privashhdocs
HomeGitHubQuick start

Reference

Concepts & glossary

The vocabulary shh's docs assume: commitments, nullifiers, notes, Merkle inclusion, anonymity sets, association sets, relayers, and the trusted setup.

Privacy systems reuse a small, precise vocabulary. This page defines the terms; the Privacy design pages fix the exact hashes and field elements.

Core cryptographic terms

Commitment
A hash that hides a secret value while binding to it. A deposit publishes a commitment; spending proves knowledge of its preimage without revealing it.
Nullifier
A unique, deterministic tag derived from a note's secret. Publishing it on spend prevents double-spending without linking back to the deposit.
Note (UTXO)
A unit of shielded value: commitment = H(amount, pubKey, blinding). Spending consumes input notes and creates output notes.
Blinding
Per-note randomness so that two notes of equal amount produce different commitments.
Merkle inclusion proof
A proof that a commitment is a leaf of a tree with a given root, without revealing which leaf.
Poseidon
A zk-friendly hash function used for every commitment, nullifier, and Merkle node — cheap to prove inside a circuit.
Groth16
The succinct proof system shh uses. Tiny, fast-to-verify proofs; the price is a per-circuit trusted setup.

Privacy & compliance terms

Anonymity set
The set of deposits a given withdrawal could plausibly correspond to. Larger sets mean stronger privacy.
Unlinkability
The inability to tie a withdrawal to its deposit (pools) or a transfer to a note owner (shielded).
Association set
An ASP-published subset of deposits deemed compliant. Profile B withdrawals must prove membership in it.
ASP (Association Set Provider)
The party that publishes the association root, scoping which deposits can exit privately — without learning more than the public deposit set.
Unlockable privacy
Privacy that an ASP can scope: a tainted deposit can be left out of the association root, making it non-withdrawable through the private path.

Operational terms

Relayer
An untrusted party that submits a withdrawal transaction on a user's behalf (gasless for the user). The proof binds the relayer, so it cannot steal or re-aim funds.
Sequencer
The node that orders L3 transactions and produces blocks. shh runs a single sequencer locally.
Settlement layer
Where the L3 posts its batches and roots — here, Base.
Trusted setup
The one-time ceremony that produces a circuit's proving/verifying keys. Must be multi-party for production.
Predeploy
A contract baked into genesis at a fixed address (e.g. verifiers, the Poseidon hasher) for a profile.