IZkProver
Umbra SDK reference for IZk Prover.
Defined in: src/client/interface/zk-prover.ts:81
Abstract base class defining the contract for zero-knowledge proof generation.
Remarks
Implementations of this class must provide cryptographic proof generation capabilities for zero-knowledge operations on the Solana blockchain. All methods are asynchronous to support various proof generation backends (WASM, native libraries, remote services).
This interface supports multiple proof types including:
- Master viewing key registration proofs
- SPL token deposit proofs (with hidden and public amounts)
- Deposit claim proofs with Merkle tree inclusion verification
Example
class WasmZkProver extends IZkProver {
async generateMasterViewingKeyRegistrationProof(
masterViewingKey: U128,
poseidonBlindingFactor: U128,
sha3BlindingFactor: U128,
expectedPoseidonCommitment: PoseidonHash,
expectedSha3Commitment: Sha3Hash
): Promise<[Groth16ProofABeBytes, Groth16ProofBBeBytes, Groth16ProofCBeBytes]> {
// Implementation using WASM circuit
}
// ... other methods
}Extended by
Constructors
Constructor
new IZkProver():
IZkProver
Returns
IZkProver
Methods
generateClaimSplDepositProof()
abstractgenerateClaimSplDepositProof(randomSecret,nullifier,masterViewingKey,merklePathElements,merklePathIndices,version,commitmentIndex,firstAddressLow,firstAddressHigh,secondAddressLow,secondAddressHigh,blockchainId,amount,year,month,day,hour,minute,seconds,mintPubkeyLow,mintPubkeyHigh,secondAddressBlindingFactor,relayerPubkeyLow,relayerPubkeyHigh,expectedVersion,expectedBlockchainId,expectedFirstAddressLow,expectedFirstAddressHigh,expectedAmount,expectedMintPubkeyLow,expectedMintPubkeyHigh,expectedMerkleRoot,expectedLinkerAddressHash,expectedNullifierHash,expectedSecondAddressKeccakAggregatedHash,expectedRelayerPubkeyLow,expectedRelayerPubkeyHigh):Promise<[BeBytes,BeBytes,BeBytes]>
Defined in: src/client/interface/zk-prover.ts:526
Generates a zero-knowledge proof for claiming an SPL token deposit.
Parameters
randomSecret
Random secret used in the original deposit commitment (128-bit)
nullifier
Nullifier secret to prevent double-spending (128-bit)
masterViewingKey
Master viewing key for compliance linkage (128-bit)
merklePathElements
Array of sibling node hashes in the Merkle tree path
merklePathIndices
(0 | 1)[]
Array of path direction indices (0=left, 1=right) for each tree level
version
Protocol version identifier
commitmentIndex
Index of the commitment in the Merkle tree
firstAddressLow
Low 128 bits of the first address (destination)
firstAddressHigh
High 128 bits of the first address (destination)
secondAddressLow
Low 128 bits of the second address (sender)
secondAddressHigh
High 128 bits of the second address (sender)
blockchainId
Blockchain/network identifier
amount
Deposit amount (private, not revealed in proof)
year
Transaction year
month
Transaction month
day
Transaction day
hour
Transaction hour
minute
Transaction minute
seconds
Transaction seconds
mintPubkeyLow
Low 128 bits of the SPL token mint public key
mintPubkeyHigh
High 128 bits of the SPL token mint public key
secondAddressBlindingFactor
Blinding factor for second address commitment (128-bit)
relayerPubkeyLow
Low 128 bits of the relayer public key
relayerPubkeyHigh
High 128 bits of the relayer public key
expectedVersion
Expected protocol version for verification
expectedBlockchainId
Expected blockchain identifier for verification
expectedFirstAddressLow
Expected low 128 bits of first address
expectedFirstAddressHigh
Expected high 128 bits of first address
expectedAmount
Expected deposit amount for verification
expectedMintPubkeyLow
Expected low 128 bits of mint public key
expectedMintPubkeyHigh
Expected high 128 bits of mint public key
expectedMerkleRoot
Expected Merkle tree root hash
expectedLinkerAddressHash
Expected linker address hash commitment
expectedNullifierHash
Expected nullifier hash commitment
expectedSecondAddressKeccakAggregatedHash
Expected Keccak (SHA-3) aggregated hash for second address
expectedRelayerPubkeyLow
Expected low 128 bits of relayer public key
expectedRelayerPubkeyHigh
Expected high 128 bits of relayer public key
Returns
Promise<[BeBytes, BeBytes, BeBytes]>
A promise resolving to a tuple of Groth16 proof components (A, B, C) in big-endian byte format
Throws
ZkProverError When proof generation fails due to invalid inputs, circuit errors, Merkle path validation failures, or computation errors
Remarks
This proof demonstrates knowledge of a deposit commitment and its inclusion in the Merkle tree. The proof verifies the Merkle path, nullifier, and all expected commitments. The amount remains private in the proof. Used for privacy-preserving deposit claims in the Umbra protocol.
Example
const proof = await prover.generateClaimSplDepositProof(
randomSecret,
nullifier,
masterViewingKey,
merklePathElements,
merklePathIndices,
version,
commitmentIndex,
firstAddressLow,
firstAddressHigh,
secondAddressLow,
secondAddressHigh,
blockchainId,
amount,
year, month, day, hour, minute, seconds,
mintPubkeyLow,
mintPubkeyHigh,
secondAddressBlindingFactor,
relayerPubkeyLow,
relayerPubkeyHigh,
expectedVersion,
expectedBlockchainId,
expectedFirstAddressLow,
expectedFirstAddressHigh,
expectedAmount,
expectedMintPubkeyLow,
expectedMintPubkeyHigh,
expectedMerkleRoot,
expectedLinkerAddressHash,
expectedNullifierHash,
expectedSecondAddressKeccakAggregatedHash,
expectedRelayerPubkeyLow,
expectedRelayerPubkeyHigh
);generateClaimSplDepositWithHiddenAmountProof()
abstractgenerateClaimSplDepositWithHiddenAmountProof(randomSecret,nullifier,masterViewingKey,merkleSiblingPathElements,merkleSiblingPathIndicies,version,commitmentIndex,destinationAddressLow,destinationAddressHigh,senderAddressLow,senderAddressHigh,blockchainId,amount,year,month,day,hour,minute,second,mintPublicKeyLow,mintPublicKeyHigh,secondAddressBlindingFactor,commissionFeeLowerBound,commissionFeeUpperBound,relayerPubkeyLow,relayerPubkeyHigh,expectedVersion,expectedFirstAddressLow,expectedFirstAddressHigh,expectedBlockchainId,expectedMerkleRoot,expectedLinkerAddressHash,expectedNullifierHash,expectedSecondAddressSha3AggregatedHash,expectedLowerBound,expectedUpperBound,expectedMintPubkeyLow,expectedMintPubkeyHigh,expectedRelayerPubkeyLow,expectedRelayerPubkeyHigh):Promise<[BeBytes,BeBytes,BeBytes]>
Defined in: src/client/interface/zk-prover.ts:396
Generates a zero-knowledge proof for claiming an SPL token deposit with a hidden amount.
Parameters
randomSecret
Random secret used in the original deposit commitment (128-bit)
nullifier
Nullifier secret to prevent double-spending (128-bit)
masterViewingKey
Master viewing key for compliance linkage (128-bit)
merkleSiblingPathElements
Array of sibling node hashes in the Merkle tree path
merkleSiblingPathIndicies
(0 | 1)[]
Array of path direction indices (0=left, 1=right) for each tree level
version
1
Protocol version identifier (must be 1)
commitmentIndex
Index of the commitment in the Merkle tree
destinationAddressLow
Low 128 bits of the destination address
destinationAddressHigh
High 128 bits of the destination address
senderAddressLow
Low 128 bits of the sender address
senderAddressHigh
High 128 bits of the sender address
blockchainId
1
Blockchain/network identifier (must be 1)
amount
Deposit amount (private, not revealed in proof)
year
Transaction year
month
Transaction month
day
Transaction day
hour
Transaction hour
minute
Transaction minute
second
Transaction second
mintPublicKeyLow
Low 128 bits of the SPL token mint public key
mintPublicKeyHigh
High 128 bits of the SPL token mint public key
secondAddressBlindingFactor
Blinding factor for second address commitment (128-bit)
commissionFeeLowerBound
Lower bound for commission fee
commissionFeeUpperBound
Upper bound for commission fee
relayerPubkeyLow
Low 128 bits of the relayer public key
relayerPubkeyHigh
High 128 bits of the relayer public key
expectedVersion
1
Expected protocol version for verification (must be 1)
expectedFirstAddressLow
Expected low 128 bits of first address
expectedFirstAddressHigh
Expected high 128 bits of first address
expectedBlockchainId
1
Expected blockchain identifier for verification (must be 1)
expectedMerkleRoot
Expected Merkle tree root hash
expectedLinkerAddressHash
Expected linker address hash commitment
expectedNullifierHash
Expected nullifier hash commitment
expectedSecondAddressSha3AggregatedHash
Expected SHA-3 aggregated hash for second address
expectedLowerBound
Expected commission fee lower bound
expectedUpperBound
Expected commission fee upper bound
expectedMintPubkeyLow
Expected low 128 bits of mint public key
expectedMintPubkeyHigh
Expected high 128 bits of mint public key
expectedRelayerPubkeyLow
Expected low 128 bits of relayer public key
expectedRelayerPubkeyHigh
Expected high 128 bits of relayer public key
Returns
Promise<[BeBytes, BeBytes, BeBytes]>
A promise resolving to a tuple of Groth16 proof components (A, B, C) in big-endian byte format
Throws
ZkProverError When proof generation fails due to invalid inputs, circuit errors, Merkle path validation failures, or computation errors
Remarks
This proof demonstrates knowledge of a deposit commitment and its inclusion in the Merkle tree without revealing the deposit amount. The proof verifies the Merkle path, nullifier, and all expected commitments. Used for privacy-preserving deposit claims in the Umbra protocol.
Example
const proof = await prover.generateClaimSplDepositWithHiddenAmountProof(
randomSecret,
nullifier,
masterViewingKey,
merkleSiblingPathElements,
merkleSiblingPathIndicies,
1, // version
commitmentIndex,
destinationAddressLow,
destinationAddressHigh,
senderAddressLow,
senderAddressHigh,
1, // blockchainId
amount,
year, month, day, hour, minute, second,
mintPublicKeyLow,
mintPublicKeyHigh,
secondAddressBlindingFactor,
commissionFeeLowerBound,
commissionFeeUpperBound,
relayerPubkeyLow,
relayerPubkeyHigh,
1, // expectedVersion
expectedFirstAddressLow,
expectedFirstAddressHigh,
1, // expectedBlockchainId
expectedMerkleRoot,
expectedLinkerAddressHash,
expectedNullifierHash,
expectedSecondAddressSha3AggregatedHash,
expectedLowerBound,
expectedUpperBound,
expectedMintPubkeyLow,
expectedMintPubkeyHigh,
expectedRelayerPubkeyLow,
expectedRelayerPubkeyHigh
);generateCreateSplDepositWithHiddenAmountProof()
abstractgenerateCreateSplDepositWithHiddenAmountProof(masterViewingKey,poseidonBlindingFactor,destinationAddressLow,destinationAddressHigh,randomSecret,nullifier,amount,relayerFee,commissionFeeLowBound,commissionFeeHighBound,commissionFeeBps,year,month,day,hour,minute,second,expectedYear,expectedMonth,expectedDay,expectedHour,expectedMinute,expectedSecond,expectedLinkerAddressHash,expectedDepositDataHash,expectedOnChainMvkHash,expectedSha3AggregatedHash,expectedRelayerFee,expectedCommissionFeeLowBound,expectedCommissionFeeHighBound,expectedCommissionFeeBps):Promise<[BeBytes,BeBytes,BeBytes]>
Defined in: src/client/interface/zk-prover.ts:189
Generates a zero-knowledge proof for creating an SPL token deposit with a hidden amount.
Parameters
masterViewingKey
Master viewing key for compliance linkage (128-bit)
poseidonBlindingFactor
Blinding factor for Poseidon commitments (128-bit)
destinationAddressLow
Low 128 bits of the destination address
destinationAddressHigh
High 128 bits of the destination address
randomSecret
Random secret for commitment privacy (128-bit)
nullifier
Nullifier secret to prevent double-spending (128-bit)
amount
Deposit amount (private, not revealed in proof)
relayerFee
Fee paid to the relayer
commissionFeeLowBound
Lower bound for commission fee
commissionFeeHighBound
Upper bound for commission fee
commissionFeeBps
Commission fee in basis points
year
Transaction year
month
Transaction month
day
Transaction day
hour
Transaction hour
minute
Transaction minute
second
Transaction second
expectedYear
Expected year for verification
expectedMonth
Expected month for verification
expectedDay
Expected day for verification
expectedHour
Expected hour for verification
expectedMinute
Expected minute for verification
expectedSecond
Expected second for verification
expectedLinkerAddressHash
Expected linker address hash commitment
expectedDepositDataHash
Expected deposit data hash commitment
expectedOnChainMvkHash
Expected on-chain master viewing key hash
expectedSha3AggregatedHash
Expected SHA-3 aggregated hash commitment
expectedRelayerFee
Expected relayer fee for verification
expectedCommissionFeeLowBound
Expected commission fee lower bound
expectedCommissionFeeHighBound
Expected commission fee upper bound
expectedCommissionFeeBps
Expected commission fee in basis points
Returns
Promise<[BeBytes, BeBytes, BeBytes]>
A promise resolving to a tuple of Groth16 proof components (A, B, C) in big-endian byte format
Throws
ZkProverError When proof generation fails due to invalid inputs, circuit errors, or computation failures
Remarks
This proof creates a deposit commitment where the amount is hidden (private). The proof verifies that all expected commitments match while keeping the actual deposit amount private. Used for privacy-preserving token deposits in the Umbra protocol.
Example
const proof = await prover.generateCreateSplDepositWithHiddenAmountProof(
masterViewingKey,
poseidonBlindingFactor,
destinationAddressLow,
destinationAddressHigh,
randomSecret,
nullifier,
amount,
relayerFee,
commissionFeeLowBound,
commissionFeeHighBound,
commissionFeeBps,
year, month, day, hour, minute, second,
expectedYear, expectedMonth, expectedDay, expectedHour, expectedMinute, expectedSecond,
expectedLinkerAddressHash,
expectedDepositDataHash,
expectedOnChainMvkHash,
expectedSha3AggregatedHash,
expectedRelayerFee,
expectedCommissionFeeLowBound,
expectedCommissionFeeHighBound,
expectedCommissionFeeBps
);generateCreateSplDepositWithPublicAmountProof()
abstractgenerateCreateSplDepositWithPublicAmountProof(masterViewingKey,poseidonBlindingFactor,destinationAddressLow,destinationAddressHigh,randomSecret,nullifier,amount,year,month,day,hour,minute,second,expectedAmount,expectedYear,expectedMonth,expectedDay,expectedHour,expectedMinute,expectedSecond,expectedLinkerAddressHash,expectedDepositDataHash,expectedOnChainMvkHash):Promise<[BeBytes,BeBytes,BeBytes]>
Defined in: src/client/interface/zk-prover.ts:277
Generates a zero-knowledge proof for creating an SPL token deposit with a public amount.
Parameters
masterViewingKey
Master viewing key for compliance linkage (128-bit)
poseidonBlindingFactor
Blinding factor for Poseidon commitments (128-bit)
destinationAddressLow
Low 128 bits of the destination address
destinationAddressHigh
High 128 bits of the destination address
randomSecret
Random secret for commitment privacy (128-bit)
nullifier
Nullifier secret to prevent double-spending (128-bit)
amount
Deposit amount (public, revealed in proof)
year
Transaction year
month
Transaction month
day
Transaction day
hour
Transaction hour
minute
Transaction minute
second
Transaction second
expectedAmount
Expected deposit amount for verification
expectedYear
Expected year for verification
expectedMonth
Expected month for verification
expectedDay
Expected day for verification
expectedHour
Expected hour for verification
expectedMinute
Expected minute for verification
expectedSecond
Expected second for verification
expectedLinkerAddressHash
Expected linker address hash commitment
expectedDepositDataHash
Expected deposit data hash commitment
expectedOnChainMvkHash
Expected on-chain master viewing key hash
Returns
Promise<[BeBytes, BeBytes, BeBytes]>
A promise resolving to a tuple of Groth16 proof components (A, B, C) in big-endian byte format
Throws
ZkProverError When proof generation fails due to invalid inputs, circuit errors, or computation failures
Remarks
This proof creates a deposit commitment where the amount is public (revealed). The proof verifies that the deposit amount matches the expected value and that all commitments are valid. Used for transparent token deposits where amount visibility is required.
Example
const proof = await prover.generateCreateSplDepositWithPublicAmountProof(
masterViewingKey,
poseidonBlindingFactor,
destinationAddressLow,
destinationAddressHigh,
randomSecret,
nullifier,
amount,
year, month, day, hour, minute, second,
expectedAmount,
expectedYear, expectedMonth, expectedDay, expectedHour, expectedMinute, expectedSecond,
expectedLinkerAddressHash,
expectedDepositDataHash,
expectedOnChainMvkHash
);generateMasterViewingKeyRegistrationProof()
abstractgenerateMasterViewingKeyRegistrationProof(masterViewingKey,poseidonBlindingFactor,sha3BlindingFactor,expectedPoseidonCommitment,expectedSha3Commitment):Promise<[BeBytes,BeBytes,BeBytes]>
Defined in: src/client/interface/zk-prover.ts:111
Generates a zero-knowledge proof for master viewing key registration.
Parameters
masterViewingKey
The master viewing key to register (128-bit unsigned integer)
poseidonBlindingFactor
Blinding factor for Poseidon hash commitment (128-bit)
sha3BlindingFactor
Blinding factor for SHA-3 hash commitment (128-bit)
expectedPoseidonCommitment
Expected Poseidon hash commitment to verify against
expectedSha3Commitment
Expected SHA-3 hash commitment to verify against
Returns
Promise<[BeBytes, BeBytes, BeBytes]>
A promise resolving to a tuple of Groth16 proof components (A, B, C) in big-endian byte format
Throws
ZkProverError When proof generation fails due to invalid inputs, circuit errors, or computation failures
Remarks
This proof demonstrates knowledge of a master viewing key and its corresponding blinding factors without revealing the actual key. The proof verifies that the commitments match the expected values. Used for privacy-preserving key registration in the Umbra protocol.
Example
const proof = await prover.generateMasterViewingKeyRegistrationProof(
masterViewingKey,
poseidonBlindingFactor,
sha3BlindingFactor,
expectedPoseidonCommitment,
expectedSha3Commitment
);
const [proofA, proofB, proofC] = proof;