Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ERC-5564: Move to Last Call #322

Merged
merged 9 commits into from
Apr 16, 2024
Merged

Update ERC-5564: Move to Last Call #322

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
9d60e19
Move to last call
garyghayrat Feb 20, 2024
ec6253c
Add contracts to asset folder and update `Deployment Method` and `Ref…
garyghayrat Mar 8, 2024
241d443
Update last call deadline
garyghayrat Mar 14, 2024
be6d017
Clarify specification
garyghayrat Apr 3, 2024
870f8ca
Add singleton contract address
garyghayrat Apr 3, 2024
8e78e09
Remove schemeId mapping file
garyghayrat Apr 4, 2024
a3bcb1d
Remove reference to removed schemeId file
garyghayrat Apr 4, 2024
88abed7
Update erc-5564.md
SamWilsn Apr 16, 2024
65f2d1e
Update erc-5564.md
SamWilsn Apr 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 21 additions & 17 deletions ERCS/erc-5564.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,20 @@
---
eip: 5564
title: Stealth Addresses
description: Private, non-interactive transfers and interactions
description: Private, non-interactive transfers and engagements
author: Toni Wahrstätter (@nerolation), Matt Solomon (@mds1), Ben DiFrancesco (@apbendi), Vitalik Buterin (@vbuterin)
discussions-to: https://ethereum-magicians.org/t/eip-5566-stealth-addresses-for-smart-contract-wallets/10614
status: Review
status: Last Call
last-call-deadline: 2024-04-30
type: Standards Track
category: ERC
created: 2022-08-13
SamWilsn marked this conversation as resolved.
Show resolved Hide resolved
requires: 6538
---

## Abstract

This specification establishes a standardized method for interacting with stealth addresses, which allow senders of transactions or transfers to non-interactively generate private accounts exclusively accessible by their recipients. Moreover, this specification enables developers to create stealth address protocols based on the foundational implementation outlined in this ERC, utilizing a singleton contract to emit the necessary information for recipients. In addition to the base implementation, this ERC also outlines the first implementation of a cryptographic scheme, specifically the SECP256k1 curve.
This specification establishes a standardized method for interacting with stealth addresses, which allow senders of transactions or transfers to non-interactively generate private accounts exclusively accessible by their recipients. Moreover, this specification enables developers to create stealth address protocols based on the foundational implementation outlined in this ERC, utilizing a singleton contract deployed at `0x55649E01B5Df198D18D95b5cc5051630cfD45564` to emit the necessary information for recipients. In addition to the base implementation, this ERC also outlines the first implementation of a cryptographic scheme, specifically the SECP256k1 curve.


## Motivation
Expand Down Expand Up @@ -87,17 +89,15 @@ function computeStealthKey(

The implementation of these methods is scheme-specific. The specification of a new stealth address scheme MUST specify the implementation for each of these methods. Additionally, although these function interfaces are specified in Solidity, they do not necessarily ever need to be implemented in Solidity, but any library or SDK conforming to this specification MUST implement these methods with compatible function interfaces.

A 256 bit integer (`schemeId`) is used to identify stealth address schemes. A mapping from the schemeId to its specification MUST be declared in the ERC that proposes to standardize a new stealth address scheme. It is RECOMMENDED that `schemeId`s are chosen to be monotonically incrementing integers for simplicity, but arbitrary or meaningful `schemeId`s may be chosen. Furthermore, the schemeId MUST be added to [this overview](../assets/eip-5564/scheme_ids.md). These extensions MUST specify:
A 256 bit integer (`schemeId`) is used to identify stealth address schemes. A mapping from the schemeId to its specification MUST be declared in the ERC that proposes to standardize a new stealth address scheme. It is RECOMMENDED that `schemeId`s are chosen to be monotonically incrementing integers for simplicity, but arbitrary or meaningful `schemeId`s may be chosen. This ERC introduces schemeId `1` with the following extensions:

- The integer identifier for the scheme.
- `1` is the integer identifier for the scheme,

- `viewTags` MUST be included in the announcement event and is used to reduce the parsing time for the recipients.

- The algorithm for encoding a stealth meta-address (i.e. the spending public key and viewing public key) into a `bytes` array, and decoding it from `bytes` to the native key types of that scheme.

- The algorithm for the `generateStealthAddress` method.

- The algorithm for the `checkStealthAddress` method.

- The algorithm for the `computeStealthKey` method.
- SECP256k1 is the algorithm for encoding a stealth meta-address (i.e. the spending public key and viewing public key) into a `bytes` array, and decoding it from `bytes` to the native key types of that scheme.
-
- SECP256k1 with view tags will be used in `generateStealthAddress`, `checkStealthAddress`, and `computeStealthKey` methods.

This specification additionally defines a singleton `ERC5564Announcer` contract that emits events to announce when something is sent to a stealth address. This MUST be a singleton contract, with one instance per chain. The contract is specified as follows:

Expand Down Expand Up @@ -156,18 +156,18 @@ The new address format for the stealth meta-address extends the chain specific a
Thus, a stealth meta-address on Ethereum has the following format:

```
st:eth:0x<spendingKey><viewingKey>
st:eth:0x<spendingPubKey><viewingPubKey>
```

Stealth meta-addresses may be managed by the user and/or registered within a publicly available `Registry` contract, as delineated in [ERC-6538](./eip-6538). This provides users with a centralized location for identifying stealth meta-addresses associated with other individuals while simultaneously enabling recipients to express their openness to engage via stealth addresses.
Stealth meta-addresses may be managed by the user and/or registered within a publicly available `Registry` contract, as delineated in [ERC-6538](./eip-6538.md). This provides users with a centralized location for identifying stealth meta-addresses associated with other individuals while simultaneously enabling recipients to express their openness to engage via stealth addresses.

*Notably, the address format is used only to differentiate stealth addresses from standard addresses, as the prefix is removed before performing any computations on the stealth meta-address.*

---

### Initial Implementation of SECP256k1 with View Tags

This ERC provides a foundation that is not tied to any specific cryptographic system through the `IERC5564Announcer` contract. In addition, it introduces the first implementation of a [stealth address scheme](../assets/eip-5564/scheme_ids.md) that utilizes the SECP256k1 elliptic curve and view tags. The SECP256k1 elliptic curve is defined with the equation $y^2 = x^3 + 7 \pmod{p}$, where $p = 2^{256} - 2^{32} - 977$.
This ERC provides a foundation that is not tied to any specific cryptographic system through the `IERC5564Announcer` contract. In addition, it introduces the first implementation of a stealth address scheme that utilizes the SECP256k1 elliptic curve and view tags. The SECP256k1 elliptic curve is defined with the equation $y^2 = x^3 + 7 \pmod{p}$, where $p = 2^{256} - 2^{32} - 977$.

The following reference is divided into three sections:

Expand Down Expand Up @@ -252,15 +252,19 @@ The stealth address specification standardizes a protocol for generating and loc

The authors recognize the trade-off between on- and off-chain efficiency. Although incorporating a Monero-like view tags mechanism enables recipients to parse announcements more efficiently, it adds complexity to the announcement event.

The recipient's address and the `viewTag` MUST be included in the announcement event, allowing users to quickly verify ownership without querying the chain for positive account balances.
The recipient's address and the `viewTag` must be included in the announcement event, allowing users to quickly verify ownership without querying the chain for positive account balances.

## Backwards Compatibility

This ERC is fully backward compatible.

### Deployment Method

The `ERC5564Announcer` contract is deployed at `0x55649E01B5Df198D18D95b5cc5051630cfD45564` using `CREATE2` via the deterministic deployer at `0x4e59b44847b379578588920ca78fbf26c0b4956c` with a salt of `0xd0103a290d760f027c9ca72675f5121d725397fb2f618f05b6c44958b25b4447`.

## Reference Implementation

You can find the implementation of the ERC above in the Specification section.
You can find the implementation of the `ERC5564Announcer` contract [here](../assets/eip-5564/contracts/ERC5564Announcer.sol) and the interface `IERC5564Announcer.sol` [here](../assets/eip-5564/contracts/interfaces/IERC5564Announcer.sol).

## Security Considerations

Expand Down
43 changes: 43 additions & 0 deletions assets/erc-5564/contracts/ERC5564Announcer.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
// SPDX-License-Identifier: CC0-1.0
pragma solidity 0.8.23;

/// @notice `ERC5564Announcer` contract to emit an `Announcement` event to broadcast information
/// about a transaction involving a stealth address. See
/// [ERC-5564](https://eips.ethereum.org/EIPS/eip-5564) to learn more.
contract ERC5564Announcer {
/// @notice Emitted when something is sent to a stealth address.
/// @param schemeId Identifier corresponding to the applied stealth address scheme, e.g. 1 for
/// secp256k1, as specified in ERC-5564.
/// @param stealthAddress The computed stealth address for the recipient.
/// @param caller The caller of the `announce` function that emitted this event.
/// @param ephemeralPubKey Ephemeral public key used by the sender to derive the `stealthAddress`.
/// @param metadata Arbitrary data to emit with the event. The first byte MUST be the view tag.
/// @dev The remaining metadata can be used by the senders however they like. See
/// [ERC-5564](https://eips.ethereum.org/EIPS/eip-5564) for recommendations on how to structure
/// this metadata.
event Announcement(
uint256 indexed schemeId,
address indexed stealthAddress,
address indexed caller,
bytes ephemeralPubKey,
bytes metadata
);

/// @notice Called by integrators to emit an `Announcement` event.
/// @param schemeId Identifier corresponding to the applied stealth address scheme, e.g. 1 for
/// secp256k1, as specified in ERC-5564.
/// @param stealthAddress The computed stealth address for the recipient.
/// @param ephemeralPubKey Ephemeral public key used by the sender.
/// @param metadata Arbitrary data to emit with the event. The first byte MUST be the view tag.
/// @dev The remaining metadata can be used by the senders however they like. See
/// [ERC-5564](https://eips.ethereum.org/EIPS/eip-5564) for recommendations on how to structure
/// this metadata.
function announce(
uint256 schemeId,
address stealthAddress,
bytes memory ephemeralPubKey,
bytes memory metadata
) external {
emit Announcement(schemeId, stealthAddress, msg.sender, ephemeralPubKey, metadata);
}
}
41 changes: 41 additions & 0 deletions assets/erc-5564/contracts/interfaces/IERC5564Announcer.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
// SPDX-License-Identifier: CC0-1.0
pragma solidity 0.8.23;

/// @notice Interface for calling the `ERC5564Announcer` contract, which emits an `Announcement`
/// event to broadcast information about a transaction involving a stealth address. See
/// [ERC-5564](https://eips.ethereum.org/EIPS/eip-5564) to learn more.
interface IERC5564Announcer {
/// @notice Emitted when something is sent to a stealth address.
/// @param schemeId Identifier corresponding to the applied stealth address scheme, e.g. 1 for
/// secp256k1, as specified in ERC-5564.
/// @param stealthAddress The computed stealth address for the recipient.
/// @param caller The caller of the `announce` function that emitted this event.
/// @param ephemeralPubKey Ephemeral public key used by the sender to derive the `stealthAddress`.
/// @param metadata Arbitrary data to emit with the event. The first byte MUST be the view tag.
/// @dev The remaining metadata can be used by the senders however they like. See
/// [ERC-5564](https://eips.ethereum.org/EIPS/eip-5564) for recommendations on how to structure
/// this metadata.
event Announcement(
uint256 indexed schemeId,
address indexed stealthAddress,
address indexed caller,
bytes ephemeralPubKey,
bytes metadata
);

/// @notice Called by integrators to emit an `Announcement` event.
/// @param schemeId Identifier corresponding to the applied stealth address scheme, e.g. 1 for
/// secp256k1, as specified in ERC-5564.
/// @param stealthAddress The computed stealth address for the recipient.
/// @param ephemeralPubKey Ephemeral public key used by the sender.
/// @param metadata Arbitrary data to emit with the event. The first byte MUST be the view tag.
/// @dev The remaining metadata can be used by the senders however they like. See
/// [ERC-5564](https://eips.ethereum.org/EIPS/eip-5564) for recommendations on how to structure
/// this metadata.
function announce(
uint256 schemeId,
address stealthAddress,
bytes memory ephemeralPubKey,
bytes memory metadata
) external;
}
8 changes: 0 additions & 8 deletions assets/erc-5564/scheme_ids.md
View file
Open in desktop

This file was deleted.

Loading