Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

How It Works

Cloaked supports stealth addresses by separating coordination from control.

The system is designed so a server can handle the heavy operational work required for stealth addresses (such as address derivation, scanning, balance tracking, and transaction construction) without ever gaining the ability to move funds.

This is achieved using a capability-based key derivation model.

Key Derivation Model

When you register, your wallet signs a Cloaked-specific message that is bound to your device and protected by your PIN. On the client, this signature is deterministically transformed into two scoped cryptographic capabilities:

  • Viewing capability
    Shared with the service. Allows detection of which stealth addresses belong to you, enables balance tracking, and allows the service to derive new stealth addresses.

  • Spending capability
    Retained entirely by the client. Required to authorize and sign transactions from stealth addresses.

These capabilities are not wallet private keys. They are derived, scoped, and re-derivable from your wallet, and only your wallet can authorize spending. The spending capability never leaves your device.

This separation allows the service to coordinate stealth addresses on your behalf without custody or signing authority.

Receiving Funds

When someone sends you funds, they use your ENS name.

Behind the scenes, the service:

  • Derives a unique stealth address for each payment
  • Monitors the blockchain for funds sent to that address
  • Aggregates balances across all stealth addresses associated with you

Each payment lands at a distinct onchain address. Observers cannot easily link payments together or associate them with your identity or ENS name.

Senders never see your other stealth addresses, past or future.

Advanced

Stealth Address Derivation

Stealth addresses are derived using elliptic-curve Diffie–Hellman (ECDH), following the principles described in ERC-5564 and related implementations (e.g. Umbra).

Address creation requires only public data derived from your spending and viewing keys. No private keys are shared with senders.

In Cloaked’s architecture, address derivation and scanning are handled off-device for performance and UX, while spending authority remains entirely client-side.

Sending Funds

Stealth addresses fragment your balance across many independent addresses. Sending funds requires safely recombining those balances.

At a high level, the service:

  • Selects funds from one or more stealth addresses
  • Constructs a transaction covering the send amount and fees
  • Routes any change to a newly derived stealth address to avoid reuse

Your self-custody wallet authorizes and signs all transactions.

Advanced

Cloaked uses EIP-7702 to upgrade stealth EOAs into Porto smart accounts, imbuing Cloaked stealth addresses with the flexibility of smart accounts such as in-kind gas sponsorship and support for operations like swaps and bridging. This makes it practical to combine funds from many stealth addresses into a single send while preserving privacy and avoiding address reuse. All execution is explicitly authorized by the user’s wallet, while the service handles transaction coordination without requiring the user to deploy or manage smart contracts.