Vitalik Buterin - An Incomplete Guide to Stealth Addresses (Highlights)

# Vitalik Buterin - An Incomplete Guide to Stealth Addresses (Highlights) ![rw-book-cover|256](http://vitalik.ca/images/icon.png) ## Metadata **Review**:: [readwise.io](https://readwise.io/bookreview/23513071) **Source**:: #from/readwise **Zettel**:: #zettel/fleeting **Status**:: #x **Authors**:: [[Vitalik Buterin]] **Full Title**:: An Incomplete Guide to Stealth Addresses **Category**:: #articles #readwise/articles **Category Icon**:: 📰 **Document Tags**:: #blockchain #idea **URL**:: [vitalik.ca](https://vitalik.ca/general/2023/01/20/stealth.html) **Host**:: [[vitalik.ca]] **Highlighted**:: [[2023-01-21]] **Created**:: [[2023-02-14]] ## Highlights - Tornado Cash can hide transfers of mainstream fungible assets such as ETH or major ERC20s (though it's most easily useful for privately *sending to yourself*), but it's very weak at adding privacy to transfers of obscure ERC20s, and it cannot add privacy to NFT transfers at all. ([View Highlight](https://read.readwise.io/read/01gq9qhd2fa057fsczzvr29n27)) ^460609478 - A stealth address is an address that can be generated by either Alice or Bob, but which can only be controlled by Bob. Bob generates and keeps secret a **spending key**, and uses this key to generate a **stealth meta-address**. He passes this meta-address to Alice (or registers it on ENS). Alice can perform a computation on this meta-address to generate a **stealth address** belonging to Bob. ([View Highlight](https://read.readwise.io/read/01gq9qpz66h21dxwrtz93v0t4y)) ^460609809 - Another way to look at it is: stealth addresses give the same privacy properties as Bob generating a fresh address for each transaction, but without requiring any interaction from Bob. ([View Highlight](https://read.readwise.io/read/01gq9qr28zsawq5vrtwfvxqwrt)) ^460609853 - This all relies on two uses of cryptographic trickery. First, we need a pair of algorithms to generate a **shared secret**: one algorithm which uses Alice's secret thing (her ephemeral key) and Bob's public thing (his meta-address), and another algorithm which uses Bob's secret thing (his root spending key) and Alice's public thing (her ephemeral public key). This can be done in many ways; [Diffie-Hellman key exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) was one of the results that founded the field of modern cryptography, and it accomplishes exactly this. ([View Highlight](https://read.readwise.io/read/01gq9qvxb14m6gn38r2bx1hyxj)) ^460611049 - But a shared secret by itself is not enough: if we just generate a private key from the shared secret, then Alice and Bob could both spend from this address. ([View Highlight](https://read.readwise.io/read/01gq9qxttedg7j621016fy96x9)) ^460611657 - Stealth addresses using elliptic curve cryptography were originally introduced in the context of Bitcoin [by Peter Todd in 2014](https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2014-January/004020.html). ([View Highlight](https://read.readwise.io/read/01gq9qywsw21kpvqgwmgfpyht5)) ^460611698 #further-reading <https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2014-January/004020.html> - Suppose that someone sends you an NFT. Mindful of your privacy, they send it to a stealth address that you control. After scanning the ephem pubkeys on-chain, your wallet automatically discovers this address. You can now freely prove ownership of the NFT or transfer it to someone else. But there's a problem! That account has 0 ETH in it, and so there is no way to pay transaction fees. ([View Highlight](https://read.readwise.io/read/01gq9r6y9mqkr0y8rvz9sbqksf)) ^460612081