This is an ad. Ads are not endorsed by BitMixList.

Bitcoin Stealth Addresses & Silent Payments

Bitcoin stealth addresses let you publish a single payment identifier while every on-chain receipt looks unique and unlinkable. They solve the classic surveillance problem covered in our Mixer Privacy guide: address reuse lets chain-analysts sum donations, map salary streams, or deanonymize dissidents. By splitting the public “meta-address” from the one-time spendable outputs, stealth schemes preserve donation usability without throwing receivers into a full mixer workflow each time.

Why Bitcoin Needed Stealth Addresses

Regular Bitcoin wallets expose patterns the moment an address receives funds more than once. Anyone scanning the blockchain can cluster all payments to that address, infer total balances, and track when coins leave the wallet. Exchanges and compliance desks add those clusters to blocklists, and data brokers resell them as risk scores. Stealth addresses counter that “reuse equals dox” equation by forcing every incoming payment to hit a brand-new output that only the intended receiver can recognize. That gives NGOs, paywalled publishers, or pseudonymous developers a way to accept donations without rotating QR codes daily. Pairing stealth addresses with change control and CoinJoin coordination further blurs the flow once those funds are spent.

Timeline and Historical Context

The concept dates back to 2011 Bitcointalk brainstorming sessions where developers tried to graft CryptoNote-style stealth on top of Bitcoin’s UTXO model. In 2014, Peter Todd proposed using elliptic-curve Diffie-Hellman (ECDH) to generate shared secrets, giving both wallets a deterministic way to derive one-time addresses from a public code. That prototype never landed in Bitcoin Core, but it seeded wallet experiments that matured into formal Bitcoin Improvement Proposals (BIPs). By 2015 BIP 47 defined reusable payment codes, and by 2022 the community rallied around Ruben Somsen’s Silent Payments approach that works cleanly with Taproot.

Those milestones show an arc from concept to near-standard. While the base protocol stayed agnostic, wallet authors, especially in the privacy space, kept iterating. Each generation reduced setup friction, removed telltale transaction fingerprints, and aligned more closely with how Monero’s view/spend key pairs operate. Today’s silent-payment prototypes are the culmination of that fifteen-year conversation.

BIP47 – Reusable Payment Codes

BIP47 introduced payment codes—encoded public keys plus metadata that function as a reusable “contact card.” A receiver publishes that code via website, QR, or PayNym handle. The sender first broadcasts a small notification transaction containing an OP_RETURN payload or a specific script template. That transaction uses ECDH to establish a shared secret so both parties can derive an infinite tree of one-time addresses. All later payments land directly on those derived addresses, so outside observers never see reuse, and the sender never has to ask for a fresh invoice.

In practice the trade-offs revolve around usability and leakage. Wallets such as Samourai Wallet’s PayNyms handle the notification handshake automatically, but that transaction still reveals that two parties agreed to communicate, and it costs on-chain fees. When operators combine BIP47 flows with manual change management or the broader privacy tool stack, they can keep donation accounts open indefinitely with acceptable overhead.

Silent Payments (BIP352)

Silent Payments, standardized as BIP 352 in 2022, remove the need for a notification transaction. The receiver shares a silent payment address derived from their Taproot key. For each payment, the sender generates an ephemeral keypair, performs an ECDH exchange with the published point, and tweaks a P2TR output so the funds land on a unique address. Because Taproot commits to the entire script tree, the payment looks indistinguishable from other P2TR spends on the blockchain.

The receiver’s wallet scans new blocks, plugs the tweaked keys into their private data, and silently discovers which outputs belong to them. The trade-off is heavier scanning on the receiver side, but hardware acceleration and light-client proofs are improving quickly. Silent payments also sidestep jurisdictional concerns about OP_RETURN usage and keep the chain footprint minimal. Projects like Sparrow Wallet, Phoenix, and several emerging privacy clients now ship experimental support, signaling that BIP 352 is moving from research to production.

How Stealth Address Derivations Work

Every stealth scheme uses two essential ingredients: a publicly shared meta-address that bundles long-term public keys, and an interactive or pseudo-interactive protocol that turns those keys into one-time spendable outputs. The sender’s wallet handles the math, so the UX still feels like copying a donation address. Under the hood the workflow follows a repeatable pattern:

  1. The receiver publishes public keys (often labelled “scan/view” and “spend”) or a combined code representing both.
  2. The sender generates an ephemeral private key r and computes the corresponding public point R.
  3. Both parties derive a shared secret via ECDH using r and the receiver’s published key.
  4. The sender mixes that secret with the receiver’s spend key to produce a brand-new public key P, which becomes the payment address embedded in the transaction output.
  5. The receiver watches the chain, finds outputs where the shared secret matches their metadata, derives the private key for P, and spends normally.

This approach keeps outsiders in the dark: they see only independent addresses with no obvious link to the meta-address, yet both sides enjoy deterministic recovery if a wallet needs to rescan.

Comparison to Monero and Adjacent Privacy Tools

Monero has baked stealth addresses, view keys, and amount-hiding RingCT into its base protocol since 2014, so every transfer inherits those protections automatically. Bitcoin’s stealth options remain opt-in and focus strictly on receiver unlinkability; spenders still leak information unless they combine techniques such as coordinated CoinJoin rounds, payjoin, or strict change avoidance. Cross-asset bridges outlined in our atomic swap playbook can ferry value into Monero for full-stack privacy before returning to Bitcoin with a fresh history.

The practical takeaway is that stealth addresses occupy the “receive privately” pillar inside a larger defense-in-depth plan. Mixers, CoinJoins, and stealth outputs cover different threat models, so mature treasury policies weave them together depending on whether funds are inbound, mid-flight, or exiting back through a regulated exchange.

Current Status and Adoption (February 2026)

BIP 47 still underpins thousands of Samourai PayNym codes, BTCPay merchant setups, and donation pages run by open-source projects that need reusable invoices today. Notification transactions remain a sticking point for fee-sensitive campaigns, but wallets mitigate this by batching handshakes or reusing established notification channels among trusted peers.

Silent payments are on the cusp of wider rollout. Bitcoin Optech’s tracking page lists merged pull requests for Bitcoin Core scanning support, hardware signer prototypes, and exchanges experimenting with silent deposits. Compliance teams are also studying how to flag silent outputs, which means privacy advocates must pair these schemes with change randomization, mixers, or Monero bridges whenever funds eventually touch KYC endpoints.

Author profile picture

Author

NotATether

Bitcoin privacy researcher and maintainer of BitMixList. Focused on mixer history, enforcement timelines, and practical privacy workflows for users operating in high-friction jurisdictions.

Copyright © 2023-2026 NotATether.
Contact: admin [at] notatether [dot] com
Disclaimers:
Only mix funds you have obtained lawfully.
Do not use BitMixList for money laundering!
TOR: mixlistihakx3uexhl3wv7xxpnso75pl2fxxupulqz3gpoybum62puid.onion
Donate (Click to get addresses)