It is reported that the Umbra protocol was developed by Matt Solomon and Ben DiFrancesco for the HackMoney 2020 virtual hackathon, and is currently available on the Ethereum Ropsten testnet.
What is it used for? simply say:

“With an invisible address, the payer can send ETH or ERC20 tokens to an address controlled by the receiver, and apart from both parties, no third party can know who the receiver is.”

On the chain, the transaction looks like it is simply transmitted to an unused address on the Ethereum network.

Figure: View ETH transactions using Umbra protocol on Etherscan. On the chain, the invisible address looks like a normal EOA address.

Outside the chain, the sender has used ENS to generate a new address through the public key issued by the receiver. By encrypting the data used to generate the address, and through the Umbra smart contract, the sender can let the receiver know that they have sent the payment to the new invisible address. Only the receiver can generate the private key required to withdraw funds.

By using the Gas Station network and Uniswap, Umbra enables withdrawals to use the tokens they receive to pay for gas. This avoids the need to use ETH to fund invisible addresses before withdrawing money.
The difference between Umbra and Tornado Cash

What is the difference between Umbra and Tornado Cash that Vitalik often mentions?

Simply put, Tornado Cash is an on-chain coin mixer that uses zero-knowledge proofs. When you put coins in it and wait for others to do the same, you can use your own proofs to withdraw assets. It is concentrated in the mixer, so the link between the source address and the withdrawal address is broken.

The Umbra protocol is used for payment between two entities, and comes with a different set of privacy trade-offs (that is, different directions are considered). Umbra does not break the link between the sender and receiver addresses, but makes the Links are meaningless. Everyone can know the address to which funds are sent, but they cannot know who is controlling that address.

In addition to these, the Umbra protocol also has some very interesting features. For example, it uses much less gas because it does not require any advanced encryption technology on the verification chain. All transactions are simple transfers. In addition, it allows ETH and any ERC20 tokens to be transferred privately, you don’t need to rely on a large anonymous set.

Description of the working principle of Umbra protocol

Finally, briefly talk about how the Umbra protocol is implemented:

The user posts the signed message to the ENS text record to display their Umbra public key. This public key is derived from the random private key generated specifically for Umbra.
The payer uses this public key, plus some randomly generated data, and then creates a new “invisible” address.
The payer uses the receiver’s public key to encrypt random data.
The payer sends the funds to the shielded address and sends the encrypted message to Umbra’s smart contract. The contract broadcasts the encrypted message as an event.
The receiver scans the encrypted message broadcast by the Umbra protocol until it finds a message that can be decrypted with the private key.
The receiver uses the content of the encrypted message plus their private key to generate the private key of the invisible address.
The recipient uses the private key of the invisible address to sign a withdrawal transaction and sends the ETH or token to the address of their choice.
Another alternative is that the withdrawal transaction is broadcast through the Gas Station network transaction relayer, avoiding the need to provide ETH funds for accessing the invisible address of the token. The Umbra contract exchanges some tokens through Uniswap to pay gas to GSN relayers.
As of now, the Umbra protocol is still in the stage of testing on the Ropsten testnet. According to Ben DiFrancesco, they plan to improve the Umbra protocol and will soon be launched on the Ethereum mainnet. Their primary task is to ensure the security of the contract. It involves the safety of users’ funds.