What is exactly user B's stealth address? Is it his public key?
In the simplest stealth address scheme, yes. The exact encoding depends on the implementation; DarkWallet's is described in their wiki.
how can I multiply this coordinate with PublicB since both of them are points?
Correct, S = PrivA * PublicB = PrivB * PublicA is a point. We want an integral shared secret. ECDH tells you to use the x coordinate of S as the shared secret, but in Bitcoin it's done differently. Instead int(sha256(compress(S))) is used:
- serialize S in compressed form as per SEC 1's Elliptic-Curve-Point-to-Octet-String Conversion
- take its SHA-256 digest
- interpret the result as a 256-bit big-endian integer
This integer, c, is then used by A to calculate a public key PublicB + c*G to which A spends, and by B to calculate its private key (PrivB + c) * G from which B can redeem (where G is the base point generator).
Note that there's a problem with this "simplest" scheme. The only way that B's wallet software can see if a UTXO is redeemable by B (to keep track of the wallet's balance) is by doing the math above, which requires PrivB. In other words, it makes watching-only wallets impossible (and cold wallets impractical).
One solution to this is to use one PublicB/PrivB pair for ECDH, but a different PublicB2/PrivB2 pair for deriving the spend/redeem keys. Now you can keep PrivB in your watching-only wallet, and PrivB2 in your cold wallet. On the down side, B's stealth address is now twice as long, containing both PublicB and PublicB2.
