📖
Wiki
  • RAILGUN 101
    • Overview
    • Getting Started
    • RAILGUN Privacy System
      • Zero-Knowledge Cryptography
      • Trusted Setup Ceremony
      • Community Broadcasters
      • Privacy Overview
    • Wallets and Keys
    • Shielding Tokens
    • Using Shielded Tokens
      • Gasless Interactions
    • Unshielding Tokens
    • Integrating RAILGUN
      • RAILGUN SDKs
      • Adapt Modules
      • Example - DEX Swaps
    • RAILGUN Deductions
    • Helpful Links
  • User Compliance Tools
    • Private Proofs of Innocence
    • RAILGUN Assurance Suite
    • Koinly Tax Exports
  • RAIL Token & Governance
    • RAIL Token Overview
    • RAIL Active Governor Rewards
    • RAIL Tokenomics
    • How to Stake RAIL
    • Decentralized Governance
Powered by GitBook
On this page
  • Spending Keys
  • Viewing Keys

Was this helpful?

  1. RAILGUN 101

Wallets and Keys

PreviousPrivacy OverviewNextShielding Tokens

Last updated 10 months ago

Was this helpful?

RAILGUN wallets (and by extension 0zk addresses/keys) can be created by any wallet infrastructure linked to the RAILGUN SDK. The first such wallet is the , developed by a partner project of RAILGUN.

The RAILGUN SDK follows the BIP-32 standard for key derivation from a seed, which allows for along an elliptic curve. To learn more about key derivation standards:

- For bip32, start with bip39 mnemonics for how seed phrases work.

- for the method to take the randomness the seed phrase represents and derive keys from it, being bip32.

- which defines standard paths that wallets derive along to get the key for a particular coin.

Users have access to 2 kinds of keys in their RAILGUN wallets:

  1. Spending Key – The key that allows users to cryptographically prove they own their tokens and send interactions. Spending Keys are analogous to a regular cryptocurrency wallet private key, only with a private 0zk address.

  2. Viewing Key – A key that exclusively allows viewing of all interactions (including private ones) sent by a particular address. Users can define the beginning and ending block for which the Viewing Key can observe in a scoped way. This is useful for auditability purposes, for example, a user can define the beginning and end of a tax year for their Viewing Key by block number.

Both the public Viewing Key and Spending Key are encoded in the 0zk address, hence why private addresses on RAILGUN are longer than standard 0x addresses. The key generation method is identical to how most other crypto keys are generated. Private keys are of course, not revealed publicly at any stage in wallet generation nor are they shared with any components of the RAILGUN system such as provers, verifiers, or Broadcasters.

Spending Keys

Spending Keys are generated along the which is a zk-SNARK-friendly elliptic curve, and follows the BIP-32 standard. Zk-SNARK proof verification on a blockchain requires the embedding of an elliptic curve inside a zk-SNARK circuit to enable succinctness and to fit within a block gas limit. Baby Jubjub enables efficient cryptographic functions to be built on-chain.

Viewing Keys

Viewing Keys are implemented on Edwards-curve Digital Signature Algorithm curves, specifically Ed25519. Viewing Keys enable the holder to decrypt the encoded interaction information but not send interactions. They merely scan the RAILGUN smart contract events to reveal what has been sent to users and what interactions users have sent. A different key derivation scheme is used for viewing keys as Ed25519 is more efficient if no zk-SNARK circuits need to be used.

NOTE: Once a Viewing Key is generated, they are irrevocable, meaning that whoever holds the key can see private interactions forever. An upcoming update will allow Viewing Keys to be scoped by block number, i.e. only display interactions from Block Number X to Block Number Y.

Railway Wallet
hierarchical deterministic wallets
here
Here
SLIP-44
Baby Jubjub elliptic curve,
(EdDSA)