It should be possible to check to see if a message isForMe with only the
scanKeypair, and not the payloadKeypair. There was a bug where only the
scanKeypair was being used to produce the receiveKeypair, but this was a
mistake. Both the scanPubkey and payloadPubkey should be necessary to produce
the receivePubkey, and both the scanPrivkey and payloadPrivkey should be
necessary to produce the receivePrivkey. If an online computer has only the
public keys of both (and the scanPrivkey), then that is good enough to check
for isForMe.
This code should be regarded as being a proof-of-concept, and needs more review
before being used in production code. At least one thing is guaranteed to
change, and that is the format of a stealth address.
"Keypair" is a more explanatory name, and also should be less confused with
other kinds of keys (particularly "cipher keys", which are the keys used in
symmetric block ciphers, especially AES).
This is more explanatory ("symmetric encryption") and also does not encourage
its use for people who don't know what they're doing. (It should only be used
in combination with some type of message authentication.)
This is a standard algorithm for the purposes of padding a block for a block
cipher. It will be used in CBC, which in turned will be used with AES for
ECIES.