i like the 00 || X_spend || X_scan + mandate address reuse prevention.
might as well start with something strict
easy to loosen it later - if needed - harder to tighten it later because of
back-compatibility with addresses in-use
On Tue, May 24, 2022 at 11:02 AM alicexbt via bitcoin-dev <
bitc
Hi woltx,
Thanks for implementing silent payments in Bitcoin Core. I tried the steps
shared in tutorial and everything works as expected.
I have updated the silent payment address (signet) as TXT record for domain
alice.silentbitco.in
$ dig -t txt alice.silentbitco.in +short
"tb1px3kma8e8y8z9l
I created a short and simple tutorial on how to make silent payments on signet.
https://gist.github.com/w0xlt/72390ded95dd797594f80baba5d2e6ee
In this tutorial, the user will generate an address, publish it, receive and
spend coins from it and still no transactions are shown from this address in a
Hi Billy,
>i*X*G
I believe you understand this now, but just to be clear, it's not possible
to multiply a point by another point. At best you can take the x coordinate
of i*X and multiply that by G.
>all this assumes that a modulus operator is defined for elliptic curve
points in a way that make
Hi Ruben,
After sending that last night, I realized the solution I had to
deprivatizing the sender wouldn't work because it had the same problem of
even divisibility in modulo N. And my math was incomplete I think. Also
Marco D'Agostini pointed out other errors. And all this assumes that a
modulus
> the sender can get in trouble too if they send money
Good point.
> how well this can be optimized without resorting to reducing anonymity
Complete shot in the dark, but I wonder if something akin to compact block
filters could be done to support this case. If, for example, the tweaked
key wer
Hi Billy,
Thanks for taking a look.
>Maybe it would have been more accurate to say no *extra* on chain overhead
I can see how it can be misinterpreted. I updated the gist to be more
specific.
>primary benefit of this is privacy for the recipient
Fair, but just wanted to note the sender can get
Hi Ruben,
Very interesting protocol. This reminds me of how monero stealth addresses
work, which gives monero the same downsides regarding light clients (among
other things). I was a bit confused by the following:
> without requiring any interaction or on-chain overhead
After reading through, I
Hi all,
I'm publishing a new scheme for private non-interactive address generation
without on-chain overhead. It has upsides as well as downsides, so I
suspect the main discussion will revolve around whether this is worth
pursuing or not. There is a list of open questions at the end.
I added the
