Twilight
Search…
Accounts
An account on the base layer is defined as a pair of pubkey and a commitment s.t.
$Acc_i=(pk_i,com_i) \ \ s.t. \ \ pk_i = (g_i^{r_i},h^{r_i}_i) \$
where g is the globally available generator point, r is a random scalar and h is defined as
$h_i=g_i^{sk}$
Note h here is not a global generator point but an elgamal public key point. Commitment is defined as an elgamal style commitment scheme s.t.
$com=(g_i^{(r_i*r'_i)} ,g^vh_i^{(r_i*r'_i)})$
where r' is a random scalar which updates the public key points to generate a new commitment for the key and v is the secret scalar of the balance in the account s.t.
$0\leq bl<2^{32}$
.

# Updatable Accounts

A public key is updated using scalar multiplication of a random scalar
$r_1$
with the group elements.
$Update(pk,r_1)= (g^{r_1},h^{r_1})=pk'$
A commitment is updated by adding it to a new zero balance commitment, generated using
$(pk,r_2)$
.
$Update(com,r_2)=com \cdot Commit_{pk}(0,r_2)$
Accounts are updated by updating public key
$pk→ pk'$
, generating a zero balance commitment using
$(pk,r_2)$
and adding the previous and new commitment
$com_{pk}(v) \cdot com_{pk}(0,r_2)$
.
$UpdateAcc(pk, com); r_1,r_2=Update(pk,r_1);com\cdot Commit_{pk}(0,r_2)$
This construction follows the Updatable Public Key primitive introduced in QuisQuis by Mieklejohn et.al. (2018).