Stealth address (anonymous payments)

[bitpop]

Sender uploads a pubkey and nonce (secret which appears as a bunch of random characters) to the network via OP_RETURN function, and sends some money to the generated address

Just to make sure I got it right: by the pubkey you mean stealth-address, and by nonce you mean private-key-to-actual-address encrypted by pubkey/stealth-address. Is it correct?

Nonce could literally mean nonce which you use against a curve

[Abdussamad]

Sorry, to bump up this thread but I have a question regarding stealth addresses. If you only have the stealth address and the nonce can you derive the "normal" bitcoin address to which the payment was made?

[bitpop]

Sorry, to bump up this thread but I have a question regarding stealth addresses. If you only have the stealth address and the nonce can you derive the "normal" bitcoin address to which the payment was made?

I think so because that's how the payer pays

[Abdussamad]

Sorry, to bump up this thread but I have a question regarding stealth addresses. If you only have the stealth address and the nonce can you derive the "normal" bitcoin address to which the payment was made?

I think so because that's how the payer pays

Well I'm not an expert but it doesn't look like its possible without the private key behind the stealth address or the key pair the payer generated.

initiate stealth: https://github.com/spesmilo/sx/blob/master/src/sx-stealth-send
uncover stealth: https://github.com/spesmilo/sx/blob/master/src/sx-stealth-recv

In my scenario only the stealth address and nonce are known. S1 and c are not known.

[bitpop]

Sorry, to bump up this thread but I have a question regarding stealth addresses. If you only have the stealth address and the nonce can you derive the "normal" bitcoin address to which the payment was made?

I think so because that's how the payer pays

Well I'm not an expert but it doesn't look like its possible without the private key behind the stealth address or the key pair the payer generated.

initiate stealth: https://github.com/spesmilo/sx/blob/master/src/sx-stealth-send
uncover stealth: https://github.com/spesmilo/sx/blob/master/src/sx-stealth-recv

In my scenario only the stealth address and nonce are known. S1 and c are not known.

I'm under the assumpion they send to a normal address which is randomly generated. Then they give you the nonce so you know which one. Perhaps you're also thinking of getting the private key which isn't possible but part of receive.

Try forcing the nonce in the send function.

[Abdussamad]

I'm under the assumpion they send to a normal address which is randomly generated. Then they give you the nonce so you know which one. Perhaps you're also thinking of getting the private key which isn't possible but part of receive.

Try forcing the nonce in the send function.

I am thinking of a random observer who has two public pieces of data i.e. the nonce, which was posted on some forum somewhere as outlined in the stealth address docs, and the stealth address which he suspects is the intended recipient of the coins. He wants to connect the two and the only way to do that is to derive the regular bitcoin address (using just the nonce and stealth address) and then check if that regular address has coins in it. The diffie-helman key exchange seems to make that impossible.