Blockchains are distributed ledgers that record every transaction occurring within the network, including the sender’s address, the receiver’s address, and the transferred amount. These records are publicly accessible and can be inspected by anyone at any time. While blockchain addresses do not directly store personal information, they are pseudonymous rather than private. Once the real world identity behind a wallet address is uncovered through exchanges, payments, or social interactions, it becomes easy to trace all past and future transactions linked to that address. Also, the complete financial history of a wallet can be viewed without restriction, simply because blockchain data is designed to be public.
What Are Stealth Addresses?
The concept of stealth addresses was introduced to enhance privacy in blockchain transactions. A stealth address is a unique, one-time wallet address generated for each transaction. Instead of reusing a single public address, stealth addresses enable users to receive funds through different, unlinkable addresses every time.
To an outside observer, it seems that funds sent using stealth addresses are transferred to completely new and unrelated wallet addresses for each transaction. This design makes it difficult to associate multiple payments with the same recipient, even though all transactions remain publicly visible on the blockchain.
Let’s go through an example to understand how stealth addresses work in practice.
Suppose Alice wants to send some funds to her friend Bob. Bob prefers to receive funds privately, and Alice wants to ensure that this payment cannot be easily traced back to either her wallet address or her previous transactions. This is where stealth addresses come into play.
The Dual-Key Model
In a typical blockchain wallet, a user controls a single private key, which is used to derive a public key or the wallet address. However, stealth addresses utilize a dual-key model known as the Dual-Key Stealth Address protocol.
In this model, the receiver, Bob, generates two separate private keys. A viewing key and a spending key.
- Viewing Key: The viewing key allows Bob to scan the blockchain and identify payments that belong to him.
- Spending Key: The spending key is used to control and spend the funds once they are received.
Once Bob has generated both keys, the next step is to derive their corresponding public keys. These two public keys, the viewing public key and the spending public key, are then combined into a single key known as a stealth meta address.
The stealth meta address is not a wallet address that holds funds directly. Instead, it serves as a public identifier that Bob can safely share with others. Bob then sends this stealth meta address to Alice (the receiver).
Sender’s Process: Generating the Stealth Address
Once Alice has the stealth meta address of Bob, as the sender, Alice needs to follow a few steps to send the funds securely. First, She will generate a temporary key pair, which we will refer to as an ephemeral key pair. This key pair will only be used for this specific transaction and is essentially a throwaway key pair.
The next step is to mix the viewing public key extracted from the stealth meta address (remember, the stealth meta address is generated by combining the viewing and spending public keys) with the ephemeral private key to generate a shared secret.
We call this a shared secret because Bob will later be able to recreate the same secret using his viewing private key and the ephemeral public key. We can use the Elliptic Curve Diffie-Hellman (ECDH) protocol to generate this shared secret.
_Note:
ECDH is a cryptographic key exchange protocol enabling two parties to establish a shared secret key over an insecure channel securely.
_
Next, Alice can use this shared secret to generate a unique address where she can send her funds. This is known as a stealth address.
How the Recipient Detects and Claims Funds
The question is, once I send money to this random wallet address, how does Bob know that I made a transaction?
More importantly, how does he gain access to the funds in this random wallet address?
After Alice transferred funds to a random wallet as the sender, she published something called an Announcement to the blockchain. This Announcement contains the ephemeral public key Alice generated and the view tag, which consists of the first few bytes of the shared secret sge generated previously, along with the actual stealth address Alice sent money to.
Now comes the final part of the process. As the recipient, Bob needs to monitor the blockchain and check for the announcement that was published. Since there could be announcements from many different people, how can Bob find the specific announcement Alice made for this specific transaction?
Bob is going to check each announcement. For each announcement, he will retrieve the ephemeral public key and combine it with his Viewing Private Key to generate the shared secret.
If the announcement is intended for him (meaning a transaction has been made to him), the first few bytes of the shared secret that Bob generates should match the view tag value contained in the announcement.
_Note:
The initial view tag comparison check speeds up the announcement scanning process by avoiding the reconstruction of stealth addresses for every announcement.
_
Once he found the correct announcement, he could follow the next step to access his funds.
Bob can combine the spending public key he has with the shared secret to generate the stealth address where Alice has sent the funds. If the stealth address that Bob generates matches the stealth address in the announcement, he can confirm that the transaction was intended for him.
Generating the Stealth Private Key
Now let’s move on to the final step of the process Which is generating the private key for the stealth address so that Bob can transfer funds to any wallet he chooses.
To create the stealth private key, Bob needs to mathematically combine the spending private key with the generated shared secret. This process will yield the stealth private key for the stealth address to which Alice sent the funds. Once Bob has this private key, he can transfer funds from the temporary stealth wallet to any other wallets he likes.
From the point of view of someone watching my wallet address, it will look like Alice sent funds to a random wallet address, not directly to a wallet owned by Bob. In the same way, someone who is watching Bob’s wallet address will not clearly see that he received funds from my wallet, because the money was sent to a one-time stealth address instead.
After receiving the funds, Bob can move the money from the stealth address to any other wallet he owns, or even send it directly to an exchange. This can be done without creating a clear, direct link between my wallet address and Bob’s main wallet address.
One important thing to note is that stealth addresses do not hide transaction amounts. Anyone looking at the blockchain can still see how much money was sent to the one-time stealth address. Also, if someone carefully tracks the movement of funds over time, they might be able to guess a connection between my wallet and Bob’s wallet. However, this connection is indirect and much harder to make compared to sending funds directly to a regular wallet address.
In this section, we concentrated on the overarching concepts and cryptographic processes related to stealth addresses. In the next part, we will explore a specific off-chain implementation, demonstrating how these concepts are translated into actual code and how both the sender and receiver can independently generate the same stealth address in practice.
_Originally published at https://jinalipabasara.substack.com.
_
Top comments (3)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.