silversixpence-crypto / zk-proof-of-assets

MIT License
5 stars 1 forks source link

Use transactions as input to the snarks, as opposed to signatures #57

Open Stentonian opened 3 months ago

Stentonian commented 3 months ago

The problem with having signatures as input is that they are easy to share. A prover can grab a signature from a friend. An unprocessed transaction is more unlikely to be shared, since sharing gives up control of the funds in the account.

In the snark we need to check that the transaction is a valid transaction, and that it spends all of the funds of the account. In order to do this we need to introduce nonces to the anonymity set (at least, this is the case for Ethereum) so that we can check that the given tx has the correct nonce to be the next valid tx for the account.

What do we do with the recipient address of the tx? If we let this be anything then the prover can just set it to an address that they control, so having the tx processed does not cause them to lose their funds. Either we could require it be the zero address, or we require it to be an address whose private key is part of the message section of the tx, so that whoever has the tx can spend the funds.