Sprout vs Sapling technically

I’m trying to understand in a simple way the improvements of Sapling over Sprout. I tried to read this document but it’s very verbose and complicated.

I believe it’s quicker to prove and verify shielded transactions, but why is it quicker, did you change some hash functions?

I also see that addresses and keys is different. The sapling scheme has a lot of keys; proof keys, transmission keys, spend key, extended spending key, viewing keys, and on… what is the actual point functionally for a user?

From a high level, I understand that you make a commitment - a perdersen hash - that you stick on a merkle tree… then later come spending time, you supply the corresponding hashed nullifier and a generated merkle proof. What else? Has anyone done a simpler document than ^ that one?

Many thx.

you can’t edit posts? meh. “quicker to generate proofs and verifications for…”

This “rho” thing, makes each commitment unique, correct? Where does it come from?

the d “diversity” is what creates any number of addresses, where does it come from?

Hi @inquiring Welcome to the forums :slightly_smiling_face:

There are a few explainers out there that may help

Though I will admit most of it is above my head, the experts @ebfull and @daira may be able to answer your questions.

1 Like