🛡️Shielded Transaction

The shielded or private transactions in Labyrinth are performed by spending the user's notes in multiple JoinSplits while hiding all sensitive transaction details like the identity of the sender/receiver and values involved.

This is achieved by generating a zero-knowledge proof on the client side which proves that all the computations of the transaction were performed correctly. It proves that:

1. Spent notes' commitments are at some indices in the Merkle tree and it knows the same.

2. Spent notes' commitments are calculated correctly.

3. The signatures produced by a spent notes' owner's private key by signing the transaction are valid.

4. The revealed nullifiers of the spent notes are calculated correctly.

5. The commitments of the new notes are calculated correctly.

6. The total value remains conserved i.e. values of spent notes and newly created notes (adjusted with any external deposit/withdrawal value) are equal.

The generated proof $\pi$ is sent in the payload of the transaction, which is later verified by an on-chain verifier. States are modified e.g. commitments are inserted into tree and nullifiers are marked only if this verification succeeds, concluding the transaction.