Published on: 2023-08-13T12:50:32+00:00
The email discusses the adoption of a DH cryptosystem in the BIP 21 for Serverless Payjoin. It mentions the progress made in developing reference libraries and the use of URs in JavaScript wallets. Dave raises concerns about the security of posting payment URIs publicly, which could lead to session hijacking and modification of transactions. The suggestion is made to use Blockchain Commons UR as an elegant solution. The draft BIP is updated with suggestions for DH over symmetric crypto and encoding public keys directly in the `pj=` endpoint. The draft is posted on the BIPs repository. Concerns about timing correlation and metadata intersection in transactions are mentioned, and random padding is suggested to mitigate this issue. The email also suggests considering Diffie-Hellman key exchange and using anonymized network connections like Tor to address potential attack vectors. An update is provided on the progress of the Serverless Payjoin idea, including the specification of Payjoin version 2. Two proof of concept payjoin implementations using symmetric cryptography and asynchronous messaging are mentioned. The proposal aims to improve privacy in bitcoin transactions and increase transaction throughput. Details are provided on the protocol, messaging protocols, interactions with the Payjoin Relay, receiver enrollment, sender interactions, and fallback PSBT requests. The proposal discusses the implementation of BIP 78 and introduces PSBT Version 2. References to existing implementations and acknowledgments are included.
Updated on: 2023-08-14T01:52:59.170301+00:00