*This is a privacy recipe for yoav.eth (co-author of the ERC-4337 standard) outlined in a 4337Mafia chat -- *
Privacy is one of the most important use cases of 4337 IMHO. No relays are needed - the entire network of bundlers (ultimately all block builders in the future) serve as relays, offering maximum censorship resistance. Projects like Nocturne can take advantage of this to add a privacy layer.
The basic flow for a privacy-preserving paymaster would be something like this:
User wants to withdraw the funds to a fresh unfunded address. The address is a calculated CREATE2 address for the user's new account.
User wants to withdraw the funds to a fresh unfunded address. The address is a calculated CREATE2 address for the user's new account.
User generates a mixer withdrawal message, withdrawing the funds to the address of a MixerPaymaster (not the user's account - but the paymaster).
User creates a UserOp that includes this message and specifies UserOp.paymaster=MixerPaymaster. The UserOp is sent to the 4337 mempool.
Bundler picks the UserOp from the mempool, simulates the validation, and checks if MixerPaymaster agrees to pay for the gas.
MixerPaymaster's validation function checks the withdrawal message (during the bundler simulation), sees that it's valid, and agrees to pay.
Bundler puts the UserOp on the chain, passing it to EntryPoint.
EntryPoint deploys an account to the user's fresh address during UserOp validation.
MixerPaymaster performs the withdrawal, getting the funds.
In MixerPaymaster.postOp, the paymaster deducts the cost of the operation from the funds received and forwards the rest to the user's fresh address.
At the end of this transaction, the user's new address has a deployed account containing the mixed funds minus the cost of the withdrawal+deployment.
And no relay was used—just the 4337 mempool.