The need for privacy has always existed, and with the development of the blockchain over the years, more decentralized privacy solutions have emerged.
At the application layer, there is Tornado,zk.moneySuch a coin mixer,UmbraSuch a stealth address tool,Zcash、XMRSuch privacy coins; at the protocol layer, there areSecret、Aleo、MinaSuch a private public chain even hasAztecSuch privacy L2.
But there are always problems with these solutions.
On the one hand, Tornado,zk.moneyIt is difficult for easy-to-use coin mixers to form a combinable privacy transaction ecology, and as supervision tightens, Tornado is sanctioned by OFAC (Office of Foreign Assets Control of the U.S. Department of the Treasury), and some Ethereum addresses associated with the Tornado Cash protocol are listed Sanction list, protocol developers have also been arrested, this type of popular privacy solutions are facing huge regulatory risks.
On the other hand, the schemes of privacy public chain, privacy coin, and privacy L2 are too heavy and not user-friendly, and most of these schemes are independent of the Ethereum ecosystem, lack of liquidity, and have a certain threshold for users on Ethereum.
Odaily recently inEthereum ForumA very lightweight, user-friendly privacy solution found onEIP-5564: Stealth Address Wallets. Regarding this scheme, at the beginning, the proposer Nerolation proposed to use Merkel Trees andzk-SNARKsimage description
Image source: https://ethresear.ch/t/erc721-extension-for-zk-snarks/13237
Regarding product effects,EIP-5564: Stealth address wallet can protect transaction amount and identity information of both parties in a transactionimage description
Image source: https://eips.ethereum.org/EIPS/eip-5564
And because EIP-5564 achieves privacy on the wallet side, it is easier to use than other solutions, helping users avoid multiple complex interactions.
About EIP-5564 stealth address wallet,secondary title
image description
Image source: https://ethresear.ch/t/erc721-extension-for-zk-snarks/13237
For the first time, a one-time public key is generated and broadcast.The sender generates a one-time private key s and the corresponding public key S, S=G*s, the public key S is broadcast to the network, and the receiver detects the public key S.
Second, calculate the shared secret.Both the sender and the receiver can calculate a shared key Q through their own public key P, private key s and received one-time public key S, Q is customized according to the public key and private key of both parties in the transaction, Q=P∗ s=p∗S. For the sender, Q=P1*s, for the receiver, Q=p2*S, so both the sender and the receiver can calculate the shared key Q.
(Cryptographic premise. Each user has its own private key p and public key P, the sender’s public key is P1, the private key is p1, P1=G*p1, the receiver’s public key is P2, and the private key is p2 , P2=G*p2. G is the base point of ECG)
Finally, a stealth address is generated.Use Q to generate a new address A, A=pubtoaddr(P+G∗hash(Q), and its private key is p2+hash(Q). At this time, the sender can send assets to address A, and the receiver can pass the Known information to calculate the private key and control the assets of address A.
Innovation
Innovation
Stealth address wallet is a combination of privacy address and smart contract wallet.
Traditional privacy address generation tools may leak transaction privacy due to payment gas. If the sender only sends the NFT to the stealth address, the recipient cannot continue to send the NFT to other addresses, because the stealth address needs gas to pay and transfer out of the NFT, and the EOA account that provides the gas is not anonymous and will be tracked .
The innovation of the smart contract wallet that supports stealth addresses is that,secondary title
Development and Opportunities
From a product point of view, tools and wallets are also products. Stealth address wallets implement the functions of privacy address tools in the form of wallets, which are easier to use than traditional stealth address tools. This inspires us toInstead of simple applications by customizing functions for wallets.
From a functional point of view,EIP-5564: Stealth Address WalletsThe implementation idea is to add a function of generating invisible addresses to the contract wallet. Considering the strong programmability and composability of the smart contract wallet, the wallet plug-in may be a good subdivision track.Developers can try to develop some wallet plug-ins so that other contract wallets can integrate these functions, and investors can pay due attention to the latest developments in wallet plug-ins and business models or token economies.
Related Reading
Related Reading
Parsing the session key: Web3 version of "Secret-Free Payment"
Actively reject "poisoning attacks" - the opportunity for contract wallets to appear
