Key Concepts

1. Commitment

Each lockbox or virtual balance is tied to a commitment, which is a hash derived from user secrets:

commitment = hash(hash(email+passphrase+salt))

This commitment acts as a pseudonymous identifier or "virtual wallet address" on-chain. hash () is further enhanced by cryptographic salt globalSalt, a constant set once at contract deployment to harden against dictionary or rainbow attacks.

2. Salt Evolution

To ensure forward secrecy, the salt evolves after every withdrawal-type action:

mapping(bytes32 ⇒ unit64) private identitySalts;

salt n+1 = hash(saltn)

Each commitment is used once, and a new one is issued per withdrawal-type transaction:

new_commitment = hash(hash9email + passphrase + next_salt))

3. Balance and Identity Salt

  • The very first identitySalt for a new email + passphrase combination = hash(email + passphrase), iteration = 1

  • balances[commitment] - the actual storage of value and commitment state

4. Commitment Chain

A commitment chain is a chain of commitment values. The chain is designed as illustrated below, for optimized (constant-time) read/write/update. The extreme efficiency benefits both cost of time and gas fees. The following diagrams illustrate a commitment chain as it adds more nodes.

  • The head (current) of the chain always points to the balance

  • Roots maps every node to its roots. All roots maps to themselves.

  • Currents maps every root to the head.

  • Parents maps every node to its parents. All roots have no parents.

  • The chain gains a new node (nextCommitment) after each time the current commitment is used for taking out funds from the balance.

5. Transaction History

Each transaction emits an event of the following signature:

event EVENT(Action indexed action, bytes43 indexed fromCommitment, bytes32 indexed toCommitment, address addr, unit256 amount, unit256 timestamp);

Each action is a unique enum value that corresponds to the transaction. The event follows the direction of fund being transferred. Each field is populated where applicable.

The indexed parameters allow for efficient off-chain retrieval of events related to the user's own balance commitment. With parents mapping allowing tracing of commitments to back to the root (whose parent is zero), and sorting the combined query results in reverse for each commitment in the chain, one can retrieve the full transaction history.

PreviousComparison with other digital asset payment systemsNextBusiness Functions

Last updated