> Basic stealth addresses can be implemented fairly quickly today, and could be a significant boost to practical user privacy on Ethereum. They do require some work on the wallet side to support them

So how easy is it realistically? I hope it's not going to un-ergonomic like PGP where novices are sometimes seeing to be pasting their private key into e-mails and sending things in plaintext which should have been ciphertext, or otherwise leaking info.

I imagine you have to be really careful not to mess things up here.

There’s no reason for there to be any sharp edges or foot guns.

The “meta-address” published by the receiver has everything in it needed to generate a one time address on the sender side, and it should all “just work” from a sender’s wallet perspective once a standard is reached.

There’s nothing a sender can do wrong really unless the wallet code is broken. On the receiver side the private key will never look like an “address” so it would be hard to confuse the two.

Oh, there's WKD: Web Key Directory https://wiki.gnupg.org/WKD#How_does_an_email_client_use_WKD....

  gpg --homedir "$(mktemp -d)" --verbose --locate-keys your.email@example.org

  https://example.org/.well-known/openpgpkey/hu/0t5sewh54rxz33fwmr8u6dy4bbz8itz2

Is there a pinned certificate for `gpg recv-keys` (that isn't possible with WKD) https://en.wikipedia.org/wiki/Key_server_(cryptographic)#Pro... ?

WKD and HKP depend upon TLS and preshared CA certs (PKI or pinned certificates) in all forms AFAIU:

  # HKP, HTTPS
  gpg --recv-keys an.email@example.org
  # WKD
  gpg --locate-keys your.email@example.org

Who is trusted with read/write to all keys on the HTTP pubkey server?

W3C DIDs are encodable into QR codes, too. And key hierarchy is optional with DIDs.

(Edit)

https://www.w3.org/TR/did-core/#did-controller :

> DID Controller

> A DID controller is an entity that is authorized to make changes to a DID document. The process of authorizing a DID controller is defined by the DID method.

> The controller property is OPTIONAL. If present, the value MUST be a string or a set of strings that conform to the rules in 3.1 DID Syntax. The corresponding DID document(s) SHOULD contain verification relationships that explicitly permit the use of certain verification methods for specific purposes.

> When a controller property is present in a DID document, its value expresses one or more DIDs. Any verification methods contained in the DID documents for those DIDs SHOULD be accepted as authoritative, such that proofs that satisfy those verification methods are to be considered equivalent to proofs provided by the DID subject.

/? "Certificate Transparency" blockchain / dlt ... QKD, ... Web Of Trust and temp keys

What does Interledger Protocol say about these an in-band / in-channel signaling around transactions?

https://westurner.github.io/hnlog/ Ctrl-F "SPSP"

> https://github.com/interledger/rfcs/blob/master/0009-simple-... :

> Relation to Other Protocols: SPSP is used for exchanging connection information before an ILP payment or data transfer is initiated

RFC 8905 specifies "The 'payto:' URI Scheme for Payments" and does support ILP addresses https://www.rfc-editor.org/rfc/rfc8905.html#name-tracking-pa... https://datatracker.ietf.org/doc/rfc8905/ :

> 7. Tracking Payment Target Types

> A registry of "Payto Payment Target Types" is described in Section 10. The registration policy for this registry is "First Come First Served", as described in [RFC8126]. When requesting new entries, careful consideration of the following criteria [...]

DID URIs are probably also already payto: URI-scheme compatible but not yet so registered?

ILP Addresses - v2.0.0 https://interledger.org/rfcs/0015-ilp-addresses/ :

> ILP addresses provide a way to route ILP packets to their intended destination through a series of hops, including any number of ILP Connectors. (This happens after address lookup using a higher-level protocol such as SPSP.) Addresses are not meant to be user-facing, but allow several ASCII characters for easy debugging.

Thanks for the article. If you're a newbie and want to learn about stealth address, I'd suggest also https://serhack.me/articles/what-is-stealth-address-technolo...

I was looking for an article about this, thanks !

Stealth addresses are beneficial for large amounts.

For example:

- 0x1... stealth address have 5USDC

- 0x2... stealth address have 5USDC

- 0x3... stealth address have 5USDC

Now I want to pay 9USDC to 0x4..., how do I do that?

0x1... -> 0x4... = 3USDC (gas transfer ERC20 ~2USDC)

0x2... -> 0x4... = 3USDC (gas transfer ERC20 ~2USDC)

0x3... -> 0x4... = 3USDC (gas transfer ERC20 ~2USDC)

And since you spend from different addresses in one transaction, in theory you can reveal your identity.

These types of addresses are useful for publishing static directions for receiving payment (what they call a “meta-address”) that doesn’t then reveal every transaction that has been sent to it.

It is orthogonal to / does not impact sender privacy whatsoever, and likewise doesn’t help the receiver maintain privacy when they try to spend those coins if they get intermingled with other coins that could be tracked.

Even if 0x4... is also a meta address, and you send the USDC to three different stealth addresses derived from the meta 0x4... instead of to 0x4..., the three transactions could be linked to you by observing the timing of the first and second batch, and noticing they were all sent together both times.

But still, it's definitely better than the current horrible status quo, where users don't have even the most rudimentary protection against having their privacy compromised.

I've already built a fully working prototype of all of this, and am looking for funding to complete it. It also supports a number of other things such as pay-to-mail that have been talked about for years.

https://web.stampchat.io

> Bob did not receive an asset that Alice previously stole from Carol

Yes like how we have perfect tracking of physical assets today

> If Bob received an asset as income, then he needs to pay a portion of it in taxes to continue receiving water, sanitation, emergency services, etc.

Yes like how the IRS has perfect tracking of every dollar bill in the US

> The asset Bob received isn't evidence of a crime (such as terrorism or child pornography), that while Bob may not have committed, his desire to receive it generated the demand that incentivized the commission of the crime.

Yup. the only way to prevent crime is to violate the privacy of every individual on the planet. We should expose everything that everyone has ever bought to the public so the government can make sure we are behaving.

> you are replacing something that is one of the core building blocks of our society.

I agree. Our society is built on the long standing tradition of the English Monarchy, and we should avoid changing things that fundamental to how we live.

——

Sarcasm aside, I’m trying to point out that everything you’re advocating for here is an expansion of government capabilities. Governments do not have complete information today, and we are better off because of it.

This isnt a good argument.

Something in your brain makes you believe that you should know what other people are doing.

It is almost funny to read as you point out the logical fallacy of your position and then promptly ignore it. Perhaps funny if so many people didnt also share your incessant belief that other people don't have a right to privacy

Technical privacy is fundamentally a difficult technology to integrate into the tax system and the systems of financial repression that are in vogue.

But there are some fun dots to connect:

- The absolute failure of things like the War on Drugs

- Frequent problems with government enforcement of capital controls (eg, China)

- Success of wealthy people in maintaining offshore assets to avoid taxation

- It is expensive for government agents to confiscate crypto from individuals. Technically it is impossible without their cooperation

- It is very expensive to prove that someone is dabbling in privacycoins

So even if you are spot on with your concerns, how do you plan to stop me using privacy technology? Or anyone else for that matter? Ban general purpose computing? That'll hurt you a lot more than it helps.

When I order a cheeseburger and pay with cash, the clerk is always cautious to ensure that the cash I provide wasn't previously stolen. After enjoying my meal, I always make sure to thoroughly investigate the diner after to ensure that they pay their fair share of taxes.

Granted. What about when you make a transaction over 10k?

No, but your bank has reporting requirements when you want to deposit that money.

You're making assumptions about what anyone receiving money should do. No no no.

I think you've got that arse about. Don't you want to know that the car you just bought wasn't stolen?

That's a function of the car, not the payment mechanism. I look up the VIN and review the title before I buy the car...

$10k today, or in 40 years when that's how much I need to pay for a cheeseburger?

You expect 18.85% annualized inflation for the next 40 years?

Today, for KYC requirements.

> Inserting memes of 2017-era (or older) crypto scam figures is an important technique that writers can use to signal erudition and respectableness...

Possibly my favourite part of the article

TLDR:

- Create two keypairs.

- Use ECDH to derive a shared secret.

- Use secret to tweak pubkey of the recipient.

- Send money to the tweaked (and hashed) pubkey.

- Recipient has to keep an eye out for this tweaked key on the blockchain.

Meta: I think this title would benefit from an "Ethereum:" prefix, or something.

As written, it's not at all clear what the context and topic are, unless you're supposed to recognize that from the domain name (I did not, and I would say it's not a domain seen often on the front page).

It's fine for titles not to be completely self-explanatory

https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...