Published on: 2022-05-25T13:13:05+00:00
Ruben Somsen has proposed a new scheme called Silent Payments for private non-interactive address generation without on-chain overhead. In this scheme, the recipient generates a silent payment address and makes it publicly known, while the sender uses a public key from one of their chosen inputs to derive a shared secret that is used to tweak the silent payment address. This approach avoids using the Bitcoin blockchain as a messaging layer and requires no interaction between the sender and recipient, other than knowing the silent payment address.However, there are some downsides to this scheme. One limitation is the scanning requirement, which may not be suitable for light clients. Additionally, the scheme requires the sender to have control over their own input(s). Silent payments aim to prevent input linkage in Bitcoin transactions, which is important for privacy preservation, but it can introduce weaknesses such as revealing the intended recipient to other coinjoin users. To address this weakness, the proposal includes a blinding scheme to hide the silent payment address from other participants.The article compares Silent Payments with other protocols that offer similar functionality. Payment Code Sharing involves sending an OP_RETURN message on-chain to establish a shared secret prior to making payments. Xpub Sharing involves handing out an xpub instead of an address upon first payment to enable repeat payments. Regular Address Sharing requires interaction for every single payment, whereas Silent Payments do not.The proposed scheme of Silent Payments aims to provide a solution for private transactions by allowing fresh address generation, compatibility with one-time seed backups, and improved privacy. However, it still faces challenges such as the scanning requirement and lack of light client support. There are open questions regarding the implementation of Silent Payments, including the speed of required database lookups, support for light clients, preferred input tweaking, potential security issues in the proposed cryptography, and whether the added complexity of the scheme is worth it.One side-benefit of Silent Payments is that BIP32 HD keys won't be needed for address generation since every address will automatically be unique. Overall, Silent Payments have not been seriously considered before and may be reasonably viable, especially if the focus is on detecting only unspent payments by scanning the UTXO set. The article recommends reading the gist for improved formatting and potential future edits.In a separate discussion on the Bitcoin-dev mailing list, David Wagner's Blind Diffie-Hellman Key Exchange is mentioned in relation to the review of the Taproot BIP. The discussion provides a link to Wagner's explanation of the key exchange through a Gist on GitHub.The bitcoin-dev mailing list serves as a platform for further discussion and collaboration on Bitcoin development. The article acknowledges the help of others in the development of these protocols and provides references to related articles and schemes for further reading.
Updated on: 2023-08-02T05:56:55.480642+00:00