What is Umbra?
As a protocol, Umbra defines a simple set of standards, coupled with a singleton smart contract instance, to enable stealth addresses on Ethereum. With a stealth address, a payer can send Ether or ERC20 tokens to an address controlled by the receiver, but no one except the two parties know who that receiver is.
On chain, the transaction looks like a simple transfer to an otherwise unused address on the Ethereum network. Off chain, the sender has used a public key published by the receiver using ENS to generate the new address. By encrypting the data used to generate the address, and announcing it via the Umbra smart contract, the sender can let the receiver know they’ve sent them a payment to a new stealth address. Only the receiver can generate the private key needed to withdraw the funds.
By leveraging Gas Station Network and Uniswap, Umbra enables withdrawers to pay for gas using the tokens they’ve received. This avoids the need to fund stealth addresses with Ether before withdrawing.
Advantages of Umbra
Umbra allows arbitrary amounts to be sent, since there is no need for inputs and outputs to be uniform.
Umbra does not require the receiver to wait to withdraw funds— as soon as they're sent, they can be withdrawn to any address the receiver chooses.
Umbra ensures only the receiver can withdraw the funds once they're sent. The sender does not hold the private key of the receiving address.
Umbra uses significantly less gas, as it does not require the verification of any advanced cryptography on chains. All transactions are simple transfers.
Umbra enables ETH and arbitrary ERC20 tokens to be transferred privately. You're not dependent on a large anonymity set developing for each token.
Sample Use Case
Alice owns a business and hires Bob to subcontract for her. She agrees to pay Bob 1,000 Dai/week for his work.
The first time Bob visits the Umbra app, he sets up his account, enabling hime to be paid privately. Alice uses Umbra to send 1,000 Dai to Bob each week— she only needs to know his ENS address
On chain, we see Alice pays 1,000 Dai to a different and otherwise empty address each week. Behind the scenes, Bob controls the keys to each of these addresses via Umbra, but nobody else knows as much.
Bob uses Umbra to withdraw his 1,000 Dai each week. He only needs to provide an address to send it to. Obviously, it's best for him to use an address that's not tied to his identity. He usually chooses to send it straight to an exchange, where he sells it for fiat as needed.
Because Umbra uses Gas Station Network and Uniswap, Bob doesn't have to fund the stealth address with Ether to withdraw his Dai. He can pay for gas with the Dai itself. He can also swap directly to any token of his choice, as long as there's a trading pair available on Uniswap.
How Does it Work?
Below is a high level description of the mechanics of the Umbra protocol:
Users publish signed messages to ENS text records to reveal their Umbra public key. This public key is derived from a random private key specifically generated for use with Umbra.
A payer uses this public key, plus some randomly generated data, to create a new 'stealth' address.
The payer encrypts the random data with the receiver's public key.
The payer sends the funds to the shielded address and sends the encrypted message to Umbra's smart contract. The contract broadcasts the encrypted message as an Event.
The receiver scans the encrypted messages broadcast by the Umbra contract until they find one they can decrypt with their private key.
The receiver uses the contents of the encrypted message, plus their private key, to generate the private key of the stealth address.
The receiver uses the private key of the stealth address to sign a withdrawal transaction, sending the ETH or tokens to the address of their choice.
Optionally, the withdrawal transaction is broadcast via Gas Station Network transaction relayers, obviating the need to fund the stealth address to access tokens. The Umbra contracts swap some of the tokens via Uniswap to pay the GSN relayer for gas.
What is the project's status?
A functional version of the project is available at ropsten.umbra.cash
. We hope to bring the protocol to mainnet in the coming months. Your contributions will help fund the remaining development work, as well as security reviews, to get the project across the finish line.