Are Stealth Addresses the Secret to Bitcoin Privacy?
Published on January 16, 2014 at 10:00 BST
“So far, [bitcoin users have] had to pick between simplicity and privacy,” bitcoin core developer Mike Hearn told CoinDesk. “Stealth addresses let us have our cake and eat it.”
Hearn’s reaction echoes others who have seen the block chain improvements proposed in a new paper by noted bitcoin developer Peter Todd, based on input from: Gregory Maxwell, Adam Back and Amir Taaki.
Released via SourceForge on 6th January, the paper details the creation of a stealth address: a new type of bitcoin address that is being heralded as “revolutionary” for its ability to allow more anonymous payments on the block chain. As the report reads:
“[The stealth address would] allow payees to publish a single, fixed address that payors can [use to] send funds efficiently, privately, reliably and non-interactively.”
The primary benefit, the paper says, is that payors would not learn of other payments made to stealth addresses, while third-parties would not glean any information from the transaction at all.
As such, the paper is fast gaining the attention of developers for its perceived potential to curb the privacy problems related to address reuse. Namely, that it is currently possible for an attacker to learn the outputs owned by a wallet address and use this information to link payments together.
However innovative, report author Peter Todd sees the paper in less grandiose terms – stressing that this is just a small improvement that will make bitcoin better, he said:
“This just makes it more convenient for regular users to do the right thing and maintain their own privacies. This is about making [bitcoin privacy] easier for normal people.”
Furthermore, Todd distanced the associations between this update and the privacy-focused virtual currency Zerocoin.
“It probably should have done ages ago, but sometimes the pieces don’t fall together and people don’t realize the implications of things,” Todd told CoinDesk.
Stealth addresses rely on the Elliptic curve Diffie-Hellman algorithm, originally used by Bitcointalk.org forum member ByteCoin, to generate an anonymous key agreement between payors and payees, enabling them to share a “secret” that can be used for them to divide funds.
A step-by-step diagram posted to imgur.com illusrates how Stealth addresses work in four steps:
- The payee publishes a public key ‘Q‘ and a corresponding private key ‘d‘.
- The payer generates a key pair where the private key = ‘e‘ public key of ‘P‘ where ‘P‘ is the transaction.
- The payer calculates ‘S=eQ‘, where ‘S‘ is a shared secret between the two parties. The payee calculates ‘S=dP‘ to get ‘S‘.
- With the secret shared, either side can calculate an offset to ‘Q‘, which acts as the address. The payee then checks the transaction, and if the address matches, spends the funds.
Tood downplayed concerns that the extra coding would add complexity to the block chain, calling it a “fairly simply process” that “only needs a single piece of data”.
“You’re still only looking at single transactions in isolation,” Todd said.
Going forward, Todd says he’ll work with collaborators Gregory Maxwell and Adam Back to come to a reasonable specification for a bitcoin improvement protocol (BIP). If a consensus can be determined, Todd says clients will then implement the upgrade. However, early indications are promising.
“Peer review is still ongoing but there hasn’t been any negative feedback, so this could really be something big,” Reddit user Tharlam indicated.
For more on stealth addresses, read the full text of the paper here.
Chain Image via Shutterstock
Chinese Central Bank Official: We Don't Want to Suppress...
'Heated' Bitcoin Debate Flares at Asian Financial Forum