| Stealth addresses are super simple bit of crypto and also pretty easy to implement. When Peter Todd wrote a paper describing the technique for Bitcoin in Jan 2014 I wrote the first implementation. [1, 2] At the time I wanted to call them re-usable addresses, because the published address by the person wanting to receive funds is truly and privately re-usable. This is super useful for writing static addresses in places (like GitHub pages or on business cards) which don’t implicitly divulge the full transaction history for that address. So for example taking donations for your open source project without having to show a public record of all those donations. The trade-off of not having to provide a server for generating one-time addresses is that the receiver has to scan the whole blockchain and perform a bit of work to check if each one might actually be for them. Anything you do to reduce this scanning burden also reduces the privacy of the scheme, necessarily. So although the usability of the paying semantics are fantastic, the usability of receiving requires network and computation. Typical PIR trade-off. However, one thing I really love is that on the receiving side you can have just one private key which will allow you to discover all sent funds. Under the hood on the blockchain no addresses are actually being reused. So you have to scan for your funds, but they will all be there with just one key to keep secure and one public address that can be “paid-to” without being able to actually lookup any transactions that were actually sent to that address. I don’t know if they ever standardized an address form to use this scheme in Bitcoin but in my opinion it is a really fantastic way to use a public blockchain. At the time, I tried and failed to write the receiver-side scanning code into bitcoind because I didn’t know enough C++. [1] - https://www.mail-archive.com/bitcoin-development@lists.sourc... [2] - https://gist.github.com/jspilman/8396495 |