Enhancing Privacy with Stealth Addresses on Public Blockchains
Source: Dev.to
Blockchains are distributed ledgers that record every transaction occurring within the network, including the sender’s address, the receiver’s address, and the transferred amount. These records are publicly accessible and can be inspected by anyone at any time. While blockchain addresses do not directly store personal information, they are pseudonymous rather than private. Once the real‑world identity behind a wallet address is uncovered—through exchanges, payments, or social interactions—it becomes easy to trace all past and future transactions linked to that address. Moreover, the complete financial history of a wallet can be viewed without restriction because blockchain data is designed to be public.
What Are Stealth Addresses?
The concept of stealth addresses was introduced to enhance privacy in blockchain transactions. A stealth address is a unique, one‑time wallet address generated for each transaction. Instead of reusing a single public address, stealth addresses enable users to receive funds through different, unlinkable addresses every time.
To an outside observer, it appears that funds sent using stealth addresses are transferred to completely new and unrelated wallet addresses for each transaction. This design makes it difficult to associate multiple payments with the same recipient, even though all transactions remain publicly visible on the blockchain.
Example
Suppose Alice wants to send some funds to her friend Bob. Bob prefers to receive funds privately, and Alice wants to ensure that this payment cannot be easily traced back to either her wallet address or her previous transactions. This is where stealth addresses come into play.
The Dual‑Key Model
In a typical blockchain wallet, a user controls a single private key, which is used to derive a public key (or the wallet address). Stealth addresses, however, utilize a dual‑key model known as the Dual‑Key Stealth Address protocol.
In this model, the receiver (Bob) generates two separate private keys:
| Key | Purpose |
|---|---|
| Viewing Key | Allows Bob to scan the blockchain and identify payments that belong to him. |
| Spending Key | Used to control and spend the funds once they are received. |
Once Bob has generated both keys, he derives their corresponding public keys. These two public keys—the viewing public key and the spending public key—are then combined into a single key known as a stealth meta‑address.
The stealth meta‑address is not a wallet address that holds funds directly. Instead, it serves as a public identifier that Bob can safely share with others. Bob then sends this stealth meta‑address to Alice (the sender).
Sender’s Process: Generating the Stealth Address
With Bob’s stealth meta‑address in hand, Alice proceeds as follows:
-
Generate an Ephemeral Key Pair
Alice creates a temporary (throw‑away) key pair that will be used only for this transaction. -
Create a Shared Secret
She mixes the viewing public key (extracted from the stealth meta‑address) with her ephemeral private key to generate a shared secret.
Bob will later be able to recreate the same secret using his viewing private key and Alice’s ephemeral public key.
The shared secret is derived via the Elliptic Curve Diffie‑Hellman (ECDH) protocol.Note
ECDH is a cryptographic key‑exchange protocol that enables two parties to establish a shared secret key over an insecure channel securely. -
Derive the Stealth Address
Alice uses the shared secret to compute a unique one‑time address—the stealth address—to which she will send the funds.
How the Recipient Detects and Claims Funds
Problem: After Alice transfers funds to the random stealth address, how does Bob know that a transaction is meant for him, and how does he gain access to the funds?
-
Announcement
Once the transfer is made, Alice publishes an Announcement on the blockchain that contains her ephemeral public key. -
Scanning
Bob continuously scans the blockchain, looking for transactions that include a stealth address and an accompanying announcement. -
Re‑creating the Shared Secret
Using his viewing private key together with Alice’s ephemeral public key (from the announcement), Bob recomputes the shared secret. -
Deriving the Private Key for the Stealth Address
From the shared secret, Bob derives the private key corresponding to the one‑time stealth address that received the funds. -
Spending
With this private key, Bob can now spend the funds just like any normal transaction.
Summary
- Stealth addresses provide per‑transaction unlinkability while keeping the blockchain public.
- The dual‑key model separates viewing (detection) and spending (control) capabilities.
- ECDH enables the sender and receiver to generate a shared secret that creates a unique, one‑time address.
- The announcement mechanism lets the receiver discover and claim funds without revealing any linkage to their primary address.
This combination of cryptographic techniques allows users to enjoy a higher degree of privacy on otherwise transparent public ledgers.
Alice generated the view tag, which consists of the first few bytes of the shared secret sge generated previously, together with the actual stealth address Alice sent money to.
Bob’s Scanning Process
Now comes the final part of the process. As the recipient, Bob needs to monitor the blockchain and check for the announcement that was published. Since there could be announcements from many different people, how can Bob find the specific announcement Alice made for this transaction?
Bob will check each announcement. For each one he:
- Retrieves the ephemeral public key.
- Combines it with his Viewing Private Key to generate the shared secret.
If the announcement is intended for him (i.e., a transaction has been made to him), the first few bytes of the shared secret that Bob generates will match the view‑tag value contained in the announcement.
Note – The initial view‑tag comparison speeds up scanning by avoiding the reconstruction of stealth addresses for every announcement.
Once Bob finds the correct announcement, he proceeds to the next step to access his funds.
Reconstructing the Stealth Address
Bob combines the spending public key he has with the shared secret to generate the stealth address where Alice sent the funds. If the generated stealth address matches the one in the announcement, Bob can confirm that the transaction was intended for him.
Generating the Stealth Private Key
The final step is generating the private key for the stealth address so that Bob can transfer the funds to any wallet he chooses.
- Combine the spending private key with the generated shared secret.
- The result is the stealth private key for the one‑time stealth address.
With this private key, Bob can:
- Transfer funds from the temporary stealth wallet to any other wallet he owns.
- Send the funds directly to an exchange.
From an external observer’s point of view, it looks as if Alice sent funds to a random address, not directly to a wallet owned by Bob. Likewise, someone watching Bob’s main address will not see a direct link to Alice’s address because the money was sent to a one‑time stealth address.
Important Caveats
- Amounts are not hidden – Anyone can see how much was sent to the stealth address.
- Linkability – If an analyst carefully tracks fund movements over time, they might infer a connection between Alice’s and Bob’s wallets, but this link is indirect and far harder to establish than with a regular address.
What’s Next?
In this section we covered the overarching concepts and cryptographic processes behind stealth addresses. In the next part we will explore a specific off‑chain implementation, demonstrating how these concepts are translated into actual code and how both the sender and receiver can independently generate the same stealth address in practice.