🔐Shielded Account

ShieldedAccount defines a shielded account of a user that holds private assets. Only the holder of the account can spend assets attached to it and view balances and transaction history. Unlike Ethereum wallets which contain a single public-private key pair, the shielded accounts have two such key pairs.

  • Sign Key: This is the most sensitive key that is used to sign transactions and MUST not be revealed by any means. This is analogous to the private key of an Ethereum wallet. Not your keys, not your assets.

  • View Key: The purpose of the view key is to reveal your transaction history or balances. It cannot be used to spend assets in account. It only gives view access. This may be requested by websites to display data or create new transactions.

For security and recoverability, the shielded account keys are derived from your public wallet itself. So as long as you have access to your Ethereum wallet you have access to the shielded account. But that also means, losing your wallet keys also compromises your shielded account.


interface ShieldedAccount {
    signer: ISigner;
    viewer: Viewer;
    async sign(message: BytesLike): Promise<SchnorrSignature>;
    async signTransaction(tx: ITransaction): Promise<ITransaction>;
    encrypt(data: Uint8Array, entropy: bigint): Uint8Array;
    decrypt(encryptedData: Uint8Array): Uint8Array;


ISigner is an interface for the signer class. An Account requires an instance of such a signer for signing transactions, which authorizes the spending of assets in the user's shielded account.

export interface ISigner {
  readonly privateKey?: bigint;
  readonly publicKey: IPoint;

  sign(message: BigIntLike): Promise<SchnorrSignature>;
  verifySign(message: BigIntLike, sign: SchnorrSignature): Promise<boolean>;

Although ISigner can be implemented for different environments like wallets, currently SDK already provides two implementations.


This is a simple signer that holds the privateKey in memory. Using this is more suitable for CLI applications using SDK for private transactions.

import { Signer } from '@zkfi-tech/account';

const privateKey = '0x...';

const signer = new Signer(privateKey);


(Soon) This class is more suitable for browser apps. This acts as an interface to the [zkFi Snap] instead of storing shielded private key. Invoking the sign methods i.e. sign(...) and signTransaction(...) on it will open up the Metamask popup requesting signature from the user. This is recommended for web apps.

import { MetamaskSigner } from '@zkfi-tech/account';

const publicKey = '0x...'; // packed point

const mmSigner = new MetamaskSigner(publicKey);

Other Implementations

Other environments for getting signatures can be seamlessly integrated by all kinds of crypto wallets/environments e.g. Ledger by implementing ISigner interface. More ready-made implementations will be coming soon 😉.


Viewer is a class with the ability to decrypt and view users' balances and transactions. An instance of a viewer is created using a view private key.

import { Viewer } from '@zkfi-tech/account';

const privateKey = '0x...';

const viewer = new Viewer(privateKey);

Last updated