@wraith-protocol/sdk/chains/ckb.
Most developers should use the Agent Client instead. These primitives are for power users building custom stealth address integrations on CKB.
The Cell Model
CKB is fundamentally different from account-based chains like EVM or Solana. CKB uses a UTXO-based Cell model where all state is stored in Cells. A Cell has four fields:Cells Are Announcements
On EVM chains, stealth address announcements are separate events emitted by an Announcer contract. On CKB, the Cell itself is the announcement. There is no separate announcer. The stealth lock scriptargs contain both the ephemeral public key and the stealth address hash:
Scanning = Querying Live Cells
Instead of querying a subgraph or parsing event logs, scanning on CKB means querying all live Cells that use thestealth-lock code hash. CKB’s built-in indexer RPC (get_cells) supports filtering by lock script code hash, so only stealth Cells are returned.
Spending = Consuming Cells
To withdraw from a stealth address, you consume the stealth Cell and create a new Cell at the destination. The stealth lock script verifies the secp256k1 signature against the pubkey hash in the args.Installation
fetch. Address hashing uses @noble/hashes (blake2b), which is already a direct dependency.
Import
Types
Key Differences from EVM
CKB uses the same secp256k1 curve as EVM but different hash functions and a completely different state model.Constants
Functions
deriveStealthKeys(signature)
Derive spending and viewing key pairs from a 65-byte ECDSA signature. Identical to the EVM module.
r/s, keccak256 each to get spending and viewing keys.
generateStealthAddress(spendingPubKey, viewingPubKey, ephemeralKey?)
Generate a one-time stealth address with lock script args for CKB.
- Generate random ephemeral key pair
(r, R = r * G) - Compute ECDH shared secret
S = r * viewingPubKey(compressed) hashedSecret = SHA-256(S)— not keccak256 like EVMstealthPubKey = spendingPubKey + hashedSecret * GstealthPubKeyHash = blake160(stealthPubKey)— blake2b with “ckb-default-hash”, first 20 byteslockArgs = ephemeralPubKey || stealthPubKeyHash
blake160(data)
CKB’s address hashing function. blake2b with "ckb-default-hash" personalization, truncated to 20 bytes.
checkStealthCell(cell, viewingKey, spendingPubKey)
Check if a stealth Cell belongs to you.
- Extract
ephemeralPubKey = cell.lockArgs[0:33] - Compute ECDH shared secret
S = viewingKey * ephemeralPubKey hashedSecret = SHA-256(S)expectedPubKey = spendingPubKey + hashedSecret * GexpectedHash = blake160(expectedPubKey)- Compare
expectedHashwithcell.lockArgs[33:53]
get_cells RPC already filters to only stealth-lock Cells.
scanStealthCells(cells, viewingKey, spendingPubKey, spendingKey)
Scan an array of stealth Cells and return the ones that belong to you.
deriveStealthPrivateKey(spendingKey, ephemeralPubKey, viewingKey)
Compute the private key that controls a specific stealth Cell.
S = viewingKey * ephemeralPubKey(shared secret)hashedSecret = SHA-256(S)— not keccak256stealthPrivateKey = (spendingKey + hashedSecret) mod n
encodeStealthMetaAddress(spendingPubKey, viewingPubKey)
Encode two public keys into a CKB stealth meta-address string.
st:ckb:{spendingPubKeyHex}{viewingPubKeyHex} — 132 hex chars (two 33-byte compressed secp256k1 keys), same structure as EVM.
decodeStealthMetaAddress(metaAddress)
Decode a CKB meta-address back into its component public keys.
End-to-End Flow
Names
.wraith name registration on CKB uses the Cell model. Each name is a live Cell whose type script identifies the name and whose data holds the stealth meta-address. Ownership is proven by the Cell’s lock script — whoever can spend the Cell owns the name. This is fundamentally different from EVM and Solana, where ownership is proven by a signature from the spending key.
hashName(name)
Compute the blake2b hash of a name string. The result is used as the type script args to identify the name Cell.
buildRegisterName({ name, spendingPubKey, viewingPubKey })
Build the type script and Cell data for creating a .wraith name Cell. Returns the type script object and the 66-byte data payload.
wraith-names-type code hash from the deployment config. The args field is hashName(name).
buildResolveName({ name })
Build the type script for querying a name Cell. Use this with the CKB get_cells RPC to find the Cell that holds a name’s meta-address.
metaAddressFromNameData(data)
Parse the 66-byte Cell data from a name Cell into its component public keys.
spendingPubKey (33 bytes) || viewingPubKey (33 bytes) = 66 bytes total.
Registering a Name
Resolving a Name
CKB Names vs Other Chains
CKB-Specific Considerations
- Minimum capacity: A stealth-lock Cell requires at least 61 CKB due to the 53-byte args. Senders must send at least this amount.
- No view tags: Every Cell must be fully checked. CKB’s
get_cellsRPC already filters by lock script code hash, so only stealth Cells are examined. - blake2b personalization: CKB uses
"ckb-default-hash"as the blake2b personalization parameter. This must be included or hashes won’t match on-chain verification. - UTXO spending: Withdrawing means consuming the Cell and creating a new one at the destination. The transaction fee is deducted from the Cell’s capacity.
- Name ownership: On CKB, name ownership is proven by the Cell’s lock script, not by a signature from the spending key like on EVM. Whoever can spend the name Cell controls the name.
Chain Deployments
getDeployment(chain)
Supported Networks
Fetching Stealth Cells
fetchStealthCells(chain?)
Fetches all live stealth Cells from CKB using the get_cells RPC method, filtered by the stealth-lock code hash. Handles pagination automatically.

