International Association for Cryptologic Research (IACR)
Abstract
In a blockchain system, address is an essential primitive which is used in transaction. The StealthΒ Address, which has an underlying address info of two public keys (A,B ), was developed by Monero blockchain in 2013, in which a one-time public key is used as the transaction destination, to protect the recipient privacy. At almost same time, hierarchicalΒ deterministicΒ wallets scheme was proposed as bip-32 for Bitcoin, which makes it possible to share an extendedΒ publicΒ key (K,c) between sender and receiver, where K is a public key and c is a 256-bits chain code, and only receiver knows the corresponding private key of this K. With the bip-32 scheme, the sender may derive the child public key Kiβ with the child number i by him/herself, without needing to request a new address for each payment from the receiver, make each transaction have a different destination key for privacy. This paper introduces an improved stealth address scheme which has an underlying address data of (Aiβ,Biβ,i), where i is a child number and iβ[0,231β1]. The sender gets the receiverβs address info (Aiβ,Biβ,i), generates a random secret number rβ[0,264β1] and calculate a Pedersen commitment C=AiβBiβhR2Λ7.x where R2Λ7=Birβ, then the sender may use this commitment C or Hash(C) as the destination key for the output and packs the (R,i) somewhere into the transaction. This improved stealth address scheme makes it possible to manage multiple stealth addresses in one wallet, therefore the user is able to share different addresses for different senders