So, even if I know the transaction amount (e.g. it’s my own Tx I sent), it’s not possible, for me even, to cryptographically reproduce the hash on the ledger representing the Tx amount, using knowledge of Tx amount alone?
If so, it’d be good to know the full list of vectors needed to cryptographically determine the Tx amount (i.e. to do a reverse ‘proof’). I assume it’s scattered inside protocol.pdf which I keep like a bible.
Would a layman’s analogy be: compared to an AES-256 blob you want to decrypt (in order to know / see / ‘prove’ its plaintext value), the Zcash protocol requires multiple “passwords” (public keys like sender address, recipient address, etc.), in order to ‘decrypt’ the Tx amount?
I wonder how many other vectors (other than Tx amount) are needed to make a numbers-based dictionary attack of Tx amount become practical. (All of them? Only recipient address?)
Nonetheless, if you churn at least once with good OPSEC, in order to place an air gap between incoming and outgoing ZEC Tx’s in terms of other people’s knowledge of such vectors (meaning you’re not reusing addresses already known to other people for a second time), I can’t think of a way where an attacker could discover other Tx vectors and not the Tx value all at the same time. (I.e. they’d have to gain access to the system running your full node. IIRC, Zcash p2p network can only expose the link between an individual Tx and the node’s IP address which creates it, and/or other non-cryptographic heuristics like timestamp.)