Author: Tier Nolan 2016-08-11 15:13:19
Published on: 2016-08-11T15:13:19+00:00
In a Bitcoin Development Group email thread, Erik Aronesty asked about whether there is any BIP for a public seed that allows someone to generate new random addresses but cannot easily verify if an address was derived from the seed. In response, it was explained that if a recipient can work out the private key by multiplying their master private key by k and k is non-random, then everyone else can figure it out. Thus, a way to get k to the recipient without others figuring it out is needed. One solution mentioned is to use a shared secret, with information about the shared secret included in the scriptPubKey or an OP_RETURN. The master public key would indicate the address and the transaction would contain k*G. Both sides could compute the shared secret, which adds 34 bytes to the scriptPubKey. However, this method is relatively heavy for scanning for transactions sent to you, requiring checking every transaction output to see if it matches the given template, an ECC multiply to compute the shared secret, an ECC addition, and a hash to determine if it matches the public key hash in the output. This process requires approximately one ECC multiply per output and similar CPU load to verifying a block.
Updated on: 2023-06-11T19:31:08.329849+00:00