The concept of an Ethereum nullifier is derived from the concept of a revealed commitment.

There is a nullifier computed for every input note. Moreover, the nullifier of any output note

cannot collide with any other nullifier. However, there are several methods to compute the

nullifier for an input note. This article will discuss some of these methods. Also, you will learn

about Commitment-nullifier scheme and Transaction reversal.**RSA accumulators**To create a public proof of message authenticity, cryptographic accumulators can be used.

Each of these accumulators is based on a hashing function. The hash function takes the input

as a sequence of prime numbers, and maps it to a set. The prime representative of b_i is

H(b_i), and it can be computed in O(n) exponentiations in the Hash function $Gho$. This

process can also be performed on a witness, which is an accumulator of set $T setminus b_i$.

RSA accumulators can be used for the same purpose. As with a hash function, a cryptographic

accumulator has interesting properties that make it a good candidate for decentralized

systems. RSA accumulators are essentially hash functions for sets, and they can take any size

message as input and output a fixed-size value. In cryptographic systems, these functions are

an efficient way to generate proofs of integrity.

A sentee can also send a RSA accumulator to a’smart contract’. A smart contract requires the

sender to provide a nullifier before sending or receiving a combination of assets. The smart

contract also requires that the sentee nullify the combined asset token commitment Z once,

because Z’ is already present in the token commitments data structure. If nullifier N exists,

then the recipient is unable to send or receive funds from him.

A pre-nullifier is generated from a set of created records. The recipient of the transaction can

generate and submit proofs of the pre-nullifier and the entire transaction. In order to reveal a

pre-nullifier, the transaction creator must first create a set of commitments. These

commitments must be anonymous. If the inputs are not, they are equivalent to the

commitments that are created in a nullifier transaction. Further anonymity can be achieved by

generating a dummy transaction spending or creating an identical record.

**Quadratic arithmetic program (QAP)**

The Pinocchio protocol implements QAP as its proof algorithm. QAP is a zero-knowledge proof

algorithm. A well-known theorem guarantees that the probability of incorrectly accepting any

polynomial is low. Gabizon discusses two methods to make QAP’s more reliable: blinding the

Verifier and restricting the Prover’s polynomials.

**Commitment-nullifier scheme**

The Commitment-nullifier scheme is a new privacy mechanism introduced in the Ethereum

blockchain. The scheme consists of a set of created records, each with a pre-nullifier. In

exchange for the pre-nullifier, a transaction creator can disclose the transaction’s entire proof

to the recipient. The recipient then uses the proof to generate the post-nullifier. The pre-

nullifier is a unique string of 32 bytes, which is encrypted by the network, while the post-

nullifier proves that the transaction was created. This privacy scheme is effective, but has one

major drawback.

The Commitment-nullifier scheme uses a hash function to determine the owner of an UTXO. It

also includes the hash function Poseidon, which is the lowest-cost hash in SNARK. The sender

must have a private key to generate a Zkopru transaction, but it will need to have a nullifier

seed to prove ownership.

The Commitment-nullifier scheme uses a random number, or a binding factor, to prevent

multiple ‘guessing’ attempts. The nullifier is stored in the contract. If someone has more than

one ‘number’, they can spend a note with two different nullifiers, or commit to another note. A

committer must have a zero-knowledge proof of authorization before spending a note, or else

they’ll lose their investment.

The RSA-based commitment scheme has a homomorphic property with respect to the

multiplication operation. Therefore, the commitment can be proved if a fraction of the value

committed is revealed. However, in some cases, the secret value X is a vector of separable

values. For this reason, the Commitment-nullifier scheme in Ethereum is not perfect. Its

efficiency is based on the small space of the values in the transaction.**Transaction reversal**Ethereum Nullifier is a feature that allows you to undo a transaction after it has been sent. The

vulnerability in Ethereum occurred during the fund transfer process, where the recipient could

have added infinite ethers to his/her account. The reversal of a transaction in Ethereum is a

powerful way to protect coins and minimize the risk of losing them. This feature has also

enabled traders to invest in the cryptocurrency.

**Anonymity property**

The Anonymity property of the Ethereum nullifier is a key component of the Bitcoin protocol.

Anonymity refers to the ability of a recipient to not identify or link the contents of a message.

While it may not be possible to fully eliminate the threat of tampering, it is a useful feature for

centralized and decentralized environments. In this article, we will discuss the various aspects

of anonymity and how it works in the Ethereum protocol.