ERC-5560 is an Ethereum Improvement Proposal (EIP) that standardizes the generation and use of stealth addresses. A stealth address is a one-time-use public address generated by a sender for a specific recipient, allowing funds to be sent privately without any prior on-chain interaction. The recipient, who holds a private stealth meta-address, can scan the blockchain to discover and control funds sent to these ephemeral addresses. This mechanism decouples a user's persistent identity from their transaction history, significantly enhancing privacy for asset transfers on public blockchains.
LABS
Glossary
ERC-5560
ERC-5560 is an Ethereum Request for Comments (ERC) standard that defines a protocol for generating and using stealth addresses to enable private transactions and interactions on-chain.
Chainscore © 2026
definition
ETHEREUM REQUEST FOR COMMENT
What is ERC-5560?
ERC-5560 is an Ethereum standard that defines a framework for stealth addresses, enabling private, non-interactive transfers of assets without revealing the recipient's identity on-chain.
The standard specifies a set of functions for key derivation and stealth address discovery. It uses elliptic curve cryptography, typically secp256k1, to generate a shared secret between the sender and recipient. The sender uses the recipient's publicly shared stealth meta-address to compute a unique stealth address for the transaction. Only the intended recipient, using their private viewing and spending keys, can compute the same shared secret and derive the corresponding private key for the newly created stealth address, thereby gaining control of the funds.
A core component of ERC-5560 is the stealth meta-address, which consists of a viewing public key and a spending public key. This meta-address is what users share to receive private payments. The standard also defines a standardized event, the StealthKey event, that wallets and indexers can emit to broadcast a user's stealth meta-address on-chain, facilitating discoverability without compromising the privacy of subsequent transactions. This creates a public directory for private interactions.
The primary use case for ERC-5560 is enabling private transfers of ERC-20 tokens, ERC-721 NFTs, and native ETH. It is particularly valuable for scenarios requiring financial privacy, such as payroll, donations, or confidential business transactions. By providing a non-interactive protocol, it solves the coordination problem present in earlier privacy schemes, as the recipient does not need to be online or have pre-published a receiving address for the transaction to succeed.
Implementation of ERC-5560 requires off-chain scanning by recipient wallets. Services known as stealth address providers or announcers can be built to index the blockchain, detect relevant StealthKey events and transactions, and notify users of incoming funds. The standard is extensible, allowing for different cryptographic schemes (like secp256r1) and integration with other privacy-enhancing technologies such as zero-knowledge proofs, forming a foundational layer for a more private Ethereum ecosystem.
etymology
STANDARDIZATION
Etymology & Origin
The origin story of ERC-5560 is a case study in how Ethereum's open-source community identifies a critical gap in user experience and collaborates to create a foundational standard.
ERC-5560 is an Ethereum Request for Comments (ERC) standard that defines a common interface for stealth address generation and management. Its primary purpose is to provide a standardized, non-custodial method for enhancing transaction privacy on Ethereum and compatible blockchains by allowing senders to create one-time addresses for recipients, obscuring the link between sender and receiver on the public ledger. The standard was formally proposed in 2022 by a group of developers and researchers, including Vitalik Buterin, Barry Whitehat, and others from the Ethereum Foundation and broader cryptography community.
The etymology of its name follows the established ERC numbering system, where '5560' is simply its sequential identifier in the registry of Ethereum improvement proposals. The conceptual origin, however, lies in the long-standing cryptographic concept of stealth addresses, which predate Ethereum. The proposal emerged from community discussions around scaling privacy solutions beyond mixers and zero-knowledge rollups, aiming to integrate a fundamental privacy primitive directly into the protocol layer. It builds upon earlier work on Diffie-Hellman key exchange and elliptic curve cryptography to create a scheme where only the intended recipient can compute the private key for a payment address they did not explicitly share.
The development of ERC-5560 was driven by the need for interoperability. Prior to its proposal, various projects implemented bespoke, incompatible stealth address mechanisms, creating fragmentation. By providing a canonical interface—specifying functions for generating stealth meta-addresses, deriving stealth addresses, and viewing keys—the standard allows wallets, explorers, and services to universally support private payments. This origin as a composability layer is quintessentially Ethereum, enabling innovation (like privacy-preserving DeFi or anonymous airdrops) to be built on a shared foundation rather than isolated in individual applications.
how-it-works
TECHNICAL DEEP DIVE
How ERC-5560 Works
A technical breakdown of the ERC-5560 standard, which defines a framework for stealth addresses to enhance transaction privacy on EVM-compatible blockchains.
ERC-5560, also known as the Stealth Address Standard, works by enabling a sender to generate a one-time, private receiving address for a recipient without requiring prior interaction. The core mechanism relies on elliptic curve cryptography, specifically the secp256k1 curve used by Ethereum. A recipient publishes a stealth meta-address—a public key—to a registry. A sender uses this meta-address, along with a random secret, to compute a unique stealth address where funds are sent. Only the intended recipient, using their private key, can derive the corresponding private key for that stealth address and control the assets.
The standard specifies four core functions: generateStealthAddress, checkStealthAddress, computeStealthKey, and the event StealthAddress. The generateStealthAddress function is called by the sender; it takes the recipient's stealth meta-address and a random ephemeralPrivateKey to output a stealth address and associated viewTag for efficient discovery. The emitted StealthAddress event logs the stealth address, the sender's ephemeral public key, and the view tag, allowing the recipient—or designated stealth address providers—to scan the chain for transactions intended for them.
For a recipient to find their funds, they must scan the blockchain for StealthAddress events. Using the checkStealthAddress function, they can quickly filter events using the viewTag, a cryptographic hash that acts as a Bloom filter. For a matching event, the recipient then uses the computeStealthKey function with their private key and the ephemeral public key from the event to derive the private key for the stealth address. This process ensures that only the rightful owner can compute the key, as it depends on the Diffie-Hellman key exchange between the recipient's private key and the sender's ephemeral public key.
A critical component for usability is the stealth meta-address registry, which can be implemented as a smart contract or an off-chain directory. This registry allows users to associate a human-readable name or primary address with their stealth meta-address, making it easier for senders to find the correct public key. The standard is designed to be non-upgradeable and minimal, providing only the essential cryptographic primitives. Wallets and applications are expected to build user-friendly interfaces on top of this base layer to handle key generation, chain scanning, and transaction construction seamlessly.
ERC-5560's design has significant implications for privacy and scalability. By decoupling on-chain activity from identity, it breaks the heuristic links used in blockchain analysis. However, it introduces new challenges, such as the computational overhead for recipients to scan the chain and the need for reliable announcement channels for stealth meta-addresses. The standard is a foundational layer for privacy-preserving applications, enabling use cases like private airdrops, confidential payroll, and anonymous donations without requiring complex zero-knowledge proofs or mixing protocols.
key-features
STANDARD OVERVIEW
Key Features of ERC-5560
ERC-5560, also known as the Stealth Address Registry, is an Ethereum standard that defines a registry for stealth address meta-addresses, enabling private transactions on public blockchains.
01
Stealth Address Registry
At its core, ERC-5560 establishes a public, on-chain registry where users can publish their stealth meta-address. This is a public key derived from a user's private keys, allowing anyone to generate a unique, one-time stealth address for sending assets without linking it to the recipient's primary identity on-chain.
02
Stealth Meta-Address
A stealth meta-address is the public-facing component of the system. It is typically a concatenation of two public keys (e.g., a spending key and a viewing key) from the recipient. Senders use this meta-address, along with a random nonce, to cryptographically generate a unique, one-time Ethereum address for the transaction.
03
Dual-Key Cryptography
The standard is designed to support dual-key stealth address protocols like Diffie-Hellman key exchange. This involves:
- A spending key to authorize transfers from the generated stealth address.
- A viewing key to scan the blockchain and detect incoming transactions to stealth addresses owned by the user. This separation enhances security and functionality.
04
On-Chain Announcements
To help recipients discover transactions, ERC-5560 includes a standard interface for emitting stealth address announcements. These are optional, low-cost on-chain events (like logs) that broadcast the stealth address and a hint, allowing users or their watchtower services to efficiently find funds sent to them.
05
Protocol Agnosticism
The standard is agnostic to the underlying cryptographic scheme. It provides a universal registry and announcement format that can be implemented by various stealth address schemes (e.g., based on SECP256k1 or other curves), fostering interoperability and future innovation in privacy technology.
06
Integration with ERC-4337
A key design goal is compatibility with account abstraction (ERC-4337). Stealth addresses generated via ERC-5560 can be smart contract accounts, not just Externally Owned Accounts (EOAs). This enables private transactions for smart contract wallets and allows paymasters to sponsor gas fees for stealth transactions.
visual-explainer
ERC-5560
Visual Explainer: The Stealth Address Flow
A step-by-step breakdown of how stealth addresses, as defined by ERC-5560, enable private on-chain transactions by generating one-time recipient addresses.
The stealth address flow is a cryptographic protocol that enables private asset transfers on public blockchains by ensuring the recipient's primary address is never directly linked to a transaction. Instead, the sender uses the recipient's published stealth meta-address to generate a unique, one-time stealth address for the funds. Only the intended recipient, who holds the corresponding private keys, can discover and control this new address, making the payment opaque to external observers on the ledger.
The process begins with a user, the recipient, generating and publicly sharing a stealth meta-address derived from their private keys. A sender who wants to make a private payment uses this meta-address, along with a random secret (ephemeral private key), to compute a shared secret and subsequently the unique stealth address for the transaction. The funds are sent to this newly generated address, and the sender broadcasts a stealth meta-transaction or announcement containing cryptographic hints, enabling only the recipient to find the payment.
To discover incoming funds, the recipient or a service provider like an announcer scans the blockchain for these announcements. Using their private key and the ephemeral public key from the announcement, the recipient can independently compute the same shared secret and derive the stealth address where the funds reside. This allows them to generate the corresponding private key for that address and take custody of the assets, completing the private transfer loop without any prior interaction with the sender.
This mechanism, formalized in ERC-5560: Stealth Addresses for Ethereum, provides transaction privacy by breaking the on-chain link between payer and payee. Unlike mixing services, it is a non-interactive, native protocol that does not require a trusted third party or batching of transactions. Its core components include the Diffie-Hellman key exchange, elliptic curve cryptography, and a standardized announcement format to ensure interoperability across wallets and applications.
Practical implementation requires infrastructure like announcement registries (e.g., a smart contract) where senders post hints, and scanning services that help recipients discover transactions. While it provides strong privacy for recipients, it introduces challenges such as gas costs for announcements and the computational load of scanning. This flow is foundational for private airdrops, confidential payments, and enhancing overall financial privacy on transparent networks like Ethereum.
examples
ERC-5560
Examples & Use Cases
ERC-5560 defines a standard interface for stealth addresses, enabling private, non-interactive transactions on EVM chains. Its primary use cases center on enhancing privacy for payments, DeFi, and identity systems.
02
Privacy-Preserving DeFi Interactions
Allows users to interact with DeFi protocols (e.g., DEXs, lending pools) without exposing their main wallet's identity and total asset portfolio.
- Account Separation: A user's stealth address can be used for a single trade or loan, preventing chain analysis from linking all their financial activity.
- Anonymity Set: When combined with other privacy tools, it increases the anonymity set for DeFi users.
- Example: Swapping tokens on a DEX via a stealth address to prevent front-running based on wallet reputation.
03
Stealth Identity & Authentication
Facilitates private on-chain identity verification and authentication mechanisms.
- Anonymous Credentials: A user can prove control of a stealth address derived from a master identity without revealing the master key.
- Private Interactions with DAOs: Members can vote or claim rewards using stealth addresses to maintain privacy within a governance system.
- Soulbound Tokens (SBTs): Private issuance of SBTs to a stealth address prevents public association with the recipient's primary identity.
04
Integration with Privacy Infrastructure
ERC-5560 is a foundational layer designed to work with broader privacy stacks, not a standalone solution.
- Announcement Protocols: Requires an off-chain announcement (e.g., via ENS, a mempool, or a relay network) to notify the recipient of a new stealth payment.
- Composability: Can be integrated with zk-SNARKs or ring signatures for enhanced privacy. Sponsorship mechanisms can pay gas for stealth address interactions.
- Key Management: Relies on secure stealth address resolvers (like the
IERC5564Announcer) to manage keys and scan for announcements.
05
Comparison to Mixers & zk-Proofs
Contrasts the privacy model of stealth addresses with other common solutions.
- vs. Mixers (e.g., Tornado Cash): ERC-5560 provides non-interactive privacy for direct payments without requiring a pool of funds or a withdrawal step. It hides the recipient, whereas mixers typically hide the sender.
- vs. zk-Proofs (e.g., zk-SNARKs): Stealth addresses are simpler and cheaper for hiding transaction graphs, while zk-proofs are better for hiding transaction amounts and complex logic. They are often complementary technologies.
ecosystem-usage
IMPLEMENTATIONS & APPLICATIONS
Ecosystem Usage
ERC-5560, or Stealth Addresses, is a standard for generating private, one-time addresses to receive assets, enhancing privacy for users and applications. Its adoption is primarily seen in privacy-focused protocols and wallets.
04
Mixers & Privacy Pools
Advanced privacy protocols use ERC-5560 as a core component for breaking on-chain links. It can be combined with zk-SNARKs or commitment schemes in privacy pools to allow users to withdraw assets to a fresh, unlinked address, enhancing the anonymity set.
05
DAO & Private Voting
DAOs can leverage stealth addresses for private voting or funding mechanisms. Members can receive voting tokens or grants to a stealth address, ensuring their choices or receipts aren't publicly traceable to their primary wallet, reducing potential coercion or targeting.
06
The Technical Stack
Implementing ERC-5560 requires specific cryptographic components:
- Stealth Meta-Address: A public key for generating stealth addresses.
- Spending Key: The private key that controls the generated stealth address.
- Announcement: An on-chain signal (emitted event) that enables the recipient to discover their new stealth address.
- Viewing Key: Allows designated parties to scan for incoming transactions.
ERC-5560 CONTEXT
Comparison: Privacy Techniques
A comparison of privacy-enhancing technologies relevant to stealth address implementations, including the approach defined in ERC-5560.
| Feature / Metric | Stealth Addresses (ERC-5560) | ZK-SNARKs (e.g., zk-SNARKs) | Confidential Transactions (e.g., Mimblewimble) |
|---|---|---|---|
Primary Privacy Goal | Receiver anonymity | Transaction data privacy | Amount & sender/receiver privacy |
On-Chain Data Visibility | Public metadata, private link | Zero-knowledge proof only | Pedersen commitments only |
Computational Overhead | Low (asymmetric crypto) | Very High (proof generation) | Medium (range proofs) |
Scalability Impact | Minimal (1-2 extra txns) | High (large proofs, verification cost) | Moderate (aggregation possible) |
Smart Contract Compatibility | |||
Requires Trusted Setup | |||
Privacy Set Size | Unbounded (per stealth meta-address) | Bounded by circuit | Transaction graph analysis possible |
Standardization Status | EIP standardization (ERC-5560) | Application-specific | Protocol-level (e.g., Grin, Beam) |
security-considerations
ERC-5560
Security & Privacy Considerations
ERC-5560, also known as the Stealth Addresses standard, introduces a privacy-preserving mechanism for Ethereum transactions. This section details the cryptographic principles, security assumptions, and practical considerations for its implementation.
01
Stealth Address Core Mechanism
A stealth address is a one-time-use Ethereum address generated by a sender for a specific recipient, derived from the recipient's public spending key and viewing key. The process uses Elliptic Curve Cryptography (ECC) to ensure only the intended recipient, who holds the corresponding private keys, can detect and spend funds sent to this address. This breaks the on-chain linkability between a recipient's public identity and their transaction history.
02
Viewing Key Security Model
The viewing key is a critical component that allows users to scan the blockchain for incoming stealth payments. Its security model differs from a spending key:
- Privacy Risk: If compromised, an attacker can see all incoming transactions but cannot spend the funds.
- Key Management: Users must securely store and potentially rotate viewing keys to maintain privacy over time, as all past and future transactions to their stealth meta-address are discoverable with it.
03
Announcement & Registration Protocols
To enable the sender to generate a stealth address, the recipient must broadcast their stealth meta-address. ERC-5560 defines announcement methods, such as emitting a specific event or storing data in a registry contract. Security considerations include:
- Sybil Attacks: Malicious actors could spam announcements.
- Metadata Leakage: The act of announcement itself, including block timestamp and gas payer, can create correlatable metadata.
- Registry Trust: Using a shared registry contract introduces a dependency on its availability and correctness.
04
Resistance to Chain Analysis
While stealth addresses provide strong transaction unlinkability, they are not a complete anonymity solution. Sophisticated chain analysis may still infer patterns through:
- Timing Analysis: Correlating announcement events with subsequent stealth transactions.
- Interaction Clustering: Analyzing interactions with common smart contracts (e.g., DEXs) from both public and stealth addresses.
- Gas Funding: Tracing the source of ETH used to pay gas for claiming stealth payments.
05
Integration with Existing Wallets
Secure integration requires wallet software to manage multiple key pairs and perform automatic scanning. Key challenges include:
- Secure Key Generation: Must use cryptographically secure random number generators.
- Off-Chain Scanning: Wallets need efficient methods to scan for stealth payments without leaking user data to centralized servers.
- User Experience: Balancing security (key storage) with usability for key recovery and rotation scenarios.
06
Forward Secrecy & Future-Proofing
A fundamental limitation is the lack of forward secrecy for the viewing key. If a viewing key is leaked, all historical transactions become visible. Mitigations and considerations include:
- Key Rotation: Protocols for generating new stealth meta-addresses, though this fragments the identity.
- Post-Quantum Considerations: The standard relies on ECC (e.g., secp256k1). Future quantum computers could break this cryptography, compromising all stealth address privacy.
ERC-5560
Common Misconceptions
ERC-5560, also known as the Stealth Addresses standard, is a privacy-enhancing proposal for Ethereum. This section clarifies frequent misunderstandings about its implementation, security model, and relationship to other privacy technologies.
No, ERC-5560 only provides privacy for the receiving side of a transaction, not for the sender or the transaction details on-chain. It uses stealth addresses to generate a unique, one-time address for each payment to a recipient, hiding the link between the recipient's public identity and the funds received. However, the sender's address, the transaction amount, the stealth address itself, and any interaction with a smart contract are still fully visible on the public ledger. It is a tool for payment privacy, not full transaction anonymity, and is often combined with other technologies like mixers or zk-SNARKs for broader privacy.
ERC-5560
Frequently Asked Questions (FAQ)
ERC-5560, also known as the Stealth Addresses standard, introduces a privacy-enhancing mechanism for Ethereum and EVM-compatible blockchains. This FAQ addresses common questions about its purpose, functionality, and implementation.
ERC-5560 is an Ethereum Request for Comments (ERC) standard that defines a protocol for generating and using stealth addresses, which are one-time-use addresses that enhance transaction privacy on public blockchains. It allows a sender to create a unique, non-linkable destination address for a recipient without requiring prior coordination, obscuring the connection between the recipient's public identity and the specific transaction on-chain. The standard provides a common interface for wallets and applications to generate, discover, and manage these private interactions, moving beyond ad-hoc implementations to foster ecosystem-wide privacy.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall