Published on: 2017-05-06T09:38:06+00:00
A discussion was initiated by Henning Kopp on the bitcoin-dev mailing list regarding the combination of Stealth addresses with Simplified Payment Verification (SPV). SPV is a mechanism where thin clients can put their public keys in a bloom filter and request Merkle proofs from full nodes for transactions related to those keys, ensuring privacy for the client. Stealth addresses, on the other hand, provide receiver privacy by allowing the sender to derive a one-time pubkey for the recipient to recover the payment.The goal of combining these two methods is to enable the use of stealth addresses on smartphones without compromising privacy. However, a challenge arises when checking if a transaction belongs to a specific pubkey (Q,R) because the full node needs the private scanning key d to verify the equation R' = R + H(dP)*G for each transaction. This requirement raises concerns as providing the private scanning key would link all transactions, undermining privacy.Several ideas were presented in the discussion to address this issue. One suggestion involved modifying the scheme to ensure that the private scanning key d is kept private. However, it was noted that there is no way to recompute d from the equation, making this solution insufficient. Another idea proposed was the use of multiparty computation, but it was deemed costly.The author also mentioned the possibility of search functionality without leaking the search pattern. However, this approach was considered unfeasible since the full node still needs to compute on the data it has found and retrieve the complete Merkle proofs.In conclusion, the author challenges the community to come up with better ideas for combining stealth addresses with SPV in order to achieve privacy on smartphones. It is clear that finding a solution that maintains anonymity while allowing for efficient transaction verification remains an ongoing challenge for the Bitcoin community.
Updated on: 2023-08-01T20:33:04.893080+00:00