The reference implementation is here:
The document of MWC NIT Address will be a spec into docs folder, but here is a preview of that.
MWC Address Length
Here are 2 examples of MWC address:
- A lite/short address: “
mwc1q80yvs0zjmat3yg569aezqmvsry3kdsmy9r9scy4k47vrynvhh77gdgunyk
” - A normal/long address: “
mwc1qwr3suqp5g9nwkppucuxzt7ssnrs3me4nw4ahxap22nht46qd5kzakmrf8haee68d70dvuqlagqsq9ukrx5rs0rvpucl396hj5wuh3evqsq46p
”
The lite address string has a length of 63 characters, with 3 for HRP
(Human Readable Part), 1 for separator character 1
, 1 for version, 52 for the real payload data, and 6 for checksum.
The normal address string has a length of 114 characters, with 3 for HRP
(Human Readable Part), 1 for separator character 1
, 1 for version, 103 for the real payload data, and 6 for checksum.
The spec of Bech32 format.
Stealth Address Spec
The original spec: https://eprint.iacr.org/2020/1064.pdf
And a brief here.
An address has the raw data as (A,B)
, where both A and B are a public key. A is the public view key, and B is the public spend key.
When making a payment to an address (A,B)
, the wallet will calculate an one-time public key P'
to attach it into the transaction output created.
P' = Hash(A') * G + B
- where
A' = Hash(r*A) * G
, and r is a private nonce which has a corresponding public nonce R also attached into the transaction output created.R=r*G
.
With such kind of construction, the user can manage two private key separately, which is a much more safe design.
The first private key is a
which makes the view key A=a*G
. The private view key can be used for view only wallet, which for example can be used as a public online shopping website wallet. Another private key is b
which makes the spend key B=b*G
. The coins can only be spent by someone knows both private keys.
The enterprise, organization, and some advanced user can use this full Stealth Address to achieve a more safe management on their wallet.
Lite Stealth Address
The full Stealth Address has the management cost for this higher level safety. For some common personal users which has no requirement to separately manage his/her wallet (with a view only wallet and a spendable wallet), or don’t want the complexity to manage that, a Lite address is more suitable.
In this case, the Stealth Address has the raw data as A
, which can be looked as the (A,A)
for a Stealth Address data , where the view key is same as the spend key. And the one-time public key P'
becomes:
P' = Hash(A') * G + A
- where
A' = Hash(r*A) * G
, and r is a private nonce which has a corresponding public nonce R also attached into the transaction output created.R=r*G
.
The Lite Stealth Address is ONLY proposed to be used for those common personal users which don’t want the complexity and only want a single wallet to manage both view and spend.
Important Note for Lite Stealth Address
The Lite address is designed for simplicity as explained above, but absolutely this does not mean Lite address is not safe. Considering a hot wallet of Grin or MWC (for Interactive Transaction) always manage the private key both for sending and receiving, the Lite address usage here is quite similar as before NIT.
View Tag
The “View Tag” is the first byte of the shared secret t = Hash(r*A)
. This idea was first proposed for Monero and can greatly reduce the time for wallet when scanning the Output ownership.
In our case, this can reduce 65% calculations for us, refers to the test here.
We will attach this byte as part of the Output data.