Updatable Public Key

as defined in QuisQuis by Mieklejohn et.al. (2018)

This primitive defines a way to derive new public key from a given key pair (pk,sk)(pk,sk) by multiplying the two public key points (g,h)(g,h) with a random scalar rr .

For example, let pkpk' be the updated public key for a key pair (pk,sk)(pk,sk), then Update(pk,r)Update(pk, r)would be defined as:

pk=g,h  s.t. h=gsk.For: r$Fp;.Update(pk,r)=(gr,hr)=pk.Verify(pk,sk)=(gr)sk=hrpk=g,h \ \ s.t. \ h=g^{sk} \\.\\ For: \ r\xleftarrow \$ \mathbb{F}_p ;\\ . \\ Update{(pk, r)}= (g^r,h^r)=pk' \\ . \\Verify(pk',sk)=(g^r)^{sk}=h^r

The Verify()Verify() function demonstrates that the public key can be updated without an upper bound and can still be identified with the same secret key sksk.

The base layer uses UPK to implement Updatable Accounts defined here:


Last updated