A Rust implementation of the FHE-DKSAP (Fully Homomorphic Encryption based Dual Key Stealth Address Protocol) for enhanced privacy in blockchain transactions.
This implementation is for research and educational purposes only. It has not been audited and is not intended for production use. Use at your own risk.
FHE-DKSAP is an advanced stealth address protocol that leverages Fully Homomorphic Encryption (FHE) to provide enhanced privacy protection for blockchain transactions. This protocol addresses the limitations of traditional Dual-Key Stealth Address Protocols (DKSAP) by:
- Quantum Resistance: Built on lattice-based cryptography, providing protection against quantum computing attacks
- Enhanced Privacy: Computations are performed over encrypted data, preventing key leakage attacks
- Outsourced Computation: Enables third-party verification without revealing private keys
This implementation is based on the research presented in the Ethereum Research Forum.
FHE-DKSAP is an advanced stealth address protocol that builds upon DKSAP and BasedSAP with significant privacy and security improvements. The protocol operates through three main phases:
Bob creates two key pairs for enhanced privacy and security:
-
Ethereum Wallet Key Pair
(sk₂, PK₂):sk₂is a randomly generated Ethereum wallet private key for stealth address spending- This key does not need to be registered on Ethereum before use and is separate from Bob's main wallet
PK₂is the corresponding public key generated using standard Ethereum address conversion
-
FHE Key Pair
(sk_b, PK_b):sk_bis Bob's FHE private key for encryption and decryption operationsPK_bis used to encryptsk₂into ciphertextC₂- Due to FHE's quantum resistance, it's safe to encrypt the private key
-
Public Sharing: Bob publicly shares
PK₂,PK_b, and the encryptedC₂
Alice generates a unique ephemeral key pair for each stealth address transaction:
-
Ephemeral Key Generation: Alice creates
(sk₁, PK₁)randomly for each transactionsk₁is an Ethereum ephemeral private key- The corresponding public key/wallet address doesn't need Ethereum registration
-
Stealth Address Creation:
- Alice combines her ephemeral public key
PK₁with Bob's public keyPK₂to obtainPK_z - The stealth address is generated from
PK_zusing standard Ethereum address conversion
- Alice combines her ephemeral public key
-
Encryption and Broadcasting:
- Alice encrypts her ephemeral private key
sk₁using Bob's FHE public keyPK_b, creating ciphertextC₁ - Alice broadcasts
C₁in an untrackable manner so Bob can retrieve it - Important: Alice cannot know the stealth address's private key since private keys cannot be derived from public keys
- Alice encrypts her ephemeral private key
Bob recovers the stealth address private key using FHE operations:
-
Ciphertext Addition: Bob receives
C₁and adds the two ciphertexts (C₁ + C₂) to obtainC -
FHE Decryption: Using the additive homomorphism property of FHE, Bob decrypts
Cwith his FHE private keysk_b- The decryption result is the stealth address private key
sk_z
- The decryption result is the stealth address private key
-
Stealth Address Control: Bob can now generate the stealth address from
sk_zand control the wallet- Only Bob possesses the private key
sk_zto spend from the stealth address
- Only Bob possesses the private key
FHE-DKSAP provides significant enhancements compared to DKSAP and BasedSAP:
- Enhanced Privacy: All computations are performed over encrypted data (ciphertext), protecting sensitive information
- Key Leakage Prevention: Eliminates the risk of private key and personal information leakage
- Quantum Resistance: Built on lattice-based FHE cryptography, providing protection against quantum computing attacks
- Outsourced Verification: Enables third-party verification without revealing private keys
sequenceDiagram
participant Bob as Receiver (Bob)
participant Alice as Sender (Alice)
participant Chain as Blockchain
participant Network as Network
Note over Bob: Phase 1: Bob's Setup
Bob->>Bob: Generate Ethereum wallet key pair (sk₂, PK₂)
Bob->>Bob: Generate FHE key pair (sk_b, PK_b)
Bob->>Bob: Encrypt sk₂ using PK_b → C₂
Bob->>Network: Publish PK₂, PK_b, C₂ publicly
Note over Alice: Phase 2: Alice's Transaction
Alice->>Alice: Generate ephemeral key pair (sk₁, PK₁)
Alice->>Alice: Combine PK₁ + PK₂ → PK_z
Alice->>Alice: Generate stealth address from PK_z
Alice->>Alice: Encrypt sk₁ using PK_b → C₁
Alice->>Chain: Send transaction to stealth address
Alice->>Network: Broadcast C₁ (untrackable)
Note over Bob: Phase 3: Bob's Recovery
Bob->>Network: Receive C₁
Bob->>Bob: Add ciphertexts: C₁ + C₂ → C
Bob->>Bob: Decrypt C using sk_b → sk_z
Bob->>Bob: Generate stealth address from sk_z
Bob->>Chain: Spend from stealth address using sk_z
- Rust 1.81 or later
- Cargo package manager
Add the following to your Cargo.toml:
[dependencies]
fhe-dksap = "0.1.0"# Clone the repository
git clone https://github.com/Envoy-VC/fhe-dksap
cd fhe-dksap
# Build the project
cargo build --release
# Run the example
cargo run --example user_flowThe main example demonstrates the complete FHE-DKSAP protocol:
use secp256k1::Secp256k1;
use tfhe::ConfigBuilder;
use fhe_dksap::{
generate_ethereum_key_pair, generate_fhe_key_pair, generate_stealth_address,
recover_secret_key, encrypt_secret_key
};
fn main() -> Result<(), Box<dyn std::error::Error>> {
println!("🚀 Starting FHE-DKSAP Protocol Demonstration");
// Initialize cryptographic contexts
let secp = Secp256k1::new();
let config = ConfigBuilder::default().build();
// Phase 1: Bob (Receiver) Setup
println!("\n📋 Phase 1: Bob (Receiver) Setup");
// Generate Ethereum wallet key pair for stealth address spending
let receiver_eth_keypair = generate_ethereum_key_pair(&secp)?;
// Generate FHE key pair for encryption/decryption
let receiver_fhe_keypair = generate_fhe_key_pair(config)?;
// Encrypt the receiver's secret key
let receiver_enc_secret_key = encrypt_secret_key(
receiver_eth_keypair.secret_key,
&receiver_fhe_keypair.public_key,
);
println!("✅ Receiver setup completed");
// Phase 2: Alice (Sender) Creates Stealth Address
println!("\n📋 Phase 2: Alice (Sender) Creates New Stealth Address");
let stealth_address = generate_stealth_address(
&secp,
&receiver_eth_keypair.public_key,
&receiver_fhe_keypair.public_key,
)?;
println!("✅ Stealth address generated");
println!("Stealth Address: {}", stealth_address.stealth_address);
// Phase 3: Bob (Receiver) Recovers Stealth Address
println!("\n📋 Phase 3: Bob (Receiver) Recovers Stealth Address Secret Key");
let recovered_keypair = recover_secret_key(
&secp,
&receiver_fhe_keypair,
&receiver_enc_secret_key,
&stealth_address.encrypted_secret_key,
)?;
let phase3_end = phase3_start.elapsed();
println!("✅ Stealth address private key recovered");
// Verification
println!("\n🔍 Verification");
let recovered_address = fhe_dksap::utils::pk_to_eth_address(&recovered_keypair.public_key);
let is_valid = stealth_address.stealth_address == recovered_address;
if is_valid {
println!("✅ SUCCESS: Recovered stealth address matches generated address!");
} else {
println!("❌ ERROR: Address verification failed!");
}
Ok(())
}To run the examples:
# Run the main example
cargo run --example user_flow
# Run with release optimizations (recommended for performance)
cargo run --release --example user_flowWe welcome contributions to improve the FHE-DKSAP implementation!
This implementation is based on the groundbreaking research presented in:
- FHE-DKSAP Research Paper - The original research by Ethereum Fellows
- EIP-5564 - Stealth Addresses for Ethereum
- BasedSAP - The foundational stealth address protocol
- TFHE-rs - Fully Homomorphic Encryption library by Zama AI
- secp256k1 - Bitcoin/Ethereum elliptic curve implementation
- sha3 - Keccak-256 hashing implementation
This project is licensed under the MIT License - see the LICENSE file for details.
Disclaimer: This software is provided "as is" without warranty of any kind. Use at your own risk and only for research purposes.