Member preview

So How Do We Anonymise Our Transactions? Stealth Addresses in Blockchain

Towards a GDPR era

Due to privacy concerns, we increasingly live in a world where we need to anonymise our transactions. Along with this we need a world which is more trustworthy, and where we properly digitally sign transactions. But how can we create an infrastructure for our transactions, so that someone can receive payments, but without revealing their identity?

Core Blockchain is not so private

The first version of Blockchain just setup a running system where one address could send another address some funds. Basically a sender (a payor) added a transaction of “Pay this address some bitcoins”, and then signed it with the private key of the payor. The recipient (the payee) then had the private key associated with the address that had been paid, and could then sign for it to be paid to someone else (by signing with the private key of the payor).

These addresses are pseudo anonymous, as the system need to determine if an address has enough cryptocurrency in its account to make the payment. The problem with this, though, is that we can easily map an address to a person if we know their public address, and determine all their interactions and payments. While this is acceptable for publicly defined donations, it is not so good for revealing your shopping habits.

One way to overcome this is with a stealth address. So let’s say that Bob is the sender (the payor) and Alice is the recipient (the payee) of two Eve coins. Alice will advertise her address on her web site — this is the stealth address, but she doesn’t actually receive funds for that address. When Bob wants to send her some Eve coins, Alice passes her public address and Bob generates a random value, and passes a value back to Alice which she can use to generate the same address. He then creates a new public address that Bob and Alice will know. Alice can then derive the private key associated with this address (but no one else can, not even Bob). Each sender can then determine the payments that they sent to a given recipient, but cannot see any other transactions to them.

The detail

You may want to go and have a look at elliptic curve cryptography before you read the next part [here], and especially on the Elliptic curve Diffie-Hellman (ECDH) method [here].

So let’s go into the detail. Bob is the payor (the sender) and Alice is the payee (the recipient). Alice will have her private key (d) and a public key Q, and where Q=dG (where G is a point on an elliptic curve). She then passes this public key (Q) to Bob. Bob then generates a random value (e), and computes P ) which is eQ. He passes back P to Alice. The shared secret will then be dP (which is the same as eQ). Bob will now be able to generate a new recipient address based on this shared secret (and which Alice will also know). As Bob would be able to spend the transaction, the recipient address is modified so that only Alice can derive the private key associated with the address:

In this we will see that Bob will sign the transaction with his public key and use the newly generated recipient address — which will not be Alice’s address. Only Alice will then have the private key which can be used to transfer the funds somewhere else.


The first version of Blockchain used key pairs which could be used to identity the addresses of the parties involved. New methods are now being applied which can hide the source and destination of a transaction and also the amount of the transaction. Stealth addresses are thus one method of achieving this, and where only those involved in a transaction can actually reveal the details.

Like what you read? Give Prof Bill Buchanan OBE a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.