ERGO
Privacy & Sigma Protocols
Intermediate
2-4 hours

Privacy-Friendly One-Time Receive Pattern

Generate one-time addresses/boxes for better transaction graph privacy

GitHub

Problema

Reusing addresses links all your transactions together, reducing privacy. Anyone can see your full transaction history.

Solución

Generate unique one-time addresses for each receive. Using Diffie-Hellman key exchange, sender creates a box only the receiver can spend, without revealing the receiver's main address.

Cómo funciona

  1. 1Receiver publishes a public key (or derives from main address)
  2. 2Sender generates ephemeral keypair for this transaction
  3. 3Sender computes shared secret via ECDH
  4. 4Sender creates box spendable by derived one-time key
  5. 5Receiver scans blockchain for boxes they can spend
  6. 6Receiver derives private key from shared secret to spend

Ejemplos de código

These snippets are educational references. Before using them with real funds, pin the exact SDK/compiler versions, validate register encodings, add collection-size guards before indexing arrays, publish test vectors, and keep production deployment behind an explicit review/audit gate.

{
  // One-time receive box
  // R4: Ephemeral public key (sender's temporary key)
  // R5: Encrypted memo (optional)

  // The box is spendable by the one-time key derived from:
  // oneTimePrivKey = receiverPrivKey * hash(sharedSecret)
  // sharedSecret = ECDH(ephemeralPriv, receiverPub)
  //              = ECDH(receiverPriv, ephemeralPub)

  val ephemeralPubKey = SELF.R4[GroupElement].get

  // The proposition is a standard proveDlog
  // but the public key is the one-time derived key
  // Receiver computes: oneTimePub = receiverPub * hash(sharedSecret)

  proveDlog(oneTimePubKey)
}

One-time receive box. The spending key is derived from shared secret, only computable by the intended receiver.

Casos de uso

  • Private donations
  • Salary payments
  • Merchant payments
  • Anonymous tips
  • Privacy-preserving invoices

Consideraciones de seguridad

  • !Store receiver private key securely
  • !Scan regularly for incoming payments
  • !Consider timing attacks when spending
  • !Use with mixing for enhanced privacy
  • !Ephemeral keys must be truly random

Implementaciones reales

ErgoMixer

Privacy-focused wallet features

Recursos

Privacy on ErgoStealth AddressesErgoMixer
Consideraciones de comisiones

Standard transaction fees. Scanning requires indexing or full node access.

Patrones relacionados

Sigma OR Access Control (Either-Or Spend)Babel Fee Box Pattern (Token-Based Fee Conversion)

¿Qué sigue?

Ver todos los patrones

18 patrones disponibles

Explorar guías

Guías paso a paso

Recursos para desarrolladores

Kit completo de desarrollo

Mejora tus habilidades en ErgoScript

Recibe notificaciones sobre nuevos patrones, tutoriales y recursos para desarrolladores.

Follow for daily updates