🔀JoinSplits

Veilnyx protocol transactions are specifically based on JoinSplit transactions from ZCash. In the overview, in a JoinSplit, a number of existing notes are spent, and new notes are created such that the total value remains conserved.

When a user spends his notes in a transaction, the so-called nullifiers of those notes need to be revealed. A nullifier is a unique element that is cryptographically bound to a note and can only be calculated with the knowledge of a note's properties, i.e. by its owner. The spent notes' nullifiers are marked in the application to prevent notes with already marked nullifiers from being spent again. A fresh set of new notes is created such that the total value is conserved in the state of application. The bearer of the newly created notes, however, may change in a transaction. In case of an external deposit/withdrawal of some value, the equivalent value is added/subtracted from newly created notes. Only the commitments of newly created notes are publicly shown during the transaction and are inserted into a Merkle tree data structure holding commitments of all notes ever created.

JoinSplit

The figure above represents notes involved in a JoinSplit. These transactions can be broadly divided into three types.

• Deposit: Deposit transaction where a non-zero external amount $V_{in}$ sent with the transaction payload, and equally valued one or more notes ($N_3$ and $N_4$) are created. Any spent notes’ ($N_1$ and $N_2$) value or any external withdrawal amount $V_{out}$ are zero.

• Withdraw: Withdraw transaction where non-zero value notes ($N_1$ and $N_2$) are spent to withdraw some non-zero value $V_{out}$ less than or equal to the sum of values of spent notes. Any change value left is accounted for by the creation of one or more notes ($N_3$ and $N_4$) for the user.

• Transfer: Transfer transaction where no external value is revealed (i.e. $V_{in}$ = $V_{out}$ = 0). Some notes ($N_1$ and $N_2$) are spent to create some new notes ($N_3$ and $N_4$) such that values remain conserved. However, the bearer of some note ($N_3$ in the figure) may change, which in effect represents a fully private peer-to-peer transfer of value.