TL;DR

• zAccounts function as private ledgers for users

• zAccounts belong to a Zone managed by a Zone Manager

• zAccounts don't hold PII (Personally Identifiable Information) such as name, dob, etc.

Introduction

The zAccount is the end user's entrypoint to a Zone, and thereby to a Shielded Pool. A zAccount associates a user's EOA (Externally Owned Account, i.e. a wallet) with their KYC attestation, as required by the Zone Manager.

The core functionality of the zAccount is to allow users to safely deposit assets to transact with. Additionally, it lets users prove their balance in a private setup or withdraw their assets back to a publicly owned wallet.

zAccounts and compliance

The Protocol is designed to allow the Zone Manager to define compliance and the compliance attestation that is required to validate a zAccount. This enables Zone Managers to allow decentralized identities, and assign third-party KYC providers. Users can establish a zero-knowledge zAccount following successful verification.

The Protocol can verify the completion and nature of the user's verification without holding any sensitive personal data — while empowering the end user with tailored information sharing. It employs advanced zero-knowledge methods to ensure the confidentiality and control of users' transactional data on the blockchain.

To simplify compliance, each end user's activities are consolidated under a singular ledger, or zAccount.

zAccount architecture

zAccounts are crafted using a specific type of unspent transaction output (UTXO) within the Merkle Tree structure of UTXOs. Each zAccount UTXO encapsulates critical user-specific details, including the zAccount's unique identifier, balances in ZKP and PRP, Zone-ID, and more.

The Shielded Pool assigns every zAsset, represented by a UTXO commitment, to an “owner” — the only zAccount able to spend it. This is achieved by including a public (spending) key in generating the UTXO commitment, for which only the zAsset recipient knows the corresponding private (spending) key.

However, rather than using a single fully-public spending key for each recipient, known to the whole world, a new spending keypair is derived. This pair is guaranteed to be unique for each UTXO and strengthens the system’s privacy while offering greater flexibility to disclosure schemes.

Using the babyJubJub curve, each zAccount account generates:

• A read public/private keypair: ReadPubKey, ReadPrivKey.

• A Keypair for stealth address generation: SpendPubKey, SpendPrivKey.

All users then register ReadPubKey, SpendPubKey with a registry available to other users in that Pool.

What next?

• Deep dive into Panther Protocol's UTXO model