Overview

Mazze privacy is implemented as a shielded pool that accepts deposits and shielded spends. The pool is an internal contract that verifies Groth16 proofs and maintains a Poseidon Merkle tree of commitments.

High-level flow

1. Shield (deposit): A public transfer calls shield(bytes32,bytes) with a commitment and ciphertext. The pool appends the commitment to its Merkle tree, stores a new root, and emits a log with the commitment and ciphertext.

2. Spend (shielded bundle): A shielded transaction calls applyShieldedBundle(...) with an anchor (root), nullifiers, new commitments/ciphertexts, optional transparent outputs/values, and a fee. The pool verifies the Groth16 proof, marks nullifiers as spent, updates the Merkle tree, and transfers any transparent outputs and fees from the pool.

Cryptography in the implementation

• Groth16 over BLS12-381 is used for proof verification in the pool contract.

• Poseidon is used for commitment hashing and Merkle tree construction.

• The Merkle tree depth is 32, and the pool keeps a history of 64 roots for anchor selection.

What is public on chain

• Commitments and ciphertexts are logged as ShieldedNote events.

• Nullifiers are stored to prevent double spends.

• Merkle roots are stored and exposed via root().

• Transparent outputs and their values are public inputs in the proof.