Author: rhavar at protonmail.com 2019-01-30 02:46:47
Published on: 2019-01-30T02:46:47+00:00
In an email discussion on January 29, 2019, James MacWhyte expressed his opinion that the current Bustapay spec, which requires the recipient to sign a transaction before sending it to the sender, doesn't need to be complicated. MacWhyte argued that signing a transaction is something a wallet needs to do anyway and that signed transactions are simpler because they are more standard and easier to validate. He also pointed out that the proposed anti-spy feature, which requires the sender to sign the final transaction after seeing the recipient's inputs and outputs, isn't effective against a DOS attack and could be easily bypassed by double-spending the template transaction before it's propagated. However, he acknowledged that this attack would be costly and unlikely to be abused.MacWhyte suggested that the protocol should be kept as simple as possible to avoid complicating the job for the receiver. He warned that dropping the signing requirement in the first step would introduce transaction malleability issues and make tracking the transaction by txid confusing, but acknowledged that it might be necessary to enforce increased privacy for the sender. However, he argued that this shouldn't come at the expense of protection for the receiver. Without some basic protection, every company that takes Bustapayments will be constantly attacked by a simple costless wget that leaks their wallet utxos.MacWhyte concluded that the only viable way to use Bustapay with increased privacy would be for the sender to pay the first part of their invoice in lightning and then pay the rest with a Bustapay. This would ensure that the anti-spy feature works since the first part of the invoice was already paid. However, he admitted that this approach has too many moving parts and would be difficult to implement.
Updated on: 2023-06-13T14:25:13.497002+00:00