ERC-721 privacy leakage problem highlights three solutions or can be alleviated

At present, the NFT market mainly uses three token standards, they are ERC-721, ERC-1155 and ERC-998, and the ERC-721 token standard still dominates the entire market, such as the boring ape (BAYC), encryption Many first-tier NFT projects such as CryptoPunks and ENS have adopted this token standard.

However, with the development of on-chain analysis tools, the privacy leakage problem faced by NFTs using the ERC-721 standard has become more and more severe.

In order to illustrate the seriousness of the problem, this article first uses an example to illustrate.

How ERC-721 NFTs leak privacy

Assets issued using the ERC-721 token standard have unique characteristics, which is undoubtedly an important attribute to promote the hype of NFT assets. However, the current public chains such as Ethereum also have the characteristics of open and transparent ledgers, which means that users can use the area Tools such as blockchain browsers can query their own or others’ wallet information through ERC-721 tokens.

The ERC-721 token that is most likely to expose privacy is naturally ENS. While providing convenience for users, it has caused very serious privacy leakage . For example, the recent “well-known ENS address was poisoned” incident is only a problem of ENS privacy leakage. tip of the iceberg.

In addition to ENS, the ERC-721 token of the avatar class will also bring serious privacy leakage problems.

For example, recently, a Twitter user named KinkyBedBugs spent 400 ETH to buy a Pudgy Penguins NFT and used it as his Twitter avatar.

ERC-721 privacy leakage problem highlights three solutions or can be alleviated

By querying opensea’s data records (or features), we can know that the wallet address for purchasing this NFT is saudietheran.eth (0x304A97c9A85C92C93Ca24e0A85B69f892B67355E), and on this website, we can see all the NFTs held by this wallet address.

ERC-721 privacy leakage problem highlights three solutions or can be alleviated

And through the on-chain data query tool, we can even track the wallet’s associated address and position.

ERC-721 privacy leakage problem highlights three solutions or can be alleviated

Image via watchers

In this example, since KinkyBedBugs is an anonymous account, and it clearly separates the NFT wallet from the main wallet address, the above information leakage may be intentional by KinkyBedBugs (actively disclose information to the public, for some purpose).

However, if the real identity of the holder is linked to the NFT, and the wallet connection is not separated, once it is used by malicious counterparties (such as hackers, poisoners, blackmailers, etc.), the NFT holder may face a very dangerous attack.

After understanding the seriousness of the privacy leakage problem brought about by ERC-721 NFTs, we need to understand some mitigation measures.

Mitigation 1: Do a good job of wallet isolation and identity isolation

As the examples mentioned in this article, when we use ENS tokens, we should try to avoid associating our real identity with the wallet address. For example, real name pinyin or common English name may be bad choices, and use some more Generic words, such as DeFi, NFT, DAO, DEX, etc., can add some privacy.

Next, wallet isolation will be crucial. Generally speaking, we will have multiple Ethereum wallet addresses, of which there will be 1-2 main addresses for storing funds, and the remaining wallet addresses for storing small funds will be For day-to-day transactions or protocol interactions.

What we have to do is to cut off any connection between the main wallet address and the daily transaction address, which means that there cannot be any mutual transfer operations between these wallets. (Note: If there is a real need for transfer, the centralized exchange can be used as a bridge in the middle)

After the wallet isolation work is done, we use the main wallet for storing money, and use the daily wallet for storing small pictures of ENS or NFT with low value.

Mitigation 2: Stealth address

Recently, Ethereum researcher Anton Wahrstätter (@Nerolation) published an ERC721 extension proposal on, which proposes to apply zk-SNARK technology to ERC-721 to protect the privacy of relevant NFT holders.

In this regard, Vitalik, co-founder of Ethereum, commented that using conventional stealth address (stealth address) technology can be implemented more simply, and the reason why Merkle tree or ZK-SNARK level privacy is not required is that each ERC721 is unique, Therefore it is impossible to create an “anonymity set” for ERC721. Instead, the user just wants to hide the highly visible public identity link to the sender and recipient (so you can send an ERC721 token to vitalik.eth and Vitalik himself can see this, but no one else can see it to vitalik.eth this address received an ERC721 token, they can only see that someone received an ERC721 token).

So what is the principle of this technical solution? Vitalik explained:

“1. Each user has a private p (and the corresponding public key P = G * p);

2. To send to someone, first generate a new one-time key s (and corresponding public key S = G * s), then publish the public key S

3. Both sender and receiver can calculate a shared key Q = P * s = p * S. They can use this shared secret to generate a new address A = pubtoaddr(P+G * hash(Q)), and the recipient can compute the corresponding private key p+hash(Q). Senders can send their ERC20 to this address;

4. The sender will scan all submitted S-values, generate a corresponding address for each S-value, and if they find an address that contains an ERC721 token, they will record the address and key so that they can track their ERC721 token and put it in the Fast delivery in the future;

By including this method within your smart contract wallet, you can generalize the scheme to your smart contract wallet:

generateStealthAddress (bytes32 key) returns (bytes publishableData, address newAddress)

This way the sender will call locally, the sender will publish publishableData and use newAddress as the ERC721 destination address. It is assumed that the recipient will encode generateStealthAddress in such a way that they can use the publishableData and some secrets they have personally to calculate a private key that can access the ERC721 at newAddress (newAddress itself may be a CREATE2 based smart contract wallet).

And one remaining challenge is figuring out how to pay for it. “

This idea has also been endorsed by Anton Wahrstätter, who is currently writing an EIP based on vitalik’s suggestion, planning to apply the proposed generateStealthAddress (bytes32 key) to smart contract wallets.

Mitigation 3: Zero-knowledge proof scheme

However, as pointed out by Wei Dai, research partner at Bain Capital Crypto, the stealth address scheme has the disadvantage that if it is applied to any token other than ERC-721 (such as ERC-20 or ERC-1155), due to The transmission chain can be traced, and the added privacy is very limited. In contrast, methods based on zk-SNARK zero-knowledge proofs can fully maintain confidentiality or anonymity.

In his opinion, L1 should ideally support privacy-preserving tokens that can be used by smart contract applications, which can be achieved with known technologies, in practice, users can take full advantage of privacy-centric L2s such as Aztec, and on L1 Privacy-preserving token accounting is set by default, and he further explained:

“The main problem with built-in privacy in Ethereum is that we have a fixed gas fee payment mechanism associated with EOA, and unless we have a privacy-preserving gas payment method, all privacy-preserving token standards are moot. That’s why the best Privacy is done in a separate layer in Ethereum, unless privacy-preserving gas payments can be made.”

Another problem facing users is that adopting a zero-knowledge proof privacy solution may encounter some regulatory troubles. For example, the FTX exchange blocked some Aztec user addresses and issued relevant warnings.

It can be seen that better privacy is not necessarily a good thing.

a little insight

As an ordinary Ethereum user, for now, we should first do a good job of identity isolation and wallet isolation to avoid serious privacy leakage problems, and in the near future, the intelligent built-in stealth address solution Contract wallets, may see more adoption.

The zero-knowledge proof scheme with better privacy may encounter some resistance due to regulatory concerns, which requires more observation.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2022-08-24 10:05
Next 2022-08-24 22:33

Related articles