search

hyperledger-labs / zeto

Privacy-preserving implementations of fungible and non-fungible tokens, using UTXO as the underlying transaction model
Apache License 2.0
25 stars 16 forks source link

About _commitmentsTree data type #32

Closed yushihang closed 2 months ago

yushihang commented 2 months ago

https://github.com/hyperledger-labs/zeto/blob/b1be3ba230ee19d4fcf90fd7a59c074f9b9db109/solidity/contracts/lib/zeto_nullifier.sol#L31

Thanks for you time.

I have a question about Zeto.

Why does the _commitmentsTree in zero_nullifier.sol use an SMT instead of a mapping?

As I understand it, the contract only needs to confirm that each input UTXO/commitment exists in the contract, since the transferor will prove ownership of each UTXO/commitment through ZKP.

And it seems that we also don't need to prove that a certain UTXO/commitment definitely does not exist in the commitmentsTree(the non-existance MTProof), so there is no need to use an SMT?

If there are any mistakes in my understanding, please feel free to correct me.

I would greatly appreciate it.

Thanks a lot

Chengxuan commented 2 months ago

Hi @yushihang , thanks for raising the question.

the contract indeed needs to check UTXOs are new before creation as well. Example check https://github.com/hyperledger-labs/zeto/blob/b1be3ba230ee19d4fcf90fd7a59c074f9b9db109/solidity/contracts/lib/zeto_nullifier.sol#L77

Also, the Merkle tree data structure is preferred (compared to hash map) because it provides a more efficient way to generate proof of inclusion and ensure data integrity.

yushihang commented 2 months ago

Got it, thanks a lot!