Author: Ruben Somsen 2022-03-31 10:48:41
Published on: 2022-03-31T10:48:41+00:00
Ruben Somsen has proposed a new scheme called private non-interactive address generation for Bitcoin transactions without on-chain overhead. The recipient generates a silent payment address and makes it publicly known, while the sender uses a public key from one of their chosen inputs to derive a shared secret that is used to tweak the silent payment address. The recipient detects the payment by scanning every transaction in the blockchain. The main downsides of this scheme are the scanning requirement, the lack of light client support, and the requirement to control your own input(s). Ruben suggests forgoing detection of historic transactions and limiting the protocol to only scanning the current balance, which may be faster. He also discusses potential trade-offs, such as reducing the anonymity set, and notes that the impact on anonymity is quite severe, even if a single bit is leaked and the anonymity set is cut in half. In a recent article, a proposed new protocol for Bitcoin transactions called Silent Payments is discussed. The protocol provides fresh address generation and compatibility with one-time seed backups. It offers a unique benefit of every address being automatically unique, eliminating the need for BIP32 HD keys and dealing with gap limits. However, the protocol requires scanning the entire Unspent Transaction Output (UTXO) set, which currently has 80 million entries, making it difficult to support light clients. Several tweaks to the protocol are proposed, such as using all inputs or adding a scanning key to separate detecting and spending payments. It also discusses the prevention of input linkage by utilizing blinding schemes. However, this scheme assumes that the sender controls at least one input in the transaction, creating limitations in terms of full privacy. The article compares Silent Payments with other protocols such as Payment Code Sharing, Xpub Sharing, and Regular Address Sharing, concluding that Silent Payments offer better privacy but come with added complexity. During a review of the Taproot BIP on January 23, 2020, David Wagner's Blind Diffie-Hellman Key Exchange was discussed on the Bitcoin-dev mailing list. The discussion provides a link to Wagner's explanation of the key exchange through a Gist on GitHub.
Updated on: 2023-06-15T18:25:03.963376+00:00