🔀JoinSplits

zkFi protocol transactions are specifically based on JoinSplit transactions from ZCash. On the overview, in a JoinSplit a number of existing notes are spent and new notes are created such that the total value remains conserved.

When a user spends his notes in a transaction, the so-called nullifiers of those notes need to be revealed. A nullifier is a unique element that is cryptographically bound to a note and can only be calculated with the knowledge of a note's properties i.e. by its owner. The spent notes' nullifiers are marked in the application to prevent notes with already marked nullifiers from being spent again. A fresh set of new notes is created such that the total value is conserved in the state of application. The bearer of the newly created notes, however, may change in transaction. In case of an external deposit/withdrawal of some value, the equivalent value is added/subtracted from newly created notes. Only the commitments of newly created notes are publicly shown during the transaction and are inserted into a Merkle tree data structure holding commitments of all notes ever created.

JoinSplit

The figure above represents notes involved in a JoinSplit. These transactions can be broadly divided into three types.

• Deposit: Deposit transaction where a non-zero external amount $V_{in}$ sent with transaction payload and equally valued one or more notes ($N_3$ and $N_4$) are created. Any spent notes’ ($N_1$ and $N_2$) value or any external withdraw amount $V_{out}$ are zero.

• Withdraw: Withdraw transaction where non-zero value notes ($N_1$ and $N_2$) are spent to withdraw some non-zero value $V_{out}$ less than or equal to the sum of values of spent notes. Any change value left is accounted for by the creation of one or more notes ($N_3$ and $N_4$) for the user.

• Transfer: Transfer transaction where no external value is revealed (i.e. $V_{in}$ = $V_{out}$ = 0). Some notes ($N_1$ and $N_2$) are spent to create some new notes ($N_3$ and $N_4$) such that values remain conserved. However, the bearer of some note ($N_3$ in the figure) may change, which in effect represents a fully private peer-to-peer transfer of value.