Stealth addresses let a payer create a unique, unlinkable destination for each payment so a recipient’s public identity is not exposed on-chain. Implementing them relies on a handful of well-understood cryptographic schemes that jointly provide key agreement, one-time key derivation, and optional ciphertext secrecy.
Core cryptographic building blocks
At the heart is Elliptic Curve Diffie-Hellman which lets sender and recipient derive a shared secret from the sender’s ephemeral key and the recipient’s public scan key. Cryptographers such as Dan Boneh Stanford University have summarized the role of Diffie-Hellman style key agreement in key management. That shared secret is fed into a key derivation function and hash functions to produce a one-time public key for the output address. Implementations vary by curve; Bitcoin-style systems use secp256k1 while privacy-focused systems often use Curve25519 or Ed25519. Research underpinning Monero traces to the CryptoNote design by Nicolas van Saberhagen CryptoNote which explicitly uses elliptic curve key derivation to generate one-time keys for each payment.
Complementary primitives and protocol patterns
To hide who paid whom, wallets also use public-key encryption schemes such as ECIES to protect an ephemeral payload or notification. Payment-code and stealth-address proposals in the Bitcoin ecosystem rely on an initial Diffie-Hellman exchange and optionally a notification transaction so the receiver can scan for payments without publishing their master address. Developers and researchers including Gregory Maxwell Blockstream have discussed practical trade-offs for these patterns in open-source design notes and mailing lists. The exact combination of primitives affects performance and wallet scanning costs.
Ring signatures and related linkability-reduction techniques are not strictly required to create stealth addresses but are often paired with them in privacy coins. CryptoNote based systems use ring signatures to obscure which one-time output belongs to the spender, which amplifies the privacy benefits of stealth-style one-time keys. Cultural and territorial considerations matter because demand for transaction privacy varies by legal regime and user community, influencing which primitives are chosen and how aggressively wallets pursue zero-knowledge or ring-based anonymity.
Consequences include improved address privacy and reduced traceability for users, at the cost of greater complexity, larger transaction sizes, and potential regulatory scrutiny. Understanding the underlying cryptographic schemes helps engineers balance usability, auditability, and individual privacy expectations.