The email provides an intricate discussion on the technical enhancements and security considerations for implementing silent payments within the Partially Signed Bitcoin Transaction (PSBT) framework.
It introduces the concept of using an "ECDH share" instead of direct access to private keys for the OutputGenerator
, a method aimed at enhancing security by potentially eliminating the need for the OutputGenerator
role. This approach, however, is highlighted as theoretically possible but not provably secure, indicating a cautious stance towards its implementation due to unverified security assurances and potential issues with signing devices responding to Diffie-Hellman requests.
A significant update mentioned in the email is the inclusion of the DLEQ (Discrete Logarithm Equality) proof in the draft Bitcoin Improvement Proposal (BIP), based on contributions from RubenSomsen's gist. This addition aims to enhance the proposal’s security and efficiency by integrating advanced cryptographic techniques, showcasing a commitment to maintaining high standards of security and reliability. The integration of peer-reviewed innovations such as the DLEQ proof is portrayed as a critical step forward in developing the BIP, emphasizing a focus on cryptographic rigor.
The email further discusses the practical aspects of implementing silent payments, including the need to make PSBT_OUT_SCRIPT optional to prevent older versions from mistakenly signing placeholder scriptpubkey for fee calculation. It addresses the necessity of ensuring transaction integrity by setting specific flags to false, thereby preventing changes to inputs and the addition of new silent payment outputs after their generation. This measure simplifies the transaction process and enhances security by dictating that outputs be generated only once, facilitating accurate fee calculations.
Moreover, the communication delves into the complexities of executing transactions involving silent payment addresses. It underscores the challenge of associating each shared_secret_tweak
with its corresponding input and spend key, essential for transactions directed towards different silent payment addresses. The potential of storing critical information about previous transactions in the PSBT format to distinguish between eligible and non-eligible prevouts is also examined, highlighting the intricacies involved in ensuring the proper execution and security of these transactions.
Lastly, the email outlines a basic workflow developed for a donation wallet and incorporated into WebAssembly experiments, describing it as foundational despite its limitations. It details the process of spending from silent payment outputs using a proprietary method where the spend private key is tweaked during the signing phase. For transactions towards silent payment addresses, a method involving the output proprietary field and placeholder scriptpubkey is discussed, demonstrating the approach's effectiveness while acknowledging room for optimization. The possibility of enhancing coinjoin wallets with silent payment features is suggested, raising concerns about security and the need for expert consultations on secp256k1 cryptography to comprehensively address these issues.
In summary, the discussion encapsulates the ongoing efforts and proposed methodologies for supporting the sending and spending of silent payment outputs in PSBTs. It reflects on both the current capabilities and future directions for improving privacy and security in cryptocurrency transactions, marking significant strides toward more private and secure transaction mechanisms.