Key Generation

Each Bermuda account is controlled by a twofold key pair consisting of a spending and an encryption key pair. The former operates over Curve25519 while the later uses Grumpkin.

With $S$ being an arbitrary random seed, hash it to a valid BN254 scalar field element following the specification in IRTF RFC 9380:

$$\quad s = \text{HashToField}(S)$$

The resulting BN254 scalar field element is the spending private key $s$.

Rehash $s$ with Blake2s and clamp the result as per Curve25519 spec to obtain the encryption private key:

$$\quad b = \text{Blake2s}(s)$$ $$\quad a = \text{Curve25519Clamp}(b)$$

Address

A Bermuda address consists of the concatenation of the Poseidon2 hash of the spending public key's $x$ and $y$ coordinates with the 32-byte public key of the encryption key pair:

$$\quad \text{Poseidon2}(x, y) \parallel a \cdot G$$