Shielded Account

Implementation of a shielded account


A Shielded Account can be thought of as having a private crypto account counterpart to regular Ethereum accounts. However, unlike public Ethereum accounts which have a single public-private key pair, a shielded account has two such key pairs - Sign and View key pairs.

For a better user experience, the shielded account keys are derived from the public Ethereum address itself. Meaning, that a user having a seed phrase and/or private key to their wallet can recover the same shielded account. This eliminates the load of handling any additional keys or seed phrases other than your regular Ethereum wallet. You implicitly have a Shielded Account if you have an Ethereum account in wallets (e.g. MetaMask, Rainbow, etc.).

To derive keys, the user signs a fixed message. The obtained signature's ( ) (Poseidon) hash acts as the seed ( Ī“\delta ) for derivating both key pairs of Shielded Account.

Ļƒ=ECDS_Sign(M)Ī“=H(Ļƒ)\sigma = \mathtt{ECDS\_Sign}(M) \\ \delta = H(\sigma)

In zkFi MetaMask Snap, the shielded account keys are derived by utilizing the entropy Snap APIs that are available.

Sign Key Pair

The sign key allows the holder of the shielded account to authorize transactions from its shielded account. A valid signature is constructed by signing the transaction data with sign private key, ss via the Schnorr signature scheme over the Baby JubJub curve.

Holding a Sign private key gives the holder authority to spend any asset associated with that shielded account. Never share it!

The signing operation is intended to happen in a secure environment. Sign private key is derived as:

s=H(Ī“,0x7369676e)s = H(\delta, \mathtt{0x7369676e})

The hex value 0x7369676e hex representation of string "sign".

View Key Pair

The view key renders the view access to your shielded account - giving anyone holding the ability to read your balance and transaction history. The view private key encrypts the transaction-specific data while performing the transaction. Later, the same data is decrypted to reveal the balance and transaction history by the same key.

View private key is derived as:

p=H(Ī“,0x76696577)p = H(\delta, \mathtt{0x76696577})

The hex value 0x76696577 hex representation of string "view".

Last updated