Published on: 2023-06-12T19:28:47+00:00
In an email thread, a discussion is taking place regarding a proof of concept for using nostr npub and relays for payjoin. The method of using SIGHASH_NONE is explained, where there is no change in the transaction and the sender wants to spend the entire UTXO for the payment. However, this allows the receiver to have control over the funds and anyone who sees the final broadcasted transaction can extract the sender's input for any purpose.The use of specific SIGHASH flags can be ignored by developers, as they can use other flags or the default option. It is mentioned that there are no incentives for the sender or recipient to use RBF (Replace-by-Fee) and double spend in a payjoin transaction. To secure all outputs, it is suggested to use SIGHASH_ALL by the recipient, based on the understanding of SIGHASH flags and a blog post by Raghav Sood. However, it is pointed out that this method is still vulnerable, as mentioned in a tweet thread by Symphonicbtc.Furthermore, the email suggests disabling the ability to use mainnet coins directly in the code, emphasizing that it is highly irresponsible to post in this state. It is also warned that this proof of concept is not a proper implementation of a payjoin, even in a theoretical scenario, as it is easy to discern which inputs belong to the sender and receiver respectively in the final transaction.In another development, a Bitcoin developer has shared a proof of concept for payjoin (p2ep) that eliminates the need for a personal server, addressing concerns about its adoption. Unlike the stowaway method used by samourai, the developer's proposal only requires common nostr relays between the sender and recipient. The repository for this proof of concept can be found on GitLab, and a demo video showcasing the concept is available on YouTube.
Updated on: 2023-08-02T09:36:53.020411+00:00