Vitalik Buterin, who created Ethereum, wants to make private, non-fungible tokens whose owners can’t be found using blockchain data.
The idea was shared in a post called “ERC721 Extension for zk-SNARKs” on the Ethereum Research website.
Idea: stealth addresses for ERC721s.— vitalik.eth (@VitalikButerin) August 8, 2022
A low-tech approach to add a significant amount of privacy to the NFT ecosystem.
So you would be able to eg. send an NFT to vitalik.eth without anyone except me (the new owner) being able to see who the new owner is.https://t.co/UdqK6NAYjn
ERC721 for zk-SNARKs was made longer.
Nerolation proposed the change to ERC721, which is the NFT standard. He said that his method was “the exact execution of what Vitalik said” when they were talking about private POAPs.
Vitalik talked about the possible need for private Soulbound tokens in the paper he wrote to explain the idea of Soulbound tokens to the public (SBTs). He told them,
“Privacy is an important part of making this kind of ecosystem work well… If, one day in the future, being vaccinated becomes a POAP, one of the worst things we could do would be to create a system where the POAP is automatically advertised… to let their medical decision be influenced by what would look cool in their particular social circle.”
The idea of using ZK-SNARK compliant ERC721 tokens aims to solve this problem by using stealth addresses that have a hash of the user’s address, the token ID, and the user’s secret.
The data is then added to an on-chain Merkle tree, and tokens are kept at “an address that is derived from the user’s leaf in the Merkle tree.”
To prove ownership of the token (NFT), an address must give the stealth address “access to a private key” so that when a message is signed, the collated information can be passed to a leaf of the Merkle tree. The circuit would then be able to compare the “calculated and user-provided roots for verification.”
Usually kept addresses secret
Vitalik told Nerolation in his answer that he thinks there is a clearer and simpler way to solve the problem that would use “much lighter-weight technology.” He suggested using “ordinary stealth addresses” instead of Merkle trees, which are more complicated.
Vitalik pointed out that every user has a private key that can be used as the starting point of an elliptical curve group to make a new private key, similar to how stealth addresses are usually made.
So, it is possible to make a “one-time secret key” and use the base of the elliptical curve to figure out the corresponding public key.
When the sender and the recipient use both the private and secret keys together, they can “calculate a shared secret.”
Using this shared secret, the information above is hashed to make a new address.
Vitalik comes to the conclusion that an ERC20 token can be sent to this address by the sender;
“The recipient will scan all submitted Svalues, generate the corresponding address for each Svalue, and if they find an address containing an ERC721 token they will record the address and key so they can keep track of their ERC721s and send them quickly in the future.”
Vitalik said that Merkle trees and ZK-SNARKs are not needed because “there is no way to make a “anonymity set” for ERC721.” His solution makes sure that data on the blockchain will show that an ERC721 token was sent to a certain address, but won’t show who the token’s real owner is.
The price of the solution may make it impossible to use on the Ethereum mainnet. Vitalik’s solution may involve gas costs that require the sender to “transfer enough ETH to pay fees 5–50 times to send it farther.”
The Ethereum open-source community will decide if Vitalik’s idea is a better way to do things or not. Still, it is interesting to see that Vitalik seems to have realized that the Ethereum ecosystem needs a certain level of privacy. His discovery of SBT has made it possible for tokenized assets to be used in a wide range of ways. He has also changed his mind about keeping some assets secret.
Vitalik said, “my opinions on a lot of issues have definitely changed in the last ten years.” At a press conference held behind closed doors on August 6. He continued by saying,