Umbra Privacy LogoUmbra Privacy
Key & Address Architecture

MVKs for Individual Umbra Addresses

Protocol for deriving Master Viewing Keys for each individual Umbra address using Poseidon hash with index-based domain separation

Protocol Description

The MVK for the ii-th Umbra address, kMVK,Uik_{\text{MVK}, U_i}, is derived using the same PRF construction but with the index ii for domain separation.

kMVK,UiPoseidon(SM,EncodeAsFieldElement("MVK-Umbra-Address"),i)k_{\text{MVK}, U_i} \triangleq \text{Poseidon}( S_M, \text{EncodeAsFieldElement}(\text{"MVK-Umbra-Address"}), i )

Key Derivation Process

  1. Input: Master seed SMS_M (32 bytes)
  2. Domain Separation: String "MVKUmbraAddress""MVK-Umbra-Address" encoded as a field element
  3. Index Parameter: Address index ii for uniqueness
  4. Hash Function: Poseidon hash function acting as a PRF
  5. Output: Field element kMVK,Uik_{\text{MVK}, U_i} in Fp\mathbb{F}_p

Index-Based Uniqueness

Each Umbra address has its own unique MVK derived using:

  • The same master seed SMS_M
  • The same domain separator "MVKUmbraAddress""MVK-Umbra-Address"
  • A unique index ii corresponding to the address number

This ensures that:

  • Each Umbra address has a distinct MVK
  • The same master seed generates different MVKs for different addresses
  • MVKs are computationally independent

On-Chain Registration

Each kMVK,Uik_{\text{MVK}, U_i} must be registered on-chain before claims can be made from the corresponding Umbra address. This registration:

  • Enables Claims: Required before claiming from the ii-th Umbra address
  • Address-Specific: Each Umbra address has its own MVK registration
  • Immutable: Once registered, cannot be changed
  • Public Commitment: Creates a public commitment without revealing the MVK

Security Analysis

Security Proof: Independence of Umbra MVKs

Goal: Each kMVK,Uik_{\text{MVK}, U_i} must be pseudorandom and computationally independent from all other MVKs.

Assumption: Poseidon-as-a-PRF.

Argument: The input to the PRF for each key is unique due to the index ii and the distinct domain separator strings. For any two distinct indices iji \neq j, the inputs to the PRF are different. Therefore, the outputs kMVK,Uik_{\text{MVK}, U_i} and kMVK,Ujk_{\text{MVK}, U_j} are computationally independent.

Properties

  • Independent: Each MVK is computationally independent from others
  • Pseudorandom: Each appears as a random field element
  • Index-Based: Unique derivation per Umbra address index
  • Unlinkable: Cannot be traced back to the master seed
  • Address-Specific: Each Umbra address requires its own MVK registration

Master Viewing Key (MVK) for Solana Address

Protocol for deriving the Master Viewing Key for a user's primary Solana address using Poseidon hash

Individual Transaction Key (ITK) Creation

Protocol for deriving unique transaction keys from MVKs and timestamps for deposits and claims

On this page

Protocol DescriptionKey Derivation ProcessIndex-Based UniquenessOn-Chain RegistrationSecurity AnalysisSecurity Proof: Independence of Umbra MVKsProperties