Privacy-Friendly One-Time Receive Pattern
Generate one-time addresses/boxes for better transaction graph privacy
问题
Reusing addresses links all your transactions together, reducing privacy. Anyone can see your full transaction history.
解决方案
Generate unique one-time addresses for each receive. Using Diffie-Hellman key exchange, sender creates a box only the receiver can spend, without revealing the receiver's main address.
工作原理
- 1Receiver publishes a public key (or derives from main address)
- 2Sender generates ephemeral keypair for this transaction
- 3Sender computes shared secret via ECDH
- 4Sender creates box spendable by derived one-time key
- 5Receiver scans blockchain for boxes they can spend
- 6Receiver derives private key from shared secret to spend
代码示例
These snippets are educational references. Before using them with real funds, pin the exact SDK/compiler versions, validate register encodings, add collection-size guards before indexing arrays, publish test vectors, and keep production deployment behind an explicit review/audit gate.
{
// One-time receive box
// R4: Ephemeral public key (sender's temporary key)
// R5: Encrypted memo (optional)
// The box is spendable by the one-time key derived from:
// oneTimePrivKey = receiverPrivKey * hash(sharedSecret)
// sharedSecret = ECDH(ephemeralPriv, receiverPub)
// = ECDH(receiverPriv, ephemeralPub)
val ephemeralPubKey = SELF.R4[GroupElement].get
// The proposition is a standard proveDlog
// but the public key is the one-time derived key
// Receiver computes: oneTimePub = receiverPub * hash(sharedSecret)
proveDlog(oneTimePubKey)
}One-time receive box. The spending key is derived from shared secret, only computable by the intended receiver.
使用场景
- →Private donations
- →Salary payments
- →Merchant payments
- →Anonymous tips
- →Privacy-preserving invoices
安全注意事项
- !Store receiver private key securely
- !Scan regularly for incoming payments
- !Consider timing attacks when spending
- !Use with mixing for enhanced privacy
- !Ephemeral keys must be truly random
参考资源
Standard transaction fees. Scanning requires indexing or full node access.