Shielded Address

The shielded address of a shielded account is 64-byte data. The first 32 bytes represent the sign public key and the next 32 bytes is the view public key. Both other there 32-byte chunks are compressed/packed points on the BabyJubJub elliptic curve.

A=Sāˆ£āˆ£PA = S || P

Address Registry

The protocol uses the shielded addresses for private transactions like sending someone private payments. This necessitates for the sender to know the target or recipient's shielded address. This results in a bad user experience.

Above problem is resolved by the address registry service. During onboarding users are required to register their public wallet address which points to their shielded address. This mapping between public addresses and shielded addresses is stored in a database. Now, the sender only needs to know the recipient's regular public address or even ENS because a public address can be resolved to a shielded address.

As a security mechanism, it is required for the users to sign (ECDSA) their shielded address and provide a signature while registering with the address registry service. When a sender resolves a public address it can then also verify the signature to be sure that the given shielded address was provided by the user holding that public address. This eliminates the risk of creating a mapping between a public address and a malicious shielded address that was not generated by the holder's public address wallet.

Stealth Address

Instead of user funds getting directly associated with the shielded address, in reality, it is associated with a randomized address ( aa ) derived from the shielded address and a random seed ( ).

a=H(A,Ī“)a = H(A, \delta)

We'd refer to these addresses as stealth addresses - which is the same term from EIP-5564. Although, we don't follow the stealth address generation in this EIP, it achieves a similar purpose in that an external observer cannot determine the identity of the user (which is AA here) given related stealth address ( aa ).

Even if a stealth address appears on-chain, as it happens in anonymous transactions with other protocols, no one gets to know the identity of the beneficiary receiving funds to that stealth address.

A stealth address is 32 bytes in our protocol, unlike regular 20 bytes public addresses.

Last updated