What Are Stealth Address and How Do They Work?

Image for post
Image for post

The majority of today’s blockchains, including the biggest ones — Bitcoin and Ethereum — are open and public ledgers, without any limitations regarding participation in the network and transparent transactions.

Public ledgers are generally seen as “pseudo-anonymous” as addresses can be linked to one person although that person’s identity is unknown to the public. However, by combining this info with other data it is possible to discover the real world identity behind the address. Many individuals and companies prefer to have an additional layer of security in order to keep their privacy. That’s where stealth addresses come to play.

Stealth Address Key Mechanisms

A stealth address is a privacy-enhancing technology used to protect the privacy of people that receive cryptocurrency payments. Stealth addresses require the sender to form a random, one-time address for every transaction so that different payment cannot be traced to the same payee.

Basic Stealth Address Protocol (BSAP)

The basic stealth address plan was first developed by a Bitcoin Forum member called “ByteCoin” back in 2011, which relied on the Elliptic Curve Diffie-Hellman (ECDH) protocol and worked in the following way:

The sender and receiver own public/private key pairs (a, A) and (b, B), respectively, where A = a·G and B = b·G and G is the base point of an elliptic curve group.

Both the sender and receiver can create a shared secret c using the ECDH: c = H(a·b·G) = H(a·B) = H(b·A), where H(·) is a cryptographic hash function.

The sender uses merely c·G as the temporary destination address for sending the payment.

The receiver then monitors the blockchain to see if a transaction has been sent to the c·G address. If it has, the payment can be used with a corresponding private key c.

This protocol has two flaws. First — the temporary address between entities is fixed. And second — both sender and receiver can compute a private key c. This means that if the receiver doesn’t withdraw the money in the timely fashion, the sender can change his mind and take the money back.

Improved Stealth Address Protocol (ISAP)

To address the design flaws in BSAP, an improved version called ISAP has been created in 2013 by Nicolas van Saberhagen in CryptoNote’s whitepaper. Peter Todd later adapted this in the Bitcoin protocol in 2014. ISAP is an upgrade to BSAP, applying an additional key creation technique, as shown below:

The receiver has a public/private key pair (b, B), where B = b·G and G is the base point of an elliptic curve group.

The sender generates a temporary key pair (r, R), where R = r·G and transmits it with the transaction.

Both the sender and receiver can compute a shared secret c using the ECDH: c = H(r·b·G) = H(r·B) = H(b·R), where H(·) is a cryptographic hash function.

The sender uses c·G + B as the temporary destination address for sending the payment.

The receiver actively monitors the blockchain and check whether some transaction has been sent to the purported destination address c·G + B. If it is, the payment can be spent using the corresponding private key c + b. Note that the receiver is the only person that can compute the temporary private key c + b.

While ISAP fixed the flaws of BSAP, a blockchain node still needs to utilize its private key b for scanning the blockchain to find the destination address c·G + B, which is, you will agree, not very safe. The continuous usage of the private key increases the risk of it being compromised.

Dual-Key Stealth Address Protocol (DKSAP)

To solve the problem of overuse of private spending key, a dial-key enhancement DKSAP was created. The person behind is a developer known as rynomster/sdcoin, which made it in 2014 for ShadowSend, a decentralized anonymous wallet solution. The DKSAP utilizes two pairs of cryptographic keys, a “scan key” par and a “spend key” pair and creates a one-time payment address per transaction.

In DKSAP, if an auditor or a proxy server exists in the network, the receiver can share the “scan private key” s and the “spend public key” b with the auditor/proxy so that those entities can check the transaction on behalf of the receiver. But, they cannot compute the temporary private key c + b, and spend the payment.

These are the basics of the stealth addresses. To learn more follow us on social networks, as we will explore all kinds of privacy features and technologies.

Written by

Secret Contract Platform for Privacy 2.0

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store