Privacy Boost uses the following three types of keys:
Spending keyThis is the key used by the user to control their assets. It is identical to the EOA key used in current wallets like MetaMask or Uniswap Wallet, and existing wallet users can use Privacy Boost without installing a separate wallet or recording a mnemonic.
Viewing keyThis key is used to decrypt and view all transactions the user sends or receives.
Nullifier keyThis key is used to generate nullifiers to prevent double spending.
Privacy Boost has a dedicated address that is different from the existing EOA address. This is called the MasterPublicKey, and it is generated based on the user’s spending key and nullifier key as follows:MasterPublicKey=Poseidon2(PublicKey, NullifierSecretKey)MasterPublicKey=_Poseidon_2(PublicKey, NullifierSecretKey)Here, PublicKey refers to the public key of the user’s wallet, and NullifierSecretKey refers to the nullifier private key. The MasterPublicKey is used as the “receiving address” for each user within the Privacy Boost protocol, and the sender generates a new UTXO for the recipient using the recipient’s MasterPublicKey.The sender does not directly use the same MasterPublicKey every time to generate UTXOs. Instead, for each transaction, the sender derives an ephemeral CommitmentPublicKey using a random value as follows:CommitmentPublicKey=Poseidon2(MasterPublicKey, random)CommitmentPublicKey=_Poseidon_2(MasterPublicKey, random)This CommitmentPublicKey is then used as the commitment input for newly generated UTXO:UTXO=Poseidon2(CommitmentPublicKey, token, value)UTXO=_Poseidon_2(CommitmentPublicKey, token, value)The reason for using a separate key derived from the MasterPublicKey for each UTXO is to make it difficult to identify patterns for each UTXO.If UTXO computation were done solely using the user’s public MasterPublicKey, the same UTXO preimage would be computed whenever the user receives the same token and amount, which could expose transaction patterns. Therefore, Privacy Boost uses a method in which the sender generates a CommitmentPublicKey that includes a random value for each transfer, so that each UTXO is generated in a form indistinguishable from others even for users with the same MasterPublicKey.