Every transaction on a public blockchain leaves a permanent trail. When you reuse the same address to receive multiple payments, anyone can see your entire transaction history, balance, and payment patterns. Stealth addresses solve this problem by generating unique, one-time addresses for every transaction.
The Address Reuse Problem
Traditional cryptocurrency addresses work like email addresses. Once someone knows your address, they can see every payment you receive and trace your balance over time. This creates serious privacy issues for both individuals and businesses.
Consider a merchant accepting cryptocurrency payments. Using a single address means customers can see how much business the merchant does, what their revenue patterns look like, and who else pays them. Competitors gain valuable business intelligence. Individual customers can be tracked across purchases.
The conventional solution is to generate a new address for each transaction manually. But this creates a coordination problem: how do you communicate fresh addresses to payers without revealing that all those addresses belong to you? Stealth addresses automate this process cryptographically.
How Stealth Addresses Work
A stealth address is an address that can be generated by either the sender or receiver, but which can only be controlled by the receiver. The core innovation is using elliptic curve cryptography to enable one party to generate addresses on behalf of another.
The process relies on the Elliptic Curve Diffie-Hellman (ECDH) protocol, which is fundamentally about establishing shared secrets over insecure channels. This same mathematical principle that secures internet communications also enables stealth addresses.
The Basic Protocol
The basic stealth address protocol (BSAP) was first developed by a Bitcoin Forum member named ByteCoin in 2011. Here is how it works:
- Receiver generates keys: The receiver creates a private key and derives a corresponding public key. They publish this public key as their stealth meta-address
- Sender generates ephemeral key: When sending a payment, the sender generates a random ephemeral private key and its corresponding public key
- Shared secret computation: The sender computes a shared secret by combining their ephemeral private key with the receiver's public key using ECDH
- One-time address generation: The shared secret is used to derive a one-time public key, which becomes the payment address
- Publishing the ephemeral key: The sender publishes their ephemeral public key on-chain alongside the transaction
- Receiver scanning: The receiver scans the blockchain for published ephemeral keys, combines them with their private key to compute the same shared secret, and derives the same one-time addresses
- Spending: The receiver can compute the private key for each one-time address and spend the funds
The mathematical beauty is that both parties can compute the same shared secret independently, but neither party reveals their private key. An observer sees only unique addresses with no apparent connection.
Dual-Key Stealth Addresses
The dual-key stealth address protocol (DKSAP) improves on the basic protocol by using two pairs of cryptographic keys: a "scan key" pair and a "spend key" pair. This separation enables important functionality.
DKSAP has been implemented in several cryptocurrency systems since its development, including Monero, Samourai Wallet, and TokenPay. The dual-key approach provides several advantages:
- View-only wallets: The scan key can be shared with a view-only wallet that can detect incoming payments without being able to spend them
- Hot/cold separation: The scan key can be kept on an internet-connected device for convenience while the spend key remains in cold storage
- Auditing: The scan key can be given to an auditor who can view all transactions without the ability to move funds
The scan key checks the blockchain for transactions, while the spend key is needed to actually transfer the funds. This separation of concerns improves both security and usability.
Ethereum Standard: ERC-5564
ERC-5564 establishes a standard for the generation and interaction of stealth addresses on Ethereum. This standardization is crucial for interoperability between different wallets and applications.
The standard defines how stealth meta-addresses should be formatted, how ephemeral public keys should be announced on-chain, and how recipients should scan for payments. This enables users to publish a single stealth meta-address that works across all compatible applications.
A key component is the announcement contract. When sending to a stealth address, the sender calls this contract to announce the ephemeral public key. Recipients monitor these announcements to discover payments meant for them. The announcement contract ensures a consistent place to look for stealth address data across the entire Ethereum ecosystem.
Privacy Properties
Stealth addresses provide strong privacy guarantees by breaking on-chain linkability. Each payment goes to a unique address that appears unrelated to previous payments. An observer cannot determine how many payments a receiver has gotten or link different payments to the same entity.
However, stealth addresses do not hide all information. The transaction amount remains visible on most blockchains (unless combined with additional privacy technology). The timing of payments is also observable. And importantly, the sender can still see what they sent and when.
Privacy is enhanced when combined with other techniques. Using stealth addresses with a mixing service or privacy pool creates a situation where an observer cannot link payments to recipients AND cannot trace the source of funds. The combination is more powerful than either technique alone.
Implementation Challenges
The main practical challenge with stealth addresses is the scanning requirement. Recipients must scan every transaction on the blockchain to check if it might be for them. This computation scales linearly with blockchain activity.
For individual users, this is manageable. Wallets can scan in the background and cache results. But for high-volume merchants or exchanges, scanning becomes computationally expensive. Light clients face additional challenges as they cannot scan the full blockchain.
Several optimizations help. View tags add a small piece of data that allows quick filtering of obviously irrelevant transactions before doing full ECDH computations. Merkle trees of announcements enable efficient proofs that a payment was received without scanning everything.
Another consideration is backup and recovery. Traditional addresses can be restored from a seed phrase. Stealth addresses require either keeping detailed records of all ephemeral keys or re-scanning the entire blockchain from the wallet's creation date.
Stealth Addresses in Priv Wallet
Our stealth registry implements the dual-key protocol with optimizations for efficient scanning. When you register a stealth meta-address, you publish your scan and spend public keys. Anyone can generate one-time addresses for you without interaction.
Senders use your meta-address to compute unique payment addresses. They publish their ephemeral keys to our registry contract, which emits events that your wallet monitors. This event-based approach is more efficient than scanning raw transaction data.
The wallet maintains an index of processed blocks, so rescanning after being offline only requires checking new activity. Encrypted metadata can be attached to announcements, allowing senders to include payment references or notes that only you can read.
Integration with our privacy pool means you can receive funds to a stealth address and immediately deposit them for mixing. This combination breaks both the link to your other addresses and the link to the sender, providing layered privacy protection.
The Future of Payment Privacy
Stealth addresses represent a fundamental shift in how we think about blockchain addresses. Rather than addresses being permanent identifiers, they become ephemeral communication channels. Each payment is a unique event rather than a contribution to a permanent record.
As standards like ERC-5564 gain adoption, stealth addresses will become a default privacy feature rather than an advanced option. The complexity becomes hidden behind user-friendly interfaces. You publish one meta-address, and all the cryptographic mechanics happen automatically.
Combined with zero-knowledge proofs and mixing protocols, stealth addresses form part of a comprehensive privacy stack. Each technology addresses a different aspect of privacy: stealth addresses break recipient linkability, mixers break sender linkability, and zero-knowledge proofs hide transaction amounts and enable compliance without exposure.
Privacy should not require expertise in cryptography. It should be the default, built into the foundation of how systems work. Stealth addresses move us closer to that goal.