Trustless deposit and withdrawals for a Nomos Zone

(i.e. trustless bridges)

Since native zones are trustless, spending zone funds and/or updating a zone state (which are both represented as notes on the cl) can’t be based on knowledge of some secret.

Since we don’t want to create different kind of notes, zones that want to be permissionless need to either stick to a convention for the sk or publish their sk at creation. An example of such convention could be to use nk = 0 . We are assuming zones can be identified by a zoneid (e.g. the note unit)

For a deposit, a user needs to show that a new note that can be spent by the zone was created. Conversely, to retrieve funds one need to present authorization from the zone (in form of an output event of the zone vm) to be able to spend the zone notes.

To avoid having to look back in the history of the chain for such precondition events, we can restrain them to be part of the same partial transaction in the first version.

The death constraints of a zone funds note could look like the following:

Given public inputs ptx, in_zone_funds_nf, and private inputs in_zone_funds, in_zone_funds_path, d, in, in_path, s, user, v, out_zone_funds, out_zone_funds_path , spent_note, spent_note_path :

in_zone_funds is this note of value s > v, death_constraints d , nullifier in_zone_funds_nf and in_zone_funds_path is a valid path to the ptx inputs. Note that the nullifier of this note, which is supposed to be public to allow any participant to use it, is used to check that the death constraint logic is applied to this note, to avoid the case where spending this note is authorized by providing another note which satisfies the logic but e.g. of different value than this one
in is a note of unit zoneid (constant in the logic) s.t. its stf produced as output the event spend(v, user, in_zone_fund_nf) , in_path is a valid path to the ptx inputs
out_zone_funds is a note of value v-s, empty metadata, death constraints d , nk 0 , deterministic nonce, and out_zone_funds_path is a valid path to the ptx outputs
spent_note is a note of value v , nf pk user and spent_note_path is a valid path to the ptx output

what about blinding? zone funds needs to be public for the above condition to work as the user need to create the correct change