Nullifiers
- Nullifiers are used to prevent things from happening more than once
- UniRep uses two different nullifiers
Epoch key nullifiers
- Epoch key nullifiers are used to prevent users from using the same epoch key twice and prevent users from double user state transition.
- If an epoch key nullifier is seen before, then drop the second user state transition proof.
- Nullifier of an epoch key is computed by
hash2([
epoch,
identityNullifier + nonce
])
caution
It would be better to be expressed as
hash3([
epoch,
identityNullifier,
nonce
]) % BigInt(2 ** epochTreeDepth)
But to save circuit constraints, we put identityNullifier and nonce in one input field.
NOTE: It is similar but not the same as epoch key.
Reputation nullifiers
- Reputation nullifiers are used to prevent users from double spending the reputation if an action requires users to spend reputation.
- If a reputation nullifier is seen before, then the second reputation proof is recognized invalid.
- Nullifier of a reputation spent is computed by
hash4([
identityNullifier,
epoch,
nonce,
attesterId
])
- The
noncecan only be within0toposRep-negRep-1with the given attesterID.