Author: Peter Todd 2014-01-14 12:10:51
Published on: 2014-01-14T12:10:51+00:00
In an email exchange between developers discussing stealth addresses, Jeremy Spilman suggests adding a prefix to the OP_RETURN TxOut for the index on scriptPubKey or where there is an index on H(scriptPubKey) and requires grinding with a nonce. The agreed method of communication for the prefix is in the address string. However, Peter Todd warns that this method poses a privacy risk since it suggests how long the prefix was in the original stealth address. He recommends writing code such that grinding routines start at a random nonce, and nonces of any length are accepted. They also discuss the hashing algorithm to target for grinding and suggest using SHA256^2 or shorter 20-byte HASH160. Regarding symmetric encryption of P in the OP_RETURN TxOut using a key H(Q), Gregory Maxwell points out that it could lead to a much-reduced anonymity set because someone could trial decrypt the encrypted P and check if it was a valid pubkey. Therefore, they decided to drop the idea unless a professional cryptographer wants to take it on. Spilman brings up the point that payer should hold onto their ephemeral privKey 'e' corresponding to pubKey P if they need to later prove the payment was actually sent to Q. It can even be used to disambiguate/prove payments with Timo Hanke's pay-to-contract ideas by deriving it from some root and a contract hash.Finally, Spilman asks Todd to review his Gist and sample Test-Net TXs he sent out earlier to ensure that they are on track.
Updated on: 2023-06-07T23:41:49.504399+00:00