Stealth Addresses

Download quests in Questplay

Private token transfers where the identity of the sender or receiver is kept anonymous can be implemented in several ways. Among them, the use of stealth addresses offers an especially lightweight solution.

Instead of transferring directly to the receiver, the sender transfers the token to a cryptographically computed address (i.e. a stealth address). Through mathematical magic, only the receiver can compute the private key to the stealth address, and effectively has ownership of the token. There is also no way of any third party of tracing the stealth address back to the receiver's original address.

Let us take a deeper dive into the Improved Stealth Address Protocol (ISAP), an implementation of stealth addresses using elliptic curves. Given that a sender wishes to anonymously transfer a token to a receiver with public/private key pair $(P, p) (P, p)$ :

Sender chooses a secret value.
Sender computes and publishes some "published data".
$p u b l i s h e d D a t a = G * s e c r e t publishedData = G ∗ secret$
Sender computes a shared secret.
$s h a r e d S e c r e t = P * s e c r e t sharedSecret = P ∗ secret$
Sender derives a new public key from the shared secret
$s t e a l t h P u b l i c K e y = P + G * h a s h (s h a r e d S e c r e t) stealthPublicKey = P + G ∗ hash(sharedSecret)$
Sender sends the token to the address corresponding to $s t e a l t h P u b l i c K e y stealthPublicKey$ . This address is the stealth address.

G is the generator point of the chosen elliptic curve.

Now, given the publicly available $p u b l i s h e d S e c r e t publishedSecret$ and their own private key $p p$ , the receiver can compute the private key that corresponds to $s t e a l t h P u b l i c K e y stealthPublicKey$ .

Given the published data, the receiver computes the $s h a r e d S e c r e t sharedSecret$ .
$s h a r e d S e c r e t = p u b l i s h e d D a t a * p sharedSecret = publishedData ∗ p$
The receiver computes the private key to the stealth address.
$s t e a l t h P r i v a t e K e y = p + h a s h (s h a r e d S e c r e t) stealthPrivateKey = p + hash(sharedSecret)$

How is this process an anonymous transfer? Let us make two observations:

The receiver has effective ownership of the token
Only the receiver has private key $p p$ , and can compute $s t e a l t h P r i v a t e K e y stealthPrivateKey$ . Effectively, only they own the stealth address and the transferred token.

The receiver is anonymous
Thanks to public key cryptography, only the sender and recipient know sharedSecret. Hence, only these two parties can trace the connection between the recipient's public key and the newly generated public key.
In other words, to everyone else, the token has been transferred to a random address. Third parties have no way of knowing that the token has been effectively transferred to the receiver.

Your Task

Read and understand the concept of stealth addresses detailed above.

The ownership of a Cursed Grimoire is considered taboo. Owners of these books wish to hide from the eyes of the public ...