penumbra-groth16

Groth16 over decaf377, Penumbra's shielded proofs

penumbra L1 privacy final protocol spec Poseidon

Native status
Mainnet
Enables
Shielded transactions proved with Groth16 over BLS12-377, using the decaf377 group and poseidon377 hashing
Specification
https://protocol.penumbra.zone/main/crypto/proofs.html

Penumbra is a shielded Cosmos chain whose private transactions are proved with Groth16 (via arkworks) over the pairing-friendly BLS12-377 curve. It builds on decaf377, a prime-order group obtained by applying the Decaf construction to a twisted Edwards curve over the BLS12-377 scalar field, and hashes with poseidon377, an instantiation of Poseidon over decaf377. BLS12-377, rather than BLS12-381, was chosen to leave room for future depth-1 proof recursion. The cross-ecosystem hook is Poseidon, instantiated here over the BLS12-377 scalar field: the same hash family that Zcash, Filecoin, Starknet, Mina, and Aleo expose over their respective fields, a conceptual equivalence the parity harness cannot run rather than one shared function.

Implementations

Relationships

Sources