Skip to main content

Stealth Addresses

Platus uses re-randomizable stealth addresses to enable unlinkable payments. Any third party can generate one-time addresses for a recipient without knowing their viewing key or linking addresses together.

Definition

A stealth address is a pair of Baby Jubjub points (H1, H2) satisfying:

vk×H1=H2\text{vk} \times \text{H1} = \text{H2}

where vk is the recipient's viewing key.

Generation

By Third Party (Sender)

To generate a stealth address for a recipient with identity key ik=[vk]Gik = [vk]G

  1. Generate random scalar rFrr \in \mathbb{F}_r

  2. Compute H1=[r]GH_1 = [r]G

  3. Compute H2=[r]ikH_2 = [r]ik

Output: (H1,H2)(H_1, H_2)

By Recipient (Self-Generation)

A recipient can generate their own stealth address from thier viewing key:

  1. Generate random scalar rFrr \in \mathbb{F}_r

  2. Compute H1=[r]GH_1 = [r]G

  3. Compute H2=[rvk]GH_2 = [r \cdot vk]G

Output: (H1,H2)(H_1, H_2)

Finding own address

To check if a stealth address belongs to the user, the recipient:

  1. Receives (H1,H2)(H_1, H_2) from the blockchain.

  2. Computes H2=[vk]H1H_2' = [vk]H_1

  3. Checks if H2=H2H_2' = H_2

If equal, the address belongs to the recipient.

Proof:

H2=[vk]H1=[vk][r]G=[rvk]G=H2H_2' = [vk]H_1 = [vk][r]G = [r \cdot vk]G = H_2