Author: David A. Harding 2022-10-02 22:48:21
Published on: 2022-10-02T22:48:21+00:00
On the Bitcoin-dev mailing list, Ruben Somsen proposed an alternative mitigation to prevent transaction replay attacks. He suggested requiring the sender to reveal their intended transaction to the server prior to receiving the address. This would not be a privacy degradation since the server could already learn this information regardless. If the transaction doesn't get sent, any subsequent attempt to reuse one of the inputs should either be temporarily blacklisted or responded to with the same address that was given out earlier.In response, Dave proposed an alternative method. Instead of maintaining a database of inputs that should be blocked or mapped to addresses, the spender should submit to the server a valid transaction paying a placeholder address and in return receive a guaranteed unique address. They can then broadcast a transaction using the same inputs to pay the guaranteed unique address. If the server doesn't see that transaction within a reasonable amount of time, it should broadcast the transaction paying the placeholder address. This makes it cost the same to them whether they use the unique address or not.Dave believes that his proposal is essentially the BIP78 payjoin protocol without any payjoining going on. BTCPay already implements BIP78, as do several wallets, and he thinks it satisfies all the design constraints described by Ruben.
Updated on: 2023-05-22T21:29:42.415730+00:00