Executive Summary: ERC-5564 introduces stealth addresses as a privacy-preserving mechanism for Ethereum and EVM-compatible blockchains, enabling true unlinkable payments without relying on mixers or trusted third parties. This innovation leverages deterministic cryptographic key derivation and zero-knowledge proofs to obscure transaction relationships, addressing long-standing privacy concerns in public ledgers. Unlike previous attempts such as Tornado Cash or zk-SNARK-based mixers, ERC-5564 operates at the protocol level with minimal computational overhead and no centralization risks. In the context of escalating regulatory scrutiny and privacy erosion via blockchain forensics, ERC-5564 represents a paradigm shift toward user-controlled anonymity in decentralized finance.
ERC-5564 introduces a two-phase system for generating and resolving stealth addresses. At its core, it employs a stealth meta-address—a user-controlled identifier that is never recorded on-chain. This meta-address is derived from a user’s private key and a shared secret generated during the payment request.
The protocol defines two smart contracts: the StealthRegistry and the PaymentVerifier. The registry stores ephemeral public keys (stealth keys), while the verifier ensures that spend conditions are met without revealing linkage to the sender or recipient.
When Alice wishes to pay Bob, she generates a stealth address using Bob’s meta-address and a random scalar r. The resulting stealth public key S = H(r * B) * G + A (where B is Bob’s meta-address public key, A is Alice’s spending key, and G is the generator) is published on-chain. Bob can then scan for incoming payments by deriving the corresponding private key s = H(r * B) + a, where a is Bob’s private key. This process ensures that only Bob can detect and spend funds sent to S.
Notably, the stealth address is not stored in plaintext—only a commitment or hash of the ephemeral key is published, enhancing privacy against front-running and MEV attacks.
Unlike Tornado Cash, which requires users to deposit and withdraw funds through a centralized smart contract, ERC-5564 avoids pooling of funds and eliminates the need for trusted withdrawal keys. This removes the risk of regulatory seizure (as seen in OFAC actions) and reduces exposure to exploits such as reentrancy or flash loan attacks.
Compared to zk-SNARK-based systems like Zcash, ERC-5564 avoids the computational burden of proof generation and verification, making it suitable for high-frequency transactions and mobile environments. Moreover, it does not require a trusted setup ceremony, which has historically been a vulnerability vector (e.g., powers of tau leaks).
ERC-5564 also surpasses earlier stealth address proposals like Monero’s ring signatures in efficiency and auditability. Each transaction is independently verifiable on-chain, enabling compliance with regulatory reporting without sacrificing privacy.
In the context of network-level vulnerabilities such as Citrix CVE-2020-8196—a TLS parsing flaw enabling man-in-the-middle attacks—ERC-5564’s privacy guarantees hold even if the underlying network is compromised. Because stealth addresses are generated and derived locally using cryptographic primitives, they are not exposed to network-level interception.
However, new attack vectors emerge at the wallet and key management layer. For instance, if a user’s meta-address private key is compromised, an attacker could monitor all stealth addresses derived from it. Similarly, poor randomness in the scalar r could allow linkability via timing analysis or side channels.
To mitigate these risks, ERC-5564 recommends the use of hardware security modules (HSMs) or secure enclaves for key derivation, and the integration of entropy sources compliant with NIST SP 800-90B for cryptographic randomness.
ERC-5564 aligns with global privacy frameworks such as GDPR and CCPA by enabling data minimization—transaction details are only visible to intended recipients. While regulators may still require identity verification for on-ramps and off-ramps, the on-chain transaction graph remains obfuscated.
This architecture contrasts with mixer-based systems, which are increasingly flagged as sanctions evasion tools. By operating at the protocol layer and avoiding pooled funds, ERC-5564 reduces exposure to regulatory scrutiny while preserving user privacy.
Integration with existing wallets is facilitated via the eth_sendTransaction extension defined in EIP-1193. A sample flow:
r.StealthRegistry.Projects such as StealthPay and SilentSwap are already building on ERC-5564, demonstrating its viability for decentralized exchanges and lending protocols.
openzeppelin-contracts and circom-stealth.r values.The ERC-5564 specification is evolving toward a multi-chain standard