ERC-7524: PLUME Signature in Wallets


Discussion thread for Add ERC: PLUME Signature in Wallets by Divide-By-0 · Pull Request #242 · ethereum/ERCs · GitHub

This ERC adds a signature scheme called PLUME to existing Ethereum keypairs that enables unique anonymous nullifiers for accounts in ZK. This enables ZK voting, anonymous proof of solvency, unlinked airdrops, and moderation on anonymous message boards – all directly with Ethereum keypairs.


A good point was raised by @OrenYomtov that we should really call the V1/V2 as verifier-optimized vs prover-optimized.

1 Like

A PR to Taho Wallet implementing ERC-7524 has been created:


Great to see this moving forward! Are there PRs for other wallets?


So cool, working on something similar with orgs, identity and handshakes, I don’t think its a different direction just neat name

code looks more like implementation than a standard, anyone working on the eip:

maybe a different standard already set?

I’ll take a crack at it but might need a different standard for what I’m working on, will review

Yeah! For metamask, we have an open PR set (rpc, api, core), and folks are working on Ledger implementations right now! Mina has an implementation and Aztec is currently building one.

1 Like

Hey – this standard has nothing to do with handshakes, are you sure you’re commenting on the right post?

We think it’s important to have a standard so that different wallets can interoperate with each other, as everyone in some anonymity set needs to have the same PLUME signature for the nullifiers to work.

We have reference implementations, but we expect many wallets (such as Ledger) to require bespoke implementations. You’ve linked to a blank EIPs page, are you referring to anything concrete?

This is so needed, why this is not a thing already?! Some zk apps require nullifiers, which have to be derived using the user’s secret. Since wallets are not supposed to provide access to private keys, there should be a way to get something that only the user knows, but seems there’s no API for it.

1 Like

Hey! We think the reason it hasn’t been adopted is due to slow wallet adoption and time needed to finish and audit the halo2 circuits for fast in browser proving. We wre optimistic that this will get better within the next few months.

Hey Ayush, would love to know the status on the Plume Halo2 circuit. And also if metamask supports creating Plume Nullifiers. Thanks!

1 Like

As an update on this, Shreyas has finished the PLUME Halo2 circuits! We expect an audit to occur in April. The circuits are here: Axiom V2 Halo2 implementation by Divide-By-0 · Pull Request #83 · plume-sig/zk-nullifier-sig · GitHub

Even given the reasoned advances in ZKVMs such as SP1, we still believe that Halo 2 is likely to be the fastest for browser side Halo 2 proving, due to upcoming results with Web GPU acceleration + the register optimization of small field Starks likely not being as fast within WASM.

1 Like