I found in Project Stella Phase 4 Report (A CBDC research project launched by European Central Bank and Bank of Japan) that Diem uses one-time address mechanism to protect data privacy.
How does this implement? In Diem there is a way to rotate the authentication key of an account. Is this actually the case?