跳到主要内容
privacyDecember 20, 2025·7 min read

NixAddress & UTXO Notes Explained

Understanding how NixAddress encoding works, the UTXO note model for private payments, and how Grumpkin curve cryptography enables unlinkable transactions.

@

@Arjay

NixProtocol

分享:

The address reuse problem

Say you're a freelancer and you tweet your ETH address so clients can pay you. Seems harmless, right?

Now anyone can see every payment you've received to that address. They can see your balance. When you spend, they can trace where your money goes. Your entire financial life is on display.

"Just use a new address for each payment," people say. But that means you need to be online to generate and share a fresh address every time. That doesn't scale.

NixAddress solves the receiving side, and the UTXO note model handles the privacy side. You share one compact address, and every payment you receive is an unlinkable private note that only you can find and spend.

What is a NixAddress?

A NixAddress is a compact encoding of a Grumpkin public key. That's it. No fancy multi-key scheme, no meta-addresses. You generate a Grumpkin keypair, encode the public key in NixAddress format, and share it wherever you like.

Here's the flow:

  1. Generate a Grumpkin keypair: Your wallet creates a private key and derives the corresponding public key on the Grumpkin curve (an embedded curve designed for ZK-friendly operations).

  2. Encode as NixAddress: The public key gets encoded into a compact, human-readable format. This is your NixAddress.

  3. Share it: Post it on your website, tweet it, put it in your email signature. Anyone with your NixAddress can send you private notes in the NixPool.

When someone sends you tokens, they create a UTXO note committed to your Grumpkin public key. The note goes into the Merkle tree as a Poseidon2 hash. Only you, with your Grumpkin private key, can discover and spend that note.

How privacy actually works: the UTXO model

The privacy in NixProtocol doesn't come from address tricks. It comes from the UTXO note model.

Every deposit into the NixPool creates a note commitment:

note = Poseidon2(value, owner_pubkey, salt)

These commitments sit in a Merkle tree on-chain (depth 20, supporting about 1 million notes). Nobody can tell what value a note holds or who owns it just by looking at the commitment.

When you spend notes, you publish nullifiers (deterministic values derived from the note and your private key). The nullifier can't be linked back to the original commitment. And once a nullifier is published, that note can never be spent again.

The result: deposits go in, transfers happen, withdrawals come out, but nobody watching the chain can connect the dots. The Merkle tree just grows with new commitments and the nullifier set grows with spent notes.

How do you find your notes?

When someone sends you a private note, they encrypt the note details (value, salt, your public key) using ECIES on the Grumpkin curve. This encrypted payload gets published alongside the transaction.

Your wallet scans new transactions and tries to decrypt each ECIES payload with your Grumpkin private key. If decryption succeeds, you've found a note meant for you. You store the details locally and can spend it later.

This scanning is the trade-off for privacy. You need to check each new transaction. But it's lightweight: just an ECIES decryption attempt per transaction. Wallets can do this in the background.

Gas abstraction: how the relayer helps

Here's a practical question: if your notes are private, how do you pay gas to spend them? If you fund a fresh address with ETH first, you've just linked yourself to it.

NixProtocol solves this with a relayer. Because ZK proofs authorize transactions (no signatures needed), anyone can submit the proof on-chain on your behalf. The relayer pays the gas and gets reimbursed from the transaction itself (a small fee deducted from the transfer amount).

You never need to send ETH to any address. The proof is the authorization. The relayer is just a delivery mechanism.

What NixAddress doesn't hide (and what the UTXO model does)

NixAddress itself is just an encoding. It doesn't magically create privacy. The privacy comes from the full system:

  • Note commitments hide values and owners
  • Nullifiers prevent double-spending without revealing which note was spent
  • ECIES encryption lets only the recipient discover their notes
  • ZK proofs authorize everything without revealing private inputs
  • The Merkle tree makes all notes look identical from the outside

Together, these pieces mean: deposits go in, private transfers happen, and withdrawals come out, with no visible link between them.

Where this matters

Payroll: Your employer deposits to the NixPool and creates a note for your NixAddress. Coworkers can't see your salary.

Donations: Nonprofits share a NixAddress. Donors send private notes. Nobody can see individual donation amounts or trace donors.

Business payments: Suppliers and customers transact through the privacy pool without building up a public record of their relationship.

DAO contributions: Support a DAO treasury through the NixPool without broadcasting your involvement.

How NixProtocol puts it together

We combine NixAddress with the full UTXO privacy pool to make private payments actually usable:

  • NixAddress encoding for a simple way to receive payments
  • ECIES on Grumpkin for encrypting note data to recipients
  • Poseidon2 commitments in a Merkle tree for the note model
  • UltraHonk proofs (Noir circuits, Barretenberg backend) for authorization
  • Auditor compliance via ECIES-encrypted transaction data
  • Relayer-based gas abstraction so you never link addresses

You get private payments that work in practice, not just in theory.

继续阅读

探索更多关于隐私基础设施和零知识证明的研究文章。

查看所有文章