According to the cryptonote white paper, a stealth address of the form P = H_s(rA)G + B. My question is, why is the hash function necessary? It seems that P=rA + B would work just as well. Using a hash function makes scanning the blockchain for your incoming tx's more difficult, since you have to perform a hash for every transaction on the blockchain.

Give two transactions sent to the same user, P_1-P_2=(r_1-r_2)A=a(R_1-R_2), but I don't see how that opens any attack vectors.

Am I missing something?