Author: Peter Todd 2014-01-13 21:27:52
Published on: 2014-01-13T21:27:52+00:00
In an email exchange from 2014, Alan Reiner and Peter Todd discussed the use of stealth addresses as a potential solution to a use case involving long-term Bitcoin addresses. Reiner questioned the feasibility of anything that requires O(N) EC multiply operations/sec, where N is the total volume of transactions moving over the network. Todd argued that the cost to find all stealth-address-using payments to a recipient isn't O(n) transaction volume, but rather O(n) anonymity set size. He also suggested that if the prefix needs to be against H(scriptPubKey) rather than scriptPubKey directly, the sender needs to grind the OP_RETURN output at 2^len(prefix) cost. Fortunately, that grinding can be done with hash operations rather than ECC, making it plausible to compute even 32-bit hash collisions eventually.
Updated on: 2023-06-07T23:41:11.712821+00:00