Blockchain Stealth Address Schemes

Abstract

In a blockchain system, address is an essential primitive which is used in transaction. The $\textit{Stealth Address}$, which has an underlying address info of two public keys ($A,B$ ), was developed by Monero blockchain in 2013, in which a one-time public key is used as the transaction destination, to protect the recipient privacy. At almost same time, $\textit{hierarchical deterministic wallets}$ scheme was proposed as $\textit{bip-32}$ for Bitcoin, which makes it possible to share an $\textit{extended public key}$ ($K,c$) between sender and receiver, where $K$ is a public key and $c$ is a 256-bits chain code, and only receiver knows the corresponding private key of this $K$. With the $\textit{bip-32}$ scheme, the sender may derive the child public key $K_i$ with the child number $i$ by him/herself, without needing to request a new address for each payment from the receiver, make each transaction have a different destination key for privacy. This paper introduces an improved stealth address scheme which has an underlying address data of $(A_i,B_i,i)$, where $i$ is a child number and $i\in [0,2^{31}-1]$. The sender gets the receiver’s address info $(A_i,B_i,i)$, generates a random secret number $r\in [0,2^{64}-1]$ and calculate a Pedersen commitment $C=A_iB_ih^{R^{\u27}.x}$ where $R^{\u27}=B_i^r$, then the sender may use this commitment $C$ or $Hash(C)$ as the destination key for the output and packs the $(R,i)$ somewhere into the transaction. This improved stealth address scheme makes it possible to manage multiple stealth addresses in one wallet, therefore the user is able to share different addresses for different senders