Published on: 2014-01-24T09:17:33+00:00
In a discussion about the implementation of reusable payment addresses on the blockchain, concerns were raised regarding the length indicator of the payee's address. It was suggested that the address should have a 2-byte prefix and a 1-byte number of bits representing the fixed number of bits of the prefix. This way, the payer would know how much of the address should be taken verbatim and the rest would be replaced with random data. If the number of bits is zero, a random 2-byte prefix would be put into the OP_RETURN. However, there is a concern about broken implementations copying the prefix when the number of bits is zero, potentially identifying the payee. To prevent this, the number of bits in the address was suggested to be optional.Troy Benjegerdes raised concerns about mechanisms to keep coin flows private and who would bear the cost. Peter Todd responded that the exact encoding is still undetermined, but other encodings proposed are similar or even smaller in size than a standard transaction. However, Todd did not address Benjegerdes' concerns about cost and centralization.The sender pays the fees for putting extra data into the blockchain, which aims to improve privacy for static addresses. However, this mechanism may not be used as much due to increased fees. The concern was raised about complicated mechanisms for privacy and who pays for them. It was suggested that if Bitcoin's goal is to socialize the cost of privacy, launching a 'transparencycoin' with explicit address reuse could be an alternative. This would be more distributed and have lower transaction costs for those who prioritize cheap or free services over privacy.The author of the context believes that privacy in Bitcoin is a social engineering problem. They emphasize the importance of allowing users to choose how much privacy they want to trade for computation and bandwidth. The author predicts that network flow analysis incorporating privacy features could undermine the privacy benefits of CoinJoin. They question who is marketing privacy and how to validate privacy providers, as there may be scamprivacy providers driving down the market price of privacy. The author estimates that most users do not care about abstract privacy ideals but prioritized working payments and convenience.In an email conversation between Jeremy Spilman and Adam Back, the use of a second pubKey to scan for transactions without keeping private keys in memory was discussed. Back raised concerns about the cost of DH calculation per transaction, especially for full nodes. He also noted that multiple reusable addresses would require separate calculations, potentially creating a high load on centralized services. Back further explained that using a second pubKey with high elimination probability could affect everyone's privacy. To address this, a version of the prefix computed via brute-force was proposed. Spilman argued that hash grinding of the prefix should only be used if that's how transactions are being indexed, as it does not add privacy but adds unnecessary work.In another email exchange, Jeremy Spilman discussed the difficulty of choosing the number of bits in a prefix for Bitcoin transactions. He suggested that 0 or 1 bit may be sufficient for a single user node, while a central service may require 4 or 5 bits for scalability. However, the cost of each reusable address is only a small percentage of the full node cost, making computation less of an issue except for large centralized services. Spilman emphasized that the encoded prefix should always be of constant length in all reusable addresses, and if a particular prefix is not desired, random data can be chosen for the remaining space.The privacy properties of Simplified Payment Verification (SPV) nodes were discussed in an email thread among Bitcoin developers. While full-node use of SPV has unlinkable static addresses, it poses problems for SPV nodes in finding payments directly. A workaround involving a second address and DH calculation per transaction was proposed, but it is costly for full nodes. Unlinkable static addresses were seen as having nice properties for full-node use and could help address the issue of address reuse. There was some debate over what to call these addresses, with "static address" suggested as a suitable name. The use of static addresses could also help prevent paying the wrong person by allowing users to verify ownership. Payment protocols were mentioned as another option for certifying addresses, but some argued for simpler address-level verification.Overall, there are ongoing discussions about the implementation of reusable payment addresses, concerns about privacy mechanisms and their cost, and the use of unlinkable static addresses for improved privacy in Bitcoin transactions.
Updated on: 2023-08-01T07:16:36.140402+00:00