Post by congregatio on Dec 29, 2014 8:10:12 GMT 4
A stealth address looks like this: vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L
When you send funds to a stealth address, you create a data containing (OP_RETURN) output and a normal output to a one-time use Bitcoin address. The latter output contains the money you actually wish to send, while the former output contains some data which looks, to observers of the blockchain, like a bunch of indecipherable garbage.
Here's an example:
Tx hash 6ea5c6f1a97f382f87523d13ef9f2ef17b828607107efdbba42a80b8a6555356 blockchain.info/tx/6ea5c6f1a97f382f87523d13ef9f2ef17b828607107efdbba42a80b8a6555356
Output 0: OP_RETURN 06706d409903a6b5dad3f703d00d03dbae5430a136f56d5c2dff7e5f18d12594b22558597cde (Null data push that is pruneable from the blockchain history)
Output 1: OP_DUP OP_HASH160 1cabd296e753837c086da7a45a6c2fe0d49d7b7b OP_EQUALVERIFY OP_CHECKSIG (Send funds to 13cbkpKW2DdhEUmeGC2h9HyxbBdtc7Wcth)
So, when you send money from Bob to Alice using a stealth address, what's basically going on from a privacy perspective?
(1) Bob looks at Alice's stealth address. He then creates a data output (which goes in the first output of the transaction) and generates a unique, one time use Bitcoin address.
(2) Bob sends the money to this unique address along with publishing the other data he generated in the transaction.
(3) Alice scans the blockchain and, using her private key, is able to decipher which transaction outputs belong to her by individually checking each new transaction for stealth outputs.
(4) After discovering the transaction output belonging to her from Bob, Alice recovers the private key to the unique, one time use Bitcoin address using the information given by Bob in the first output in his transaction.
To everyone else observing, it's impossible to tell that Alice was sent money. The only thing that they can tell is that Bob sent money to a stealth output, and that's if Bob himself didn't receive his funds as the result of stealth output and his address is somehow already known.
Using stealth addresses, it will be impossible for someone to tell where your money is being sent. The only thing obviously visible is the amount sent. In the future, a Bitcoin sidechain, such as that proposed by andytoshi and gmaxwell, may have mandatory stealth addressing as found in altcoins such as Monero; however, the technology is currently available for use in Bitcoin using simple OP_RETURN scripts.
There is a downside to this technology: to receive coins, you need to scan every incoming Bitcoin transaction to see if it might have an output belonging to you. However, I'm sure if you care about the privacy of your customers and their ability to be able to send funds to you in the future, the benefits more than outweigh the costs!
Current software/clients supporting stealth transactions include:
Dark Wallet
sx
libbitcoin (and obelisk)
When you send funds to a stealth address, you create a data containing (OP_RETURN) output and a normal output to a one-time use Bitcoin address. The latter output contains the money you actually wish to send, while the former output contains some data which looks, to observers of the blockchain, like a bunch of indecipherable garbage.
Here's an example:
Tx hash 6ea5c6f1a97f382f87523d13ef9f2ef17b828607107efdbba42a80b8a6555356 blockchain.info/tx/6ea5c6f1a97f382f87523d13ef9f2ef17b828607107efdbba42a80b8a6555356
Output 0: OP_RETURN 06706d409903a6b5dad3f703d00d03dbae5430a136f56d5c2dff7e5f18d12594b22558597cde (Null data push that is pruneable from the blockchain history)
Output 1: OP_DUP OP_HASH160 1cabd296e753837c086da7a45a6c2fe0d49d7b7b OP_EQUALVERIFY OP_CHECKSIG (Send funds to 13cbkpKW2DdhEUmeGC2h9HyxbBdtc7Wcth)
So, when you send money from Bob to Alice using a stealth address, what's basically going on from a privacy perspective?
(1) Bob looks at Alice's stealth address. He then creates a data output (which goes in the first output of the transaction) and generates a unique, one time use Bitcoin address.
(2) Bob sends the money to this unique address along with publishing the other data he generated in the transaction.
(3) Alice scans the blockchain and, using her private key, is able to decipher which transaction outputs belong to her by individually checking each new transaction for stealth outputs.
(4) After discovering the transaction output belonging to her from Bob, Alice recovers the private key to the unique, one time use Bitcoin address using the information given by Bob in the first output in his transaction.
To everyone else observing, it's impossible to tell that Alice was sent money. The only thing that they can tell is that Bob sent money to a stealth output, and that's if Bob himself didn't receive his funds as the result of stealth output and his address is somehow already known.
Using stealth addresses, it will be impossible for someone to tell where your money is being sent. The only thing obviously visible is the amount sent. In the future, a Bitcoin sidechain, such as that proposed by andytoshi and gmaxwell, may have mandatory stealth addressing as found in altcoins such as Monero; however, the technology is currently available for use in Bitcoin using simple OP_RETURN scripts.
There is a downside to this technology: to receive coins, you need to scan every incoming Bitcoin transaction to see if it might have an output belonging to you. However, I'm sure if you care about the privacy of your customers and their ability to be able to send funds to you in the future, the benefits more than outweigh the costs!
Current software/clients supporting stealth transactions include:
Dark Wallet
sx
libbitcoin (and obelisk)