BURNAT

Burns an authenticator token. The zero knowledge proof required for this action is identical to the one of the MINTNFT action. The only difference is that it does not create a new leaf in the merkle tree. Instead it just proves knowledge of the spend authority of the address and of the secret randomness the authenticator token was minted with. This gives access to privately withdraw assets from a third party smart contract where they have been deposited using the authenticator token's note commitment value as an identifier.

Privacy Implications

No assets are being moved by this action.

Flow

The following steps specify the flow of BURNAT.

Step 0

The UTXO $not e_{b}$ is an authenticator token representing a permission.

Step 1

Calculate the diversified transmission key of the ZEOS wallet address owning the permission (see section 5.4.1.6 of the Zcash Protocol Specification):

$g_{d}_{not e_{b}} = DiversifyHas h^{Orchard} (not e_{b} .d)$

Step 2

Calculate the $NoteCommit$ of $not e_{b}$ (see UTXO Commitment):

$c m_{not e_{b}} = NoteCommit_{rcm}^{Orchard} (g_{d}_{not e_{b}}, not e_{b} . p k_{d}, not e_{b} .d1, not e_{b} . ρ, not e_{b} . ψ, not e_{b} .d2, not e_{b} .sc, not e_{b} .nft)$

Step 3

Set the private inputs $ω$ of the arithmetic circuit:

$path = 0$
$pos = 0$
$g_{d}_{a} = 0$
$p k_{d}_{a} = 0$
$d1_{a} = 0$
$d2_{a} = 0$
$ρ_{a} = 0$
$ψ_{a} = 0$
$rcm_{a} = 0$
$cm_{a} = 0$
$α = 0$
$ak = 0$
$nk = 0$
$rivk = 0$
$g_{d}_{b} = g_{d}_{not e_{b}}$
$p k_{d}_{b} = not e_{b} . p k_{d}$
$d1_{b} = not e_{b} .d1$
$d2_{b} = not e_{b} .d2$
$sc_{b} = not e_{b} .sc$
$ρ_{b} = not e_{b} . ρ$
$ψ_{b} = not e_{b} . ψ$
$rcm_{b} = not e_{b} .rcm$
$acc_{b} = 0$
$g_{d}_{c} = 0$
$p k_{d}_{c} = 0$
$d1_{c} = 0$
$ψ_{c} = 0$
$rcm_{c} = 0$
$acc_{c} = 0$

Step 4

Set the public inputs $x$ of the arithmetic circuit:

$ANCHOR = 0$
$NF = 0$
$RK_{X} = 0$
$RK_{Y} = 0$
$NFT = 1$
$B_{d 1} = not e_{b} .d1$
$B_{d 2} = not e_{b} .d2$
$B_{sc} = not e_{b} .sc$
$C_{d 1} = 0$
$CM_{B} = c m_{not e_{b}}$
$CM_{C} = 0$
$ACC_{B} = 0$
$ACC_{C} = 0$

Step 5

Generate $π_{C_{zeos}, ω, x}$ a proof of knowledge of satisfying arguments $(ω, x)$ so that $C_{zeos} (ω, x) = 1$

The pair $(π_{C_{zeos}, ω, x}, x)$ is the zk-SNARK which attests to knowledge of private inputs $ω$ without revealing them.

Step 6

Generate UTXO ciphertext $not e_{b}_{enc}^{burn}$ of $not e_{b}$ which is burned and therefore has the BURN flag set. This ciphertext is created only for the sender's wallet transaction history to detect burned UTXOs when scanning the ZEOS smart contract's state (see section 4.19.1 of the Zcash Protocol Specification).

Step 7

Execute the BURNAT action of the ZEOS smart contract. This action takes the following arguments:

$π_{C_{zeos}, ω, x}$ : The zero knowledge proof of satisfying arguments $(ω, x)$
$x$ : The public inputs of the zero knowledge proof $π_{C_{zeos}, ω, x}$
$not e_{b}_{enc}^{burn}$ : The UTXO ciphertext which indicates the 'burned' permission $not e_{b}$

The ZEOS smart contract then performs the following checks:

Is the zero knowledge proof $π_{C_{zeos}, ω, x}$ valid?
Is the NFT flag set ( $x . NFT = 1$ )?

Step 8

If $true$ , the ZEOS smart contract performs the following operations:

Add ciphertext $not e_{b}_{enc}^{burn}$ to the Transmitted UTXO Ciphertext List

If $false$ , cancel execution.

The ZEOS Book