TLDR:
Umbra creates stealth addresses that act as an indirection between sender → receiver, breaking the tie onchain and obfuscating the transaction.
Its not a mixer nor a privacy-focused blockchain, it’s just an incredibly simple and elegant system for two people or businesses to privately pay each other.
Umbra has just 3 options: Setup, Send and Receive. Follow along below to see how simple and easy it is to pay people privately.
I’m someone who believes privacy on the blockchain is very important. If you haven’t come across any of my texts before, or aren’t sure about the importance of privacy, then I recommend reading this previous post of mine:
Therefore, this week I’m taking a look at a new privacy tool I recently came across called Umbra.
Umbra is a simple yet powerful DeFi protocol that let’s you send crypto to a friend or business in such a way that anyone checking the blockchain won’t even know! In this post I’ll go through what Umbra is, how it works and how to use it.
Umbra
Umbra.Cash is a service that provides “stealth addresses” on Ethereum and some layer 2 networks like Optimism, Arbitrum and Polygon.
Stealth addresses are essentially addresses that hide or shield away another address, and provide an indirection from the original address you are truly paying.
So if you want to pay “bob.eth”, instead of paying them directly, you pay another separate “stealth address” that they own and can control with their keys for bob.eth.
This means anyone looking on-chain doesn’t know you paid bob.eth but Bob still control those funds.
This level of security is not a mixer like Tornado Cash, neither is it a privacy L2 like Aztec, nor a privacy L1 like ZCash. It does not use ZK proofs or any of that fancy cryptography and in fact its a pretty simple system.
However, although it’s simple Umbra’s still very powerful, and is great for the basic example of two people paying each other where they want to obfuscate the payment onchain.
How does it work
Normally on Ethereum if Alice (alice.eth) wants to pay Bob (bob.eth) some ETH she will send an ETH transaction from alice.eth → bob.eth.
The problem of course is now everyone with an internet connection can see that Alice paid Bob by checking the Ethereum blockchain. If Alice wants to obfuscate the transaction so that next time nobody knows she paid Bob then Umbra can help.
Bob can set up an Umbra account and every time Alice wants to pay him Umbra will create a new address to pay, severing the on-chain tie between Alice and Bob.
If Bob wanted he could always create a new Ethereum address manually every time for Alice to pay him, but that’s cumbersome and hard work for both of them, since Bob needs to send Alice a new address each time and she could copy it incorrectly.
With Umbra Alice only needs to knows Bob’s original “bob.eth” address and the protocol handles the rest.
Umbra makes it simple for both Alice and Bob to transact without others knowing by replacing alice.eth → bob.eth with alice.eth → stealth address onchain.
However, if Bob ever sends from an Umbra stealth address to his own bob.eth address, then the whole obfuscation will fall apart as the on-chain connection will be recreated where alice.eth → stealth address → bob.eth.
So its important that a receiver is careful of where they send their funds onto.
How to use it
The Umbra contract is deployed on serval chains including Ethereum mainnet, Optimism, Arbitrum and Polygon. Below I’ve used Polygon since it’s got low fees.
For all these chains the main contract lives at the address 0xFb2…5401, and the supporting contract for “StealthKeyRegistry” lives at 0x31f…38f3.
Start by opening app.umbra.cash and connect your wallet. Then we’ll go through each of the steps to “Setup”, “Send” and “Receive”, all of which are very quick and easy.
Setup
Firstly, to use Umbra you need to setup an account, for this tutorial I used my Ethereum ENS account “afox.eth”.
Setting up is super simple, you just select your account and first sign with your keys for Umbra to generate its own set of private and public keys.
Then second, you sign a transaction that saves the public key on-chain so the Umbra smart contract can use them later to generate new stealth addresses.
Send
Now switch to another wallet and you’ll be able to send to the account you just set up. For this test I simply sent 4 MATIC to afox.eth.
You’ll be asked to sign a transaction that will immediately send the tokens to this entirely new stealth address that neither parties ever needed to know about.
Receive
Now switch back to the original wallet and select “Receive”. You’ll have to sign for Umbra to scan for past transactions and then you’ll be able to see the most recent one!
Here you can see the 4 MATIC I sent from the sending address. Importantly there’s no link onchain between afox.eth and the receiving stealth address 0x037…bdfe.
The address only has 1 transaction from Umbra that if you drill into you can find connects up to the sending address but not at all to afox.eth.
However, this money effectively belongs to my account afox.eth and on “withdraw” I could send it to any address I want, such as another person, business or exchange.
In this case I chose to send it back to afox.eth just for completion. Note though that in a real case this would be pointless and Umbra correctly warns me.
Clearly what I’m doing here defeats the purpose because I recreate the tie between sender → afox.eth, now with sender → stealth address → afox.eth. I only did this as an illustration and you shouldn’t do it when making real use of Umbra.
Once withdrawn Umbra will show a little green withdrawn symbol and the address will have no money left as Umbra empties out the stealth address entirely.
Conclusion
Privacy is incredibly important in blockchain and any tool that adds privacy is a welcome one. Umbra is a very neat privacy preserving tool for two people or businesses paying each other that don’t want others to see onchain.
Without Umbra you would need to generate many addresses manually, but with it you can just register once and then let it generate infinite new addresses for you each time you want to get paid!
Its a simple system and everything is done with the standard cryptography we’re used to in the space so its a safe and sound solution to use.
However, there’s always smart contract risk that could potentially leave stealth addresses vulnerable so I wouldn’t recommend leaving large sums of money in them.
Nonetheless, if you only ever pass through large sums and store smaller amounts, then its a great way to have some level of privacy and I highly recommend people use it!