Who is this for? Developers, integrators, and advanced users who want to understand or build on stealth address technology and the x402 standard.
This document explains the cryptography, address derivation, and integration details behind stealth addresses in the x402 payment protocol.

What are Stealth Addresses?

Stealth addresses are a privacy-enhancing technology for blockchain payments. They allow a recipient to publish a single address, while each payment is sent to a unique, unlinkable address on-chain.
Stealth addresses prevent observers from linking multiple payments to the same recipient, even if the stealth address is reused.

How Stealth Addresses Work

  1. Key pairs: The recipient generates a stealth address, which is derived from two key pairs:
    • A scan key (public/private)
    • A spend key (public/private)
  2. Stealth address: The recipient shares the stealth address (usually a combination of the scan and spend public keys).
  3. Sender derives one-time address:
    • The sender generates an ephemeral key pair.
    • Using the recipient’s scan public key and the sender’s ephemeral private key, the sender computes a shared secret.
    • The sender uses this secret and the recipient’s spend public key to derive a unique one-time public key (address).
  4. Payment: The sender sends funds to the one-time address. The ephemeral public key is included in the transaction.
  5. Detection: The recipient’s wallet scans the blockchain, using their scan private key and the ephemeral public key from each transaction to compute the shared secret and check if the one-time address belongs to them.
  6. Spending: If a match is found, the recipient can use their spend private key and the shared secret to spend the funds.
// Sender side
const sharedSecret = ecdh(ephemeralPrivKey, recipientScanPubKey);
const oneTimePubKey = add(recipientSpendPubKey, hash(sharedSecret));
// Recipient side
const sharedSecret = ecdh(scanPrivKey, ephemeralPubKey);
const oneTimePrivKey = add(spendPrivKey, hash(sharedSecret));

Security Properties

  • Unlinkability: Each payment uses a new address, unlinkable to the stealth address or other payments.
  • Forward secrecy: Compromising a single one-time address does not reveal others.
  • Receiver privacy: Only the recipient can detect and spend the funds.
If the scan or spend private keys are lost, funds cannot be recovered. Always back up your keys securely.

Integration Steps

  1. Wallets: Implement stealth address generation (scan/spend key pairs) and blockchain scanning for one-time addresses.
  2. Senders: Add support for ephemeral key generation and one-time address derivation.
  3. Transactions: Include the ephemeral public key in each payment transaction.
  4. User experience: Hide complexity—users only see their stealth address and balance.

References

For a user-focused guide, see the Unwallet User Guide.
See also: Fluid Key Implementation for a product-specific example and UX.