Skip to main content

Glossary Cryptography and payment

Stealth address

Also: stealth addresses, one-time output address

Origin: The construction is attributed in modern form to a 2011 Bytecoin / Cryptonote whitepaper; the Monero implementation is documented in the official protocol specification.

A cryptographic addressing scheme in which a single published wallet address (the 'view-and-spend' key pair) corresponds to a sequence of one-time output addresses derived per transaction. Chain observers see distinct receiving addresses for each payment, breaking the on-chain linkability that conventional addresses expose.

Reviewed

A stealth address is a cryptographic addressing scheme in which a single published wallet address corresponds, on the chain, to a sequence of one-time output addresses — one per incoming transaction. The published address is essentially a pair of public keys (a “view key” and a “spend key”); the sender derives a one-time output address from the published keys and a per-transaction nonce, and the receiver derives the matching one-time spend key from the same nonce and their private keys.

The privacy property the scheme procures is on-chain receive-side unlinkability. A chain observer scanning the output set of every transaction sees a sequence of distinct addresses; the observer cannot determine, without the receiver’s view key, that any of them belong to the same wallet. The receiver, in possession of the view key, can scan the chain and identify outputs addressed to their wallet; the sender, without the receiver’s view key, cannot verify that an output they constructed was received (a property that motivates the optional “payment proof” Monero exposes).

The scheme composes with ring signatures — which break input-linkability — and with RingCT — which hides amounts — to produce Monero’s default-private transaction surface. None of the three primitives suffices alone; the privacy comes from their composition.

Bitcoin does not implement stealth addresses at the protocol level; the equivalent on Bitcoin is wallet-level discipline (a fresh receiving address per invoice, never reusing an address) plus output-mixing techniques such as CoinJoin to break input-linkability after the fact. The contrast is operational: on Monero the receive-side unlinkability is automatic and default; on Bitcoin it requires deliberate user choices and remains contestable against a sufficiently-motivated chain analyst.

For an offshore-hosting operator that accepts Monero — including OffshorePress — the stealth-address mechanism is what permits a single published wallet address per payment route while ensuring that distinct subscribers (and successive payments from the same subscriber) cannot be linked through their receive-side on-chain activity. The operational picture is in the Monero payment dossier.