Token Shielding and Unshielding

Token shielding (deposit) and unshielding (withdrawal) are the entry and exit points between public and private states:

Shielding Process (Public → Private):

┌──────────────────┐
│  User's Public   │
│  Wallet Balance  │
│  (Transparent)   │
└────────┬─────────┘
         ↓
    Approve Token
         ↓
┌────────▼─────────┐
│  Generate        │
│  Commitment &    │
│  Proof (Client)  │
└────────┬─────────┘
         ↓
┌────────▼─────────┐
│  Call            │
│  deposit()       │
│  Function        │
└────────┬─────────┘
         ↓
┌────────▼─────────┐
│  Smart Contract: │
│  • Verify Proof  │
│  • Transfer Token│
│  • Store Commit. │
└────────┬─────────┘
         ↓
┌────────▼─────────┐
│  Private Pool    │
│  (Shielded)      │
│  🔒              │
└──────────────────┘

Shielding Details:

User selects amount and token to shield
Client generates random secret and commitment
Client creates ZK proof showing: “I know the opening of this commitment”
User approves token spending (ERC-20 only, not needed for BNB)
User submits transaction with commitment and proof
Contract verifies proof and transfers tokens from user to pool
Contract stores commitment in user’s stealth address commitment set
User stores commitment details locally (encrypted)

Unshielding Process (Private → Public):

┌──────────────────┐
│  Private Pool    │
│  (Shielded)      │
│  🔒              │
└────────┬─────────┘
         ↓
┌────────▼─────────┐
│  Select UTXOs    │
│  to Spend        │
│  (Client)        │
└────────┬─────────┘
         ↓
┌────────▼─────────┐
│  Generate        │
│  Nullifiers &    │
│  Proof (Client)  │
└────────┬─────────┘
         ↓
┌────────▼─────────┐
│  Call            │
│  withdraw()      │
│  Function        │
└────────┬─────────┘
         ↓
┌────────▼─────────┐
│  Smart Contract: │
│  • Verify Proof  │
│  • Check Nullif. │
│  • Transfer Token│
└────────┬─────────┘
         ↓
┌────────▼─────────┐
│  Recipient's     │
│  Public Wallet   │
│  (Transparent)   │
└──────────────────┘

Unshielding Details:

User selects amount and destination address for withdrawal
Client selects sufficient commitments (UTXOs) to cover amount
Client generates nullifiers for selected commitments
If withdrawal amount < total UTXOs, create change commitment
Client creates ZK proof showing: “I know the secrets for these commitments, and their sum ≥ withdrawal amount”
User submits transaction with nullifiers, destination, and proof
Contract verifies proof and checks nullifiers not previously used
Contract marks nullifiers as spent
Contract transfers tokens from pool to destination address
If there’s change, create new commitment for remaining balance

Pool Management:

Pool holds all shielded tokens in custody
Maintains separate balances for each token type
Uses ReentrancyGuard to prevent attacks
Emits events for transparency (amounts hidden in commitments)
Supports emergency pause mechanism

PreviousProof Validation Flow NextShield Key & View Key Derivation

Last updated 2 months ago