Hi /dev/fd0 I haven't accessed ML for a while.
1) All inputs being used sounds good although I do not understand how it would benefit coinjoin. Using all inputs, it becomes possible to use SP addresses in coinjoins as long as all participants agree. More information: https://gist.github.com/RubenSomsen/c43b79517e7cb701ebf77eec6dbb46b8#variant-using-all-inputs 2) Not sure about the concerns expressed by Andrew Poelstra in the pull request related to rogue-key attacks. I think Andrew Poelstra is referring to a multi-party scheme. This is not the case with the Silent Payments scheme, which only relies on transaction data, which is publicly available on the blockchain. 3) I could not understand the warning in the output for `getsilentaddress` RPC when used with a label. This warning was suggested by Aurèle Oulès in https://github.com/bitcoin/bitcoin/pull/24897#issuecomment-1276160738 and the reason was a discussion in PR about users thinking that each address would come from a different key and not the same key. Sent with Proton Mail secure email. ------- Original Message ------- On Wednesday, October 12th, 2022 at 6:04 AM, alicexbt <alice...@protonmail.com> wrote: > Hi woltx, > > Thanks for working on silent payments improving it in each version. > > 1) All inputs being used sounds good although I do not understand how it > would benefit coinjoin. > 2) New RPC command name is better. > > > I opened a new PR (#1143) to add a function to convert from x-only to > > compressed public key with even y. > > > Not sure about the concerns expressed by Andrew Poelstra in the pull request > related to rogue-key attacks. > > > Tutorial updated: > > https://gist.github.com/w0xlt/c81277ae8677b6c0d3dd073893210875 > > "warnings": "This address is not a new identity. It is a re-use of an > > existing identity with a different label." > > > I could not understand the warning in the output for `getsilentaddress` RPC > when used with a label. > > /dev/fd0 > > Sent with Proton Mail secure email. > > > ------- Original Message ------- > On Tuesday, October 11th, 2022 at 12:32 PM, woltx via bitcoin-dev > bitcoin-dev@lists.linuxfoundation.org wrote: > > > > > Silent Payment v4 (coinjoin support added) > > Changes: > > > > . Silent payments now use all inputs to create transactions. Previously, > > they only used the first input. This change increases privacy and makes > > silent payments compatible with coinjoin. > > > > . `getspaddress` RPC renamed to `getsilentaddress` for clarity > > > > . Added support for silent payment in PSBT via `walletcreatefundedpsbt` RPC. > > > > . Added a new index scheme (which stores the sum of input public keys for > > each transaction). The previous index > > `bitcoin/signet/indexes/silentpaymentindex` should be removed as it is no > > longer compatible with this new version. > > > > For reviewers: > > > > Now, silent payments use the scheme `hash(i1*X + i2*X + i3*X + ...)*G + X > > == hash(x*(I1+I2+I3+...))*G + X`, as described here: > > https://gist.github.com/RubenSomsen/c43b79517e7cb701ebf77eec6dbb46b8#variant-using-all-inputs > > > > As inputs can be Taproot, this introduced a new issue as > > `bitcoin-core/secp256k1` does not support x-only public key sum (perhaps > > due to missing prefix byte). > > > > I opened a new PR (#1143) to add a function to convert from x-only to > > compressed public key with even y. This is the solution being used by the > > current silent payment implementation. > > > > Tutorial updated: > > https://gist.github.com/w0xlt/c81277ae8677b6c0d3dd073893210875 _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
