender S, after which S is to proceed with following steps:
1. Generate a random scalar r.
2. Compute a one-time public key pk ← Hposeidon(r · A) · G + B. 3. Compute R ← r · G and propagate (pk, R) to receiver R.
To detect a message addressed to R, R is required to scan through the incoming messages using view key, vk, to check whether pk = Hposeidon(R·a)·G+B holds true for one of the transactions.
To compute the spend key, sk, corresponding to the one-time public key, pk, R is required to complete the following computation using his secret spend key, ssk: sk ← Hposeidon(R · a) + b.
Encryption Scheme
E() is an encryption function which takes plaintext m and encryption key ke as an input and produces ciphertext e as an output:
To decrypt, decryption function D() is utilized which takes ciphertext e and decryption key kd as an input and produces plaintext m as an output:
m ← D(e,kd).
For symmetric encryption, encryption and decryption keys are equivalent (i.e. ke = kd), whereas for asymmetric encryption encryption and decryption keys are different, though the two share a mathematical relationship (such as ke = kd · G, where G is a generator of group G).
Specifically, Preal is instantiated with ElGamal encryption scheme [El 85] Chain,A
as Eelgamal, Delgamal for asymmetric encryption and a permutation-based AEAD, concretely setup with Poseidon-SpongeWrap [Kho20] as Eposeidon,Dposeidon for symmetric encryption.
#dusk #MarketRebound #StrategyBTCPurchase #BTCVSGOLD #writetoearn
