I read that Zcash supports view keys, where one can use to see shielded transactions without being able to spend.
What is the theory behind those keys? How exactly do they work under the hood? I was reading the Zerocash paper but couldn’t find any information on those keys.
Hi @Panos , welcome to the forums 
You can find an overview of View Keys here:
If you want to dive into the code I would suggest looking at GitHub:
2 Likes
Thank you for your reply. My question is mostly about the cryptography behind those keys. Are those tied to the “normal” public keys? If I am given such a key, how do I learn future incoming values to a public key?
The place to look for details about Zcash’s design is https://zips.z.cash, not the Zerocash paper (which was never deployed; Zcash implemented a modified version of Zerocash including various fixes as Sprout, and then rolled out Sapling which is a separate design).
For viewing keys:
- Section 3.1 of the Zcash protocol spec describes the key components and their layered hierarchy.
- Section 4.2 specifies the cryptographic constructions.
For both Sprout incoming viewing keys and Sapling full viewing keys, the payment addresses are derived from the viewing keys, and therefore any transactions received by those payment addresses via the block chain are detectable with the viewing keys. Sapling full viewing keys can additionally detect spends (which is not possible for Sprout). We’ve documented what information is visible for Sapling full viewing keys, and what guarantees there are about the information, in ZIP 310.
1 Like
I see, makes sense! Thank you very much for the information!