DAO Proposal: Umbra Stealth Payments

Umbra: Privacy-Preserving Stealth Payments On Ethereum

Note: This proposal is made on behalf of the Umbra team - Ben Difrancesco & Matt Solomon


Umbra is a protocol for enabling stealth payments on the Ethereum blockchain. It enables privacy preserving transactions where the receiver’s identity is only known to the sender and receiver.

Make Payments Without Revealing Your Relationship

Umbra is meant for payments between two entities, and comes with a different set of privacy tradeoffs than mixer solutions. Rather than breaking the link between sending and receiving address, Umbra makes that link meaningless. Everyone knows the address funds were sent to, but they don’t know who controls that address.

This means Umbra…

  • Allows arbitrary amounts to be sent, since there is no need for inputs and outputs to be uniform
  • Does not require the receiver to wait to withdraw funds
  • Ensures only the receiver can withdraw the funds once they’re sent
  • Uses significantly less gas
  • Enables ETH and arbitrary ERC20 tokens to be transferred privately without first requiring an anonymity set developing


A proof of concept MVP was built for the HackMoney hackathon. It was among the Hackathon’s finalists and won prizes from ENS and OpenGSN. You can watch our submission demo.

You can also view our presentation at the HackMoney finale and watch the judge’s feedback, including Vitalik Buterin & Andreas Antonopoulos.

You can also try it out on Ropsten at https://ropsten.umbra.cash.

Our goal is to get to mainnet in Fall 2020. To do so, we’ll:

  1. Write a formal protocol specification and write an ERC to take feedback from the community
  2. Implement planned improvements to the protocol and integrate community feedback
  3. Acquire security audits from two reputable firms and implement any recommendations made
  4. Launch to mainnet, build useful tools on top of Umbra, and help other developers do the same

Our Ask

$3,000 in DAI to pay for Consensys Dilligence’s one day security review program.

The Consensys Diligence team offers a 12 hour security review for $3,000. While this is not a full audit by any stretch, it can help surface large architectural issues early, and provide direction for avoiding pitfalls now that would be more costly to address later. Additionally, Diligence will deduct the $3,000 cost of this review from the cost of a full security audit, so this will also help make the full security audit more affordable.

This audit also plays into MetaCartel’s ongoing relationship with the Consensys Diligence team.

Our Team

  • Matt Solomon (@msolomon44) – Former Aerospace Engineer with 5+ years of professional software development experience. Co-Founder of Floatify. (https://floatify.net/). Software Engineer at ScopeLift.
  • Ben DiFrancesco (@BenDiFrancesco) – Former Aerospace Engineer with 15+ years of professional software development experience. Founder of ScopeLift (https://www.scopelift.co/). Author of Build Blockchain newsletter (https://www.buildblockchain.tech/newsletter). Blockchain obsessed since 2012.

For more information, and to see our code, checkout the GitHub repository at https://github.com/ScopeLift/umbra-protocol

How Does This Benefit MetaCartel?

As ecosystem actors frequently working and collecting payment in crypto, we feel that Umbra is a perfect solution for anyone who wants to continue receiving ETH, DAI, etc. without having to reveal their identity - something which also allows anyone to backtrack and reverse engineer where different payments came from (and who you worked with).

While there are convoluted ways of working around this, we believe Umbra is a much more intuitive solution.

In exchange for this grant we’d like to invite members of MetaCartel to partner with us for our soft launch - being amongst the first to access and use the product before it is announced to the public.


Thanks for posting @coopahtroopa. Happy to take any questions folks might have :slight_smile:

1 Like

@bendi This is really cool. So glad to see more work being done on Ethereum privacy tools, esp those with great UX!

Form the Umbra README the idea seems to be that you can send tokens to an address, but no one knows what that address is. Unless you do something with that address that ties it to an identity, it could be anyone. Could you also achieve a similar level of privacy by:

  • generating a new address (say via Metamask or something)
  • receiving funds to that address (from anyone)
  • TornadoCashing some ETH (say 0.1) into that address

If so, is the idea that Umbra is A) easier/faster, B) cheaper, and C) easier to integrate into the UI/UX of dapp/DAO experiences?

Hey @burrrata, thanks! Yup, you seem to have a really good handle on what the tool allows you to do. It’s very similar to generating a new address. A few additional things that are noteworthy:

  • Umbra is “non-interactive,” i.e. you don’t need to coordinate off-chain with your counterparty each time you want to receive a payment. You just use their ENS name. So once you know I’m bendi.eth, you can send me as many stealth payments as you’d like (all to separate stealth addresses) with no interaction from me.
  • Umbra supports GSN (and hopefully other meta-tx systems as well). This allows you to withdraw tokens sent to a stealth address without having to figure out how to fund that address with ETH for gas in a privacy preserving way first.
  • Umbra can be integrated with other contracts or frontends. You touched on this, but I just want to emphasize it. We want Umbra to be something other Dapps, wallets, and contracts can plug into or build on top of.

Let me know if you have any other questions :slight_smile:

1 Like