Skip to main content

The landscape

Stealth addresses aren’t new. ERC-5564 standardized them for Ethereum, and projects like Umbra and Fluidkey have working implementations. SPECTER’s contribution is replacing the classical cryptographic foundation with a post-quantum one, while keeping everything else compatible.

Head-to-head comparison

FeatureSPECTERUmbraFluidkey
Key exchangeML-KEM-768 (FIPS 203)ECDH (secp256k1)ECDH (secp256k1)
Quantum resistantDiscovery layer: yesNoNo
Harvest-now-decrypt-later safeYesNoNo
NIST standardized cryptoYes (FIPS 203)No (pre-standard curves)No
View tag optimization1 byte, ~99.6% skip rate1 byte1 byte
Scan speed (100k announcements)~1-2 seconds~10-15 secondsN/A
Chains supportedEthereum, SuiEthereumEthereum
Name service supportENS + SuiNSENSENS
ERC-5564 compatibleYes (schemeId 2)Yes (schemeId 1)Partial
Spend pathsecp256k1 (classical)secp256k1 (classical)secp256k1 (classical)
Open sourceYesYesPartial

What SPECTER does differently

Post-quantum discovery

The biggest difference is in the cryptographic primitive used for the sender-recipient shared secret. SPECTER uses ML-KEM-768 instead of ECDH. This means the announcement ciphertexts stored on-chain are protected against quantum attacks. A future attacker with a quantum computer can’t retroactively break the privacy of old payments.

Faster scanning

SPECTER’s Rust-based scanner processes announcements faster than JavaScript-based alternatives. View tags provide the same 256x speedup, but the backend implementation is more efficient.

Multi-chain from day one

Stealth addresses derived by SPECTER work on both Ethereum and Sui. The same ML-KEM shared secret can produce valid addresses for either chain.

What’s the same

All stealth address systems share the same fundamental approach: one-time addresses derived from a public profile, with announcements that let the recipient find their payments. SPECTER doesn’t reinvent that wheel. It upgrades the crypto underneath. The spend path is also the same across all current systems: the resulting wallet key is still secp256k1 for Ethereum. That’s an ecosystem limitation, not a SPECTER-specific one. See Security Boundaries for the full picture.

Key size tradeoffs

ML-KEM-768 keys are larger than elliptic curve keys:
ML-KEM-768 (SPECTER)secp256k1 (Classical)
Public key1,184 bytes33 bytes
Secret key2,400 bytes32 bytes
Ciphertext1,088 bytes33 bytes
Shared secret32 bytes32 bytes
The tradeoff: larger keys and ciphertexts in exchange for quantum resistance. The shared secret output is the same size, so downstream operations (address derivation, view tags) are unaffected. For on-chain announcements, the 1,088-byte ciphertext costs more gas than a 33-byte EC public key. This is a real cost, but it’s the price of quantum safety for permanent on-chain data.

See the protocol flow

How the full payment process works, step by step.

PQ crypto deep dive

What ML-KEM actually does and why it resists quantum attacks.