Author: Gregory Maxwell 2015-04-24 20:58:39
Published on: 2015-04-24T20:58:39+00:00
Justus Ranvier has developed a new type of Bitcoin address called a "payment code" that serves as an alternative to DarkWallet-style stealth addresses. Payment codes are SPV-friendly and offer features such as identifying senders to recipients and automatically providing for transaction refunds. However, this method requires making dust payments to a constantly reused address which would almost completely undermine the privacy it hoped to provide. Additionally, it would double the data sent for one-time anonymous donations. Alice selects the first exposed public key of the first input of the transaction which creates strong binding we should avoid in the network. This kind of binding was intentionally designed out of the stealth address proposal. The scheme can be made to work without any increase in size by reusing the payment code as the ephemeral public key or using the shared secret as the chain code. SPV wallets do not need to have access to the public keys being spent by a particular transaction they learn about. The uncompressed DER format is fundamentally more expensive to compute and incompatible with multisignature. The scheme establishes a shared chain once and then doesn't need to reestablish which was one of the improvements for the stealth address. However, there isn't any thought given to solving the scanning privacy without forcing non-private pure-overhead messaging transactions on heavily reused addresses.
Updated on: 2023-05-19T20:03:43.658724+00:00