Definition:
A stealth address is a privacy mechanism where a sender generates a fresh, one-time Ethereum address for each payment to a recipient, derived from the recipient’s public key — so the recipient can claim the funds with their private key, but no on-chain observer can link the receiving address to the recipient’s known identity or wallet address. ERC-5564 standardizes stealth address generation and detection for Ethereum, making privacy-preserving asset receiving natively usable in wallets and DApps without requiring a mixer or trusted system.
The Privacy Problem Stealth Addresses Solve
In standard Ethereum usage:
- When someone pays you, the payment is permanently linked on-chain:
0xSender → 0xYourAddress - Anyone watching your address sees all your incoming payments
- Publishing an ENS name or wallet for donations creates a surveillance surface: every payment reveals metadata about donors and amounts
Stealth addresses break this linkage. The recipient’s “stealth meta-address” is public; every individual payment uses a fresh, unlinkable address derived from it.
Cryptographic Mechanism (ECDH)
Stealth addresses work via Elliptic Curve Diffie-Hellman (ECDH) key agreement:
Setup — Recipient publishes stealth meta-address:
The recipient generates two key pairs:
- Spending key pair:
(s, S)whereS = s·G - Viewing key pair:
(v, V)whereV = v·G
Their stealth meta-address encodes (S, V).
Sending:
- Sender generates ephemeral key pair
(r, R)whereR = r·G - Sender computes shared secret
h = HashToPoint(r·V)using ECDH with the viewing public key - Stealth address =
pubkey_to_address(h·G + S)— a new address derived from the shared secret and spending key
Receiving:
- Recipient scans all transactions for ephemeral public keys
Rposted to the Ethereum announcement contract - For each
R, computesh = HashToPoint(v·R)(same ECDH result becausev·R = r·V) - Checks if
pubkey_to_address(h·G + S)has a balance - If yes, the stealth private key =
s + h— allowing spending from that address
Privacy guarantee:
Only the recipient (with viewing key) can scan for incoming payments. Only the recipient (with spending key) can spend. The sender and recipient share a secret that only they can compute.
ERC-5564: Standardized Stealth Addresses
ERC-5564 defines a standard interface for Ethereum stealth address generation and detection:
- Defines the
StealthAddressesERC5564contract (Announcer) — a permissionless contract where senders post ephemeral public keys as events - Defines key formatting for stealth meta-addresses
- Supports multiple cryptographic curves (secp256k1, bn254)
- Gives wallets a clear spec for implementing stealth address generation
EIP-6538: Stealth Meta-Address Registry
EIP-6538 defines an on-chain registry contract where users publish their stealth meta-address:
- Users call
registerKeys(schemeId, stealthMetaAddress)to publish their keys - DApps and wallets query the registry to get a recipient’s stealth meta-address before sending
- Supports ENS integration — resolve
alice.eth→ stealth meta-address
Together, ERC-5564 + EIP-6538 form a complete, standard stealth address system for Ethereum.
Umbra: The First Stealth Address Implementation
Umbra (umbra.cash) was a pre-ERC-5564 stealth address protocol launched on Ethereum Mainnet:
- Supported ETH and ERC-20 token stealth transfers
- Used the same ECDH mechanism but with a custom registry contract
- Demonstrated demand for private, non-custodial payment receiving
- Now largely superseded by ERC-5564-compatible implementations
Monero’s Stealth Addresses (Reference)
Monero’s privacy model uses stealth addresses by default for all transactions. Every Monero transaction generates a one-time address for the recipient derived from a Diffie-Hellman exchange. This is the inspiration for Ethereum’s ERC-5564 approach.
Limitations and Considerations
| Limitation | Detail |
|---|---|
| Gas cost to claim | Recipient must send a transaction to move funds out of the stealth address (pays gas from the stealth address) — requires some ETH for gas |
| Scanning overhead | Wallet must monitor ERC-5564 announcements regularly to detect incoming payments |
| ERC-20 gas problem | Claiming ERC-20 tokens requires ETH for gas in the stealth address — requires a gas subsidy mechanism or a paymaster |
| Not metadata-blind | Amount is visible; only sender-receiver linkage is hidden (unlike Zcash which also hides amounts) |
ERC-5564 gas solutions:
- Paymasters (ERC-4337 Account Abstraction) can cover gas for stealth address claims
- Wrapped ETH approaches to bootstrap gas
Related Terms
Sources
- ERC-5564: Stealth Addresses — Official EIP defining the stealth address standard for Ethereum.
- EIP-6538: Stealth Meta-Address Registry — EIP defining the on-chain registry for stealth meta-addresses.
- Umbra Protocol — First major Ethereum stealth address implementation.
- Ethereum Foundation — Stealth Addresses — Overview in the Ethereum documentation.
Last updated: 2026-04