- Ethereum Name Service connects names with Ethereum addresses.
- But this can expose what people are doing with their Ethereum.
- Buterin has proposed a fix to the problem.
Ethereum co-founder Vitalik Buterin wants to see a solution to one of Ethereum’s biggest privacy flaws.
The flaw in question relates to the Ethereum Name Service (ENS). The service lets you attach a user-friendly name to a complicated Ethereum address, making it as easy to send crypto as it is to send an email. But, as Decrypt revealed, people who use these names can have their finances unwittingly revealed.
The problem with ENS names is that they are linked to public Ethereum addresses, which anyone can view. So if you attach your real name to your Ethereum address, then everyone can see all the transactions you’re making. It’s like someone poking their head inside your bank account, but with crypto.
“Hopefully this galvanizes more privacy work,” Buterin told Decrypt at the time.
Ethereum’s next privacy step
Today Buterin tweeted that solving this problem is a priority for Ethereum, in terms of boosting privacy on the network.
“Next step in improving ethereum's privacy (in addition to ongoing improvements to http://tornado.cash and the like): some clean easy-to-use stealth-address-like scheme to send coins to an ENS name without publishing to the world that they got coins,” he tweeted.
The focus here is to make sure that people can use ENS addresses, without necessarily letting people see what they are doing with their money—in this case, receiving a transaction.
Fixing Ethereum’s privacy problem
Buterin’s solution is to use cryptography to hide the transaction data. He gave an explanation of how this could be done, but it’s a little complex.
“Stealth addresses are easy: ENS name holder publishes public key P with private key p. Sender generates random r, sends coins to address rP (that's elliptic curve multiplication). Name holder can spend those coins with rp. Sender needs to send r to name holder somehow,” he said.
In short, the sender and receiver exchange cryptographic signatures in order to hide the transaction details. It’s making use of the same cryptography that blockchains employ to ensure that people can’t spend other people’s cryptocurrency.
The main challenge is how the random number that has been generated—called r—is sent to the person who owns the ENS name. Buterin added a couple of potential ways to achieve this, considering transferring the information away from the blockchain. But he didn’t settle on a clear solution.
“Or there could be some fancy technique we have not thought of yet,” he mulled.