# Keys and Stealth Addresses The core mechanism that allows generalized contract calls through Nocturne is a scheme for re-randomizable addresses, which we call **s*****tealth addresses***. > Vitalik wrote a [blog](https://vitalik.ca/general/2023/01/20/stealth.html) a while back about a scheme he calls "stealth addresses". Our scheme has similar functionality, but is cheaper, more flexible, and leads to better UX. The main idea is to separate the ability to "view" transactions and the ability to "sign" transactions into two separate "private keys" - a ***viewing key*** and a ***spending key***. To avoid complicating key management, the viewing key can be derived from the spending key, but the spending key cannot be derived from the viewing key. In other words: * Someone with access to only a user's viewing key can trace the user's transactions, but cannot spend the user's funds. * Someone with access to the user's spending key can spend the user's funds *and* trace their transactions * Someone without access to either key cannot trace the user's transactions or spend their funds. From the viewing key, we then derive an associated address, which we refer to as the ***canonical address***. A user's canonical address is analogous to a user's Ethereum address - it serves as a pseudonym that uniquely identifies an account. However, unlike an Ethereum address, any user can ***randomize*** any other user's canonical address into a one-time ***stealth address*** without access to the user's viewing key. This stealth address refers to the same account as the canonical address, however, third parties cannot determine the association without access to the corresponding viewing key (i.e. it "looks random") . In the same manner, any user can also ***re-randomize*** any stealth address and generate new stealth addresses. Consider a user Alice. She can generate any number of one-time stealth addresses that can only be linked via their viewing key. Let's say Alice has a friend named Bob. She trusts Bob, so Alice shares her canonical address with him. He can generate stealth addresses to pay Alice without revealing her canonical address or knowing her viewing key. Now consider a third user named Charlie who's a stranger to Alice, so Alice doesn't want to give him her canonical address. Instead, Alice can give him one of her stealth addresses, or he can get one from Bob. Then, if Charlie wants to pay Alice, he can re-randomize the stealth address and pay Alice using the re-randomized address. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://nocturne-xyz.gitbook.io/nocturne/protocol-concepts/keys-and-stealth-addresses.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.