Umbra Privacy LogoUmbra Privacy
Key & Address Architecture

Umbra Address Generation

Protocol for generating anonymous Umbra addresses using KMAC derivation

Protocol Description

Each anonymous Umbra address is a standard Solana Ed25519 keypair, derived deterministically from the master seed SMS_M. The derivation uses the NIST-standardized KMAC construction, which acts as a Pseudo-Random Function (PRF).

For the ii-th Umbra address, a unique 32-byte seed, seedUi\text{seed}_{U_i}, is generated as follows:

seedUiKMACSM("Umbra-Address-Generation"i)\text{seed}_{U_i} \triangleq \text{KMAC}_{S_M}( \text{"Umbra-Address-Generation"} \| i )

This output seed is then used to generate a standard Ed25519 keypair, which serves as the user's anonymous Umbra keypair.

(skUi,pkUi)Ed25519KeygenFromSeed(seedUi)(sk_{U_i}, pk_{U_i}) \leftarrow \text{Ed25519KeygenFromSeed}(\text{seed}_{U_i})

Key Derivation Process

  1. Master Seed Input: Uses the 32-byte master seed SMS_M as the KMAC key
  2. Domain Separation: Uses the string "UmbraAddressGeneration""Umbra-Address-Generation" for domain separation
  3. Index Uniqueness: Appends the address index ii to ensure each address is unique
  4. Keypair Generation: Uses the derived seed with standard Ed25519 key generation

Security Analysis

Security Proof: Unlinkability of Umbra Addresses

Goal: Each Umbra keypair (skUi,pkUi)(sk_{U_i}, pk_{U_i}) must be unlinkable to the master seed SMS_M and to any other Umbra keypair (skUj,pkUj)(sk_{U_j}, pk_{U_j}) for iji \neq j.

Assumption: KMAC is a secure Pseudo-Random Function (PRF).

Argument: The master seed SMS_M serves as the secret key for the KMAC PRF. By the definition of a secure PRF, the output seedUi\text{seed}_{U_i} is computationally indistinguishable from a truly random 32-byte string to any adversary without knowledge of SMS_M. Since the Ed25519 keypair is generated from this pseudorandom seed, the resulting keypair itself, particularly the public key pkUipk_{U_i}, appears as a random, unrelated Solana address.

Properties

  • Unlinkable: Each Umbra address appears as a random Solana address
  • Deterministic: Same master seed always generates the same sequence of addresses
  • Indexed: Each address can be generated by incrementing the index parameter
  • Standard Compatible: Uses standard Ed25519 keypairs for Solana compatibility
  • High Entropy: Each derived seed has full cryptographic entropy

Master Seed Generation

Protocol description and security analysis for generating the master seed from Solana wallet signature

Master Viewing Key (MVK) for Solana Address

Protocol for deriving the Master Viewing Key for a user's primary Solana address using Poseidon hash

On this page

Protocol DescriptionKey Derivation ProcessSecurity AnalysisSecurity Proof: Unlinkability of Umbra AddressesProperties