@zksend/stealth-sdk

Real stealth addresses on Solana — ECDH-derived, view-key recoverable, Memo-program footprint.

---

Same ECDH-on-ed25519 primitives that power the ZKSend wallet. Zero relayers, zero mixers, zero on-chain program — just a one-time address per payment, derived in the payer's browser.

Install

npm install @zksend/stealth-sdk

Quick start

Recipient — generate identity, share a pay-link

import { generateMetaKey, makePayLink } from "@zksend/stealth-sdk";
const meta = generateMetaKey();
// persist meta.seed encrypted — it's your whole identity
const link = makePayLink(meta.pub);  // → "https://zksend.xyz/pay#m=4mN9..."

Payer — derive a one-time address

import { deriveStealthSender, encodeMemo, parsePayLink } from "@zksend/stealth-sdk";
const metaPub = parsePayLink(linkFromRecipient)!;
const { stealthPub, ephPub } = deriveStealthSender(metaPub);
// 1) SystemProgram.transfer → stealthPub
// 2) Memo with encodeMemo(ephPub)

Recipient — sweep

import { signWithScalar } from "@zksend/stealth-sdk";
const sig = signWithScalar(stealthScalar, stealthPub, txMessage);

How it works

ERC-5564-style stealth address scheme ported to ed25519:

shared = eph_scalar × meta_pub                       (DH on ed25519)
tweak  = SHA-512(ver ‖ shared ‖ eph_pub ‖ meta_pub)  mod L
stealth_pub    = meta_pub + tweak × G
stealth_scalar = (meta_scalar + tweak) mod L          (recipient only)

The sender knows stealth_pub (a valid Solana address) but not stealth_scalar — only the recipient, applying their meta_scalar to the sender-published eph_pub, recovers the spend scalar.

License

MIT