Primitives

Penumbra uses the following cryptographic primitives, described in the following sections:

• The Proof System section describes the choice of proving curve (BLS12-377) and proof system (Groth16, and potentially PLONK in the future);

• The decaf377 section describes decaf377, a parameterization of the Decaf construction defined over the BLS12-377 scalar field, providing a prime-order group that can be used inside or outside of a circuit;

• The Poseidon for BLS12-377 section describes parameter selection for an instantiation of Poseidon, a SNARK-friendly sponge construction, over the BLS12-377 scalar field;

• The Fuzzy Message Detection section describes a construction that allows users to outsource a probabalistic detection capability, allowing a third party to scan and filter the chain on their behalf, without revealing precisely which transactions are theirs.

• The Homomorphic Threshold Decryption section describes the construction used to batch flows of value across transactions.

• The Randomizable Signatures section describes decaf377-rdsa, a variant of the Zcash RedDSA construction instantiated over decaf377, used for binding and spend authorization signatures.

• The Key Agreement section describes decaf377-ka, an instantiation of Diffie-Hellman key agreement over decaf377.