Standard Monero addresses consist of two public keys, which makes them more than twice longer than addresses of other cryptocurrencies.
I propose to introduce a new (optional) wallet address type for users who don't need the functionality provided by view keys, i.e. they don't need to separate the ability to observe incoming transactions and the ability to spend them. The advantage is that the address length is decreased to roughly half.Private key
There is only a single private key k, which can be restored from the mnemonic seed as usual. It serves as both the view key and the spend key.Short address
The public key is K = k*G, where G is the base point. The main short address is encoded as:
NETWORK_BYTE [1 byte] || K [32 bytes] || CHECKSUM [4 bytes]
The resulting address is 51 characters long when encoded in base58, for example (using network byte 65):
Sending funds to a short address works the same way as sending to a standard Monero address with the public view key equal to the public spend key.
The sender will generate a random scalar r and calculate:
R = r*G
P = Hs(r*K) + K
Here R is the transaction public key, P is the output address and Hs is the hash-to-scalar function.Tagged short addresses
Unfortunately, subaddresses don't work with just one public key. To allow payment identification with short addresses, I propose a scheme that is a mix between subaddresses and integrated addresses. Let's call it the "payment tag". It has the following properties:The payment tag doesn't take up any space in the transaction (it is encoded in the output key). A transaction can have multiple tagged outputs (unlike encrypted payment IDs, which are limited to one per transaction). Outside observers cannot tell if a transaction contains a payment tag. This is a stronger privacy property than encryp...