Master Seed Generation

The root of a user's identity within the Umbra protocol is a master seed, derived from their primary Solana wallet. The process is initiated by having the user sign a static, human-readable message, $M_{\text{sign}}$, with their Solana secret key, $sk_{SOL}$.

Signing Message

The signing message is a static, human-readable string:

M_sign = "UmbraPrivacy - Do NOT sign this message unless you are using a product by the Umbra Privacy Team or an integration with Umbra Privacy"

This operation produces a standard EdDSA signature, $\sigma$. The full 64 bytes of the signature are then hashed using Keccak-256 to produce the final 32-byte master seed, $S_M$.

This master seed $S_M$ is the single secret from which all other keys and seeds within the Umbra protocol are deterministically derived.

Security Analysis

Security Proof: Pseudorandomness of the Master Seed

Goal: The master seed $S_M$ must be computationally indistinguishable from a uniformly random 32-byte string to any adversary who does not possess $sk_{SOL}$.

Assumptions:

1. The EdDSA signature scheme is EUF-CMA (Existentially Unforgeable under a Chosen Message Attack)
2. Keccak-256 is modeled as a Random Oracle (RO)

Argument: An adversary $\mathcal{A}$ without $sk_{SOL}$ is computationally unable to produce the valid signature $\sigma$ due to EUF-CMA security. From the perspective of such an adversary, $\sigma$ is an opaque, high-entropy value. When this unknown value is used as input to the Random Oracle, the output $S_M$ is, by definition, a uniformly random value.

Key Properties

• Deterministic: The same Solana keypair will always generate the same master seed
• Unforgeable: Only the holder of $sk_{SOL}$ can generate $S_M$
• High Entropy: The master seed has 256 bits of entropy from the signature
• Single Source: All subsequent keys derive from this one master seed