One-Time Address

Monero's stealth addresses are the canonical implementation of one-time addresses. For every incoming transaction, the sender generates a unique, one-time public key derived from the recipient's public view key and a random scalar. This ensures:

• Unlinkability: Payments to the same recipient cannot be linked on-chain.
• Receiver Privacy: Only the recipient, using their private view key, can scan for and spend from these addresses.
• Mandatory Use: This system is enforced for all transactions on the network.

Zcash's shielded pools (z-addresses) use a different cryptographic primitive but achieve a similar privacy goal. Instead of generating a one-time public key, it uses zk-SNARKs to prove the validity of a transaction without revealing sender, recipient, or amount.

• Shielded Transactions: Funds sent to a z-address are completely private.
• Selective Disclosure: Users can provide view keys for auditing.
• Computational Overhead: Generating zk-SNARK proofs is more resource-intensive than Monero's stealth address generation.

Bytecoin, the first CryptoNote-based cryptocurrency, pioneered the stealth address system later adopted by Monero. Its protocol uses one-time keys to break the link between a recipient's published address and the address where funds are actually received.

• Foundation: The original implementation of the CryptoNote whitepaper's privacy mechanisms.
• Key Derivation: Employs Diffie-Hellman key exchange to generate unique destination keys for each transaction.
• Legacy: Serves as the foundational model for many privacy coins.

On Ethereum, one-time address concepts can be implemented at the application layer via smart contracts or account abstraction. While not native to the protocol, they enable privacy-preserving patterns.

• Smart Contract Wallets: Can be programmed to generate a new address for each interaction or deposit.
• Privacy Mixers: Services like Tornado Cash used stealth addresses internally (via zk-SNARKs) to break on-chain links.
• Future Potential: ERC-4337 Account Abstraction allows for more flexible transaction validation, potentially enabling standardized one-time address schemes.

IOTA's MAM (Masked Authenticated Messaging) and Streams frameworks utilize one-time addresses as part of a larger post-quantum secure data and value transfer system. Each message or transaction can be signed with a Winternitz One-Time Signature (WOTS) scheme.

• Quantum Resistance: WOTS is resistant to attacks from quantum computers.
• Data & Value: Applied to both data streams and token transfers on the Tangle.
• Key Management: Requires careful key management as keys are consumed after use.

A stealth address is a type of one-time address generated by the recipient using a shared secret, allowing a sender to create a unique, unlinkable destination for a transaction without prior coordination. This is the core privacy mechanism used by protocols like Monero and Ethereum's ERC-5564.

• Mechanism: The recipient publishes a stealth meta-address. The sender uses this, along with a random nonce, to derive a one-time public key for the transaction.
• Benefit: All funds sent to a user go to different on-chain addresses, breaking the linkability of their transactions.

A Zero-Knowledge Proof is a cryptographic method that allows one party (the prover) to prove to another (the verifier) that a statement is true without revealing any information beyond the validity of the statement itself.

• Relation to Privacy: While one-time addresses hide the link between transactions, ZKPs can hide the content (amount, asset type) and the state changes within a transaction.
• Combined Use: Advanced privacy systems like Zcash use both zk-SNARKs and one-time addresses (note commitments) to provide full transaction anonymity.

CoinJoin is a privacy technique where multiple users combine their transactions into a single, larger transaction to obscure which inputs correspond to which outputs.

• Method: Several senders contribute inputs and specify their recipient outputs in one transaction, making chain analysis difficult.
• Comparison: Unlike one-time addresses, which provide receiver privacy, CoinJoin primarily enhances sender privacy by breaking the common-input-ownership heuristic. Services like Wasabi Wallet and JoinMarket implement this.

The Diffie-Hellman key exchange is a fundamental cryptographic protocol that allows two parties to establish a shared secret over an insecure channel. This is the mathematical backbone for generating one-time addresses.

• Application in Stealth Addresses: The sender uses the recipient's public key and a random private nonce to perform a Diffie-Hellman key exchange. The resulting shared secret is used to derive the unique, one-time public address for the payment.
• Security: It ensures that only the intended recipient, who holds the corresponding private key, can compute the shared secret and spend the funds.

Mimblewimble is a blockchain design that provides privacy and scalability by using cryptographic commitments and eliminating unnecessary transaction history.

• Privacy Mechanism: It uses Confidential Transactions to hide amounts and CoinJoin by default (transaction aggregation) to obscure transaction graphs.
• Contrast with One-Time Addresses: Mimblewimble does not typically use reusable addresses or one-time addresses in the same way. Instead, it relies on interactive transactions and the cut-through feature to compress and obscure the ledger, achieving a different form of privacy and efficiency. Implemented by blockchains like Grin and Beam.