deriveEd25519StealthPrivateKey()
SIP Protocol API Reference v0.7.0
SIP Protocol API Reference / deriveEd25519StealthPrivateKey
Function: deriveEd25519StealthPrivateKey()
Section titled “Function: deriveEd25519StealthPrivateKey()”deriveEd25519StealthPrivateKey(
stealthAddress,spendingPrivateKey,viewingPrivateKey):StealthAddressRecovery
Defined in: @sip-protocol/sdk/dist/index-BYZbDjal.d.ts:1528
Derive the private key for an ed25519 stealth address (for recipient to claim funds)
Algorithm:
- Compute shared secret: S = spend_scalar * R (spending scalar * ephemeral public)
- Hash shared secret: h = SHA256(S)
- Derive stealth private key: s_stealth = s_view + h (mod L)
IMPORTANT: Derived Key Format
The returned privateKey is a raw scalar in little-endian format, NOT a standard
ed25519 seed. This is because the stealth private key is derived mathematically
(s_view + hash), not generated from a seed.
To compute the public key from the derived private key:
// CORRECT: Direct scalar multiplicationconst scalar = bytesToBigIntLE(hexToBytes(privateKey.slice(2)))const publicKey = ed25519.ExtendedPoint.BASE.multiply(scalar)
// WRONG: Do NOT use ed25519.getPublicKey() - it will hash and clamp the input,// producing a different (incorrect) public keyParameters
Section titled “Parameters”stealthAddress
Section titled “stealthAddress”The stealth address to recover
spendingPrivateKey
Section titled “spendingPrivateKey”`0x${string}`
Recipient’s spending private key
viewingPrivateKey
Section titled “viewingPrivateKey”`0x${string}`
Recipient’s viewing private key
Returns
Section titled “Returns”Recovery data including derived private key (raw scalar, little-endian)
Throws
Section titled “Throws”If any input is invalid