How do Zcash Shielded Transactions Work?

When you receive shielded ZEC, the network creates a "note." This is like an encrypted UTXO containing your address, the value, and some random data that makes it unique.

The note itself never touches the blockchain.

Instead, a cryptographic commitment to the note gets added to a global Merkle tree that holds every note commitment ever created. The commitment is just a hash of the note's fields.

It's one way so you can't reverse engineer the note from it, and collision resistant so no two different notes can produce the same commitment. The chain stores the commitment but not the note.

When you spend a note, you need to prove two things: that your note exists and that you haven't already spent it.

To prove it exists, you prove a Merkle path from your commitment to the tree's root without revealing which commitment is yours. For double-spend prevention you reveal a nullifier, a value derived from the note that only you can compute.

Every note maps to exactly one nullifier. When you spend, that nullifier gets published and added to a set the network tracks. If anyone tries to spend the same note twice, the same nullifier would show up again and the network would reject it immediately.

But nobody watching can link a nullifier back to its corresponding commitment without knowing your secret key. They see a nullifier appear and they know some note was spent, but they have no idea which of the millions of commitments it came from.

The zk-SNARK ties everything together. When you construct a shielded transaction, you generate a small proof that confirms you own a valid note in the tree. The nullifier matches it and the amounts balance. The network verifies the proof and processes the transaction without learning what was spent, who received it, or how much moved.

That's privacy as architecture.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。