Vitalik suggests private NFTs using ‘stealth addresses’ to hide the owner’s identity

Ethereum Founder Vitalik Buterin suggests the thought of backstage NFTs whereby the proprietor would not beryllium known done blockchain data.

The conception was added to an Ethereum Research post focused connected adding an “ERC721 Extension for zk-SNARKs.”

Idea: stealth addresses for ERC721s.

A low-tech attack to adhd a important magnitude of privateness to the NFT ecosystem.

So you would beryllium capable to eg. nonstop an NFT to vitalik.eth without anyone but maine (the caller owner) being capable to spot who the caller proprietor is.https://t.co/UdqK6NAYjn

— vitalik.eth (@VitalikButerin) August 8, 2022

ERC721 hold for zk-SNARKs

The hold to ERC721 (the NFT standard) was projected by Nerolation, who stated that helium believed his methodology was “the nonstop implementation of what Vitalik described” erstwhile talking astir backstage POAPs.

Vitalik spoke astir the imaginable request for backstage Soulbound tokens (SBTs) successful his nonfiction introducing the SBT conception to the world. He stated,

“Privacy is an important portion of making this benignant of ecosystem enactment well… If, 1 time successful the future, being vaccinated becomes a POAP, 1 of the worst things we could bash would beryllium to make a strategy wherever the POAP is automatically advertised… to fto their aesculapian determination beryllium influenced by what would look chill successful their peculiar societal circle.”

The proposition of utilizing ZK-SNARK compatible ERC721 tokens attempts to lick this by utilizing stealth addresses that see a hash of the user’s address, the token ID, and a concealed of the user.

The accusation is past added to a Merkle histrion on-chain, with the tokens being stored astatine “an code that is derived from the user’s leafage successful the Merkle tree.”

To beryllium ownership of the token (NFT), an code would person to springiness the stealth code “access to a backstage key” truthful that erstwhile a connection is signed, the collated accusation tin beryllium passed to a leafage of the Merkle tree. The circuit would past beryllium capable to comparison the “calculated and user-provided roots for verification.”

Regular stealth addresses

In his effect to Nerolation, Vitalik explained that helium believes determination is simply a much elegant and straightforward solution to the issue, which would usage “much lighter-weight technology.” He projected utilizing “regular stealth addresses” without needing analyzable Merkle trees.

Vitalik explained that each idiosyncratic has a backstage cardinal that tin beryllium utilized arsenic the basal constituent of an elliptical curve radical to make a caller backstage key, arsenic is commonly done with regular stealth addresses.

A “one-time concealed key” tin past beryllium generated, and the paired nationalist cardinal derived from the elliptical curve’s base.

The sender and receiver tin past “compute a shared secret” by combining the backstage and concealed keys.

A caller code is generated utilizing this shared concealed by hashing unneurotic the supra information.

The sender tin nonstop an ERC20 token to this code arsenic Vitalik concludes;

“The recipient volition scan each submitted $S$values, make the corresponding code for each $S$value, and if they find an code containing an ERC721 token they volition grounds the code and cardinal truthful they tin support way of their ERC721s and nonstop them rapidly successful the future.”

Vitalik asserted that Merkle trees oregon ZK-SNARKs are unnecessary arsenic “there’s nary anticipation of creating an “anonymity set” for an ERC721.” His method means that on-chain information volition amusement that an ERC721 has been sent to immoderate code but would not uncover the valid proprietor of the token.

Costs involved

The solution comes with a outgo that could marque it impractical connected the Ethereum mainnet. The state fees progressive successful Vitalik’s method could necessitate the sender to “send on capable ETH to wage fees 5-50 times to nonstop it further.”

Whether Vitalik’s solution is simply a much elegant implementation oregon not volition beryllium near to the Ethereum open-source assemblage to decide. Yet, it is absorbing to enactment that Vitalik appears to person accepted the request for an constituent of privateness wrong the Ethereum ecosystem. His SBT revelation has opened up a satellite of possibilities for tokenized assets. Further, the request for the confidentiality of immoderate assets has resurfaced successful his thinking.

At a closed property league connected August 6, Vitalik explained that “my opinions connected a batch of issues person decidedly changed successful the past 10 years.” He continued to say, 

 “I deliberation adjacent today, I deliberation we’re astatine the constituent wherever the Ethereum task tin relation wholly without me. And I deliberation it’s lone going to spell much and much that way.”

Vitalik has lone contributed 7 times to the Ethereum Research forum since January 2022. Whereas successful January 2022, helium posted 9 comments successful that period alone. He is intelligibly starting to determination retired of the mode of different developers successful the Ethereum ecosystem. However, if Vitalik was to measurement distant entirely, it remains to beryllium seen if investors would beryllium arsenic assured that Ethereum could proceed without him.

The station Vitalik suggests backstage NFTs utilizing ‘stealth addresses’ to fell the owner’s identity appeared archetypal connected CryptoSlate.