# Anonymous Assets

Bit Bank network allows for the issuance and transfer of anonymous assets with an arbitrary number of parameters. These tokens are anonymous, relying on zero-knowledge proofs to ensure validity without revealing any other information.

New tokens are created and destroyed every time you send an anonymous transaction. To send a transaction on Bit Bank, you must first issue a credential that commits to some value you have in your wallet. This is called the **Mint** phase. Once the credential is spent, it destroys itself: what is called the **Burn.**

Through this process, the link between inputs and outputs is broken.

### Mint

During the **Mint** phase we create a new coin C , which is bound to the public key P. The coin C is publicly revealed on the blockchain and added to the merkle tree, which is stored locally on the Bit Bank wallet.

We do this using the following process:

Let v be the coin's value. Generate random rC, rV and serial ρ.

Create a commitment to these parameters in zero-knowledge:

Check that the value commitment is constructed correctly:

Reveal C and V. Add C to the Merkle tree.

### Burn

When we spend the coin, we must ensure that the value of the coin cannot be double spent. We call this the *Burn* phase. The process relies on a N nullifier, which we create using the secret key x for the public key P. Nullifiers are unique per coin and prevent double spending. R is the Merkle root. v is the coin's value.

Generate a random number rV.

Check that the secret key corresponds to a public key:

Check that the public key corresponds to a coin which is in the merkle tree R:

Check that the value commitment is constructed correctly:

Reveal N, V and R. Check R is a valid Merkle root. Check N does not exist in the nullifier set.

The zero-knowledge proof confirms that N binds to an unrevealed value C, and that this coin is in the Merkle tree, without linking N to C. Once the nullifier is produced the coin becomes unspendable.

### Adding values

Assets on Bit Bank can have any number of values or attributes. This is achieved by creating a credential C and hashing any number of values and checking that they are valid in zero-knowledge.

We check that the sum of the inputs equals the sum of the outputs. This means that:

And that B is a valid point on the curve G2.

This proves that B=0G1+bG2=bG2 where b is a secret blinding factor for the amounts.

## Diagram

Last updated