Another solution for improving privacy is using stealth addresses. A stealth address preserves recipient privacy without per-transaction interaction needed (so receiver published an address e.g. on its website, and then sender can obtain some unique one-time address from it). This could be useful for privacy-preserving commerce, private donations and crowdfunding campaigns etc.

A solution in Ergo can be based on non-interactive Diffie-Hellman key exchange again (like the non-interactive mixing). So a merchant, for example, is publishing its public key g^x corresponding to the secret x. Then the buyer with public key g^y obtains shared secret (g^x)^y = (g^y)^x , then the box created by the buyer could be protected by prove_dlog(g^xy for generator g^y). Unfortunately, Ergo does not have prove_dlog with a custom generator, but it can be bypassed via proveDHTuple(g^y, g^y, g^xy, g^xy) (a little bit weird trick but okay). To have one-time keys, buyer can use one-time secret g^r.

Then the stealth address application could be as follows: https://wallet.plutomonkey.com/p2s/?source=ewogIHZhbCBneSA9IFNFTEYuUjRbR3JvdXBFbGVtZW50XS5nZXQKICB2YWwgZ3h5ID0gU0VMRi5SNVtHcm91cEVsZW1lbnRdLmdldAoKICBwcm92ZURIVHVwbGUoZ3ksZ3ksZ3h5LGd4eSkKfQ== , so single address covering all the stealth transfers. However, the merchant needs to listen to all the payments to this address and to try to resolve every transfer (not so high load though)