Ethereum co-founder Vitalik Buterin has proposed a solution to what he calls Ethereum’s “largest remaining challenge” — privacy. Vitalik Buterin acknowledged the need for a privacy solution in a blog post on January 20 because any information that gets onto a “public blockchain” is public by default.
Vitalik then devised the concept of “stealth addresses” to overcome the security issue. According to Buterin, these addresses can anonymize peer-to-peer transactions, nonfungible token (NFT) transfers, and Ethereum Name Service (ENS) registrations, thereby protecting users.
Vitalik Buterin’s incomplete guide to stealth addresses
Buterin explained in the blog post how two parties can carry out anonymous on-chain transactions. To begin, a user seeking to receive assets will generate and keep a “spending key,” which will then be used to generate a stealth meta-address.
This address, which can be registered on ENS, is then passed on to the sender, who can perform a cryptographic computation on the meta-address to generate a stealth address that belongs to the receiver.
The sender can then transfer assets to the receiver’s stealth address while also publishing a temporary key to confirm that the stealth address belongs to the receiver. As a result, each new transaction generates a new stealth address.
A stealth address, as proposed by Vitalik Buterin, is one that can be generated by either a buyer or a seller and is controlled by just one party. Another way to look at it is that stealth addresses provide the same privacy benefits as a buyer producing a new address for each transaction, but without forcing the buyer to interact.
Vitalik Buterin stated that a “Diffie-Hellman key exchange” as well as a “key blinding technique” would be required to ensure that the link between the stealth address and the user’s meta-address is not visible to the public.
Stealth addresses in cryptography
Peter Todd first introduced elliptic curve encryption in the context of Bitcoin in 2014. This technique works as follows (this implies a prior understanding of fundamental elliptic curve cryptography).
You could be thinking that stealth addresses aren’t that difficult; the theory is already sound, and getting them adopted is only a matter of time. The issue is that there are certain significant implementation aspects that must be addressed for a truly effective implementation.
Assume you receive an NFT. They transmit it to a stealth address that you control to protect your privacy. Your wallet detects this address automatically after scanning the ephem pubkeys on-chain. You can now freely prove ownership of the NFT or transfer it to someone else.
But there’s an issue! Because the account has no ETH, there is no way to pay transaction fees. Even ERC-4337 token paymasters will fail because they only operate with fungible ERC20 tokens. And you can’t deposit ETH into it from your primary wallet because that creates a publicly visible link.
Vitalik Buterin argued that there is only one “simple” approach to tackling the problem. As a result, he supports the usage of ZK-SNARKs to transfer funds to pay for the fees! However, this comes with its own set of issues. The phase costs a lot of gas, hundreds of thousands of dollars merely for a single move.
Another brilliant strategy is to rely on specialized transaction aggregators (“searchers” in MEV lingo). These aggregators would allow consumers to pay once for a set of “tickets” that may be used to pay for on-chain transactions.
When a user has to spend an NFT in a stealth address that contains nothing else, they send one of the tickets to the aggregator, which is encoded using a Chaumian blinding method. This is the original protocol that was utilized in proposed centralized privacy-preserving e-cash schemes in the 1980s and 1990s.
Stealth addresses have long been touted as a solution to on-chain privacy issues, which have been addressed since 2014. However, relatively few remedies have reached the market thus far. It’s also not the first time Buterin has brought up the topic of stealth addresses in Ethereum.
He described stealth addresses as a “low-tech approach” for surreptitiously transferring ownership of ERC-721 tokens, also known as NFTs, in August. The Ethereum co-founder explained that the suggested stealth address approach provides privacy in a different way than the now-OFAC-sanctioned Tornado Cash:
Tornado Cash can hide transfers of mainstream fungible assets such as ETH or major ERC20s […] but it’s very weak at adding privacy to transfers of obscure ERC20s, and it cannot add privacy to NFT transfers at all.Vitalik
Buterin warned that stealth addresses could cause “longer-term usability challenges,” such as social recovery issues. However, he is sure that the issues can be resolved in a timely manner:
In the longer term, these problems can be solved, but the stealth address ecosystem of the long term is looking like one that would really heavily depend on zero-knowledge proofs.Vitalik