woltx [ARCHIVE] on Nostr: đź“… Original date posted:2022-10-23 đź“ť Original message:Hi /dev/fd0 I haven't ...
đź“… Original date posted:2022-10-23
đź“ť Original message:Hi /dev/fd0
I haven't accessed ML for a while.
1) All inputs being used sounds good although I do not understand how it would benefit coinjoin.
Using all inputs, it becomes possible to use SP addresses in coinjoins as long as all participants agree.
More information:
https://gist.github.com/RubenSomsen/c43b79517e7cb701ebf77eec6dbb46b8#variant-using-all-inputs
2) Not sure about the concerns expressed by Andrew Poelstra in the pull request related to rogue-key attacks.
I think Andrew Poelstra is referring to a multi-party scheme.
This is not the case with the Silent Payments scheme, which only relies on transaction data, which is publicly available on the blockchain.
3) I could not understand the warning in the output for `getsilentaddress` RPC when used with a label.
This warning was suggested by Aurèle Oulès in https://github.com/bitcoin/bitcoin/pull/24897#issuecomment-1276160738 and the reason was a discussion in PR about users thinking that each address would come from a different key and not the same key.
Sent with Proton Mail secure email.
------- Original Message -------
On Wednesday, October 12th, 2022 at 6:04 AM, alicexbt <alicexbt at protonmail.com> wrote:
> Hi woltx,
>
> Thanks for working on silent payments improving it in each version.
>
> 1) All inputs being used sounds good although I do not understand how it would benefit coinjoin.
> 2) New RPC command name is better.
>
> > I opened a new PR (#1143) to add a function to convert from x-only to compressed public key with even y.
>
>
> Not sure about the concerns expressed by Andrew Poelstra in the pull request related to rogue-key attacks.
>
> > Tutorial updated: https://gist.github.com/w0xlt/c81277ae8677b6c0d3dd073893210875
> > "warnings": "This address is not a new identity. It is a re-use of an existing identity with a different label."
>
>
> I could not understand the warning in the output for `getsilentaddress` RPC when used with a label.
>
> /dev/fd0
>
> Sent with Proton Mail secure email.
>
>
> ------- Original Message -------
> On Tuesday, October 11th, 2022 at 12:32 PM, woltx via bitcoin-dev bitcoin-dev at lists.linuxfoundation.org wrote:
>
>
>
> > Silent Payment v4 (coinjoin support added)
> > Changes:
> >
> > . Silent payments now use all inputs to create transactions. Previously, they only used the first input. This change increases privacy and makes silent payments compatible with coinjoin.
> >
> > . `getspaddress` RPC renamed to `getsilentaddress` for clarity
> >
> > . Added support for silent payment in PSBT via `walletcreatefundedpsbt` RPC.
> >
> > . Added a new index scheme (which stores the sum of input public keys for each transaction). The previous index `bitcoin/signet/indexes/silentpaymentindex` should be removed as it is no longer compatible with this new version.
> >
> > For reviewers:
> >
> > Now, silent payments use the scheme `hash(i1*X + i2*X + i3*X + ...)*G + X == hash(x*(I1+I2+I3+...))*G + X`, as described here: https://gist.github.com/RubenSomsen/c43b79517e7cb701ebf77eec6dbb46b8#variant-using-all-inputs
> >
> > As inputs can be Taproot, this introduced a new issue as `bitcoin-core/secp256k1` does not support x-only public key sum (perhaps due to missing prefix byte).
> >
> > I opened a new PR (#1143) to add a function to convert from x-only to compressed public key with even y. This is the solution being used by the current silent payment implementation.
> >
> > Tutorial updated: https://gist.github.com/w0xlt/c81277ae8677b6c0d3dd073893210875
đź“ť Original message:Hi /dev/fd0
I haven't accessed ML for a while.
1) All inputs being used sounds good although I do not understand how it would benefit coinjoin.
Using all inputs, it becomes possible to use SP addresses in coinjoins as long as all participants agree.
More information:
https://gist.github.com/RubenSomsen/c43b79517e7cb701ebf77eec6dbb46b8#variant-using-all-inputs
2) Not sure about the concerns expressed by Andrew Poelstra in the pull request related to rogue-key attacks.
I think Andrew Poelstra is referring to a multi-party scheme.
This is not the case with the Silent Payments scheme, which only relies on transaction data, which is publicly available on the blockchain.
3) I could not understand the warning in the output for `getsilentaddress` RPC when used with a label.
This warning was suggested by Aurèle Oulès in https://github.com/bitcoin/bitcoin/pull/24897#issuecomment-1276160738 and the reason was a discussion in PR about users thinking that each address would come from a different key and not the same key.
Sent with Proton Mail secure email.
------- Original Message -------
On Wednesday, October 12th, 2022 at 6:04 AM, alicexbt <alicexbt at protonmail.com> wrote:
> Hi woltx,
>
> Thanks for working on silent payments improving it in each version.
>
> 1) All inputs being used sounds good although I do not understand how it would benefit coinjoin.
> 2) New RPC command name is better.
>
> > I opened a new PR (#1143) to add a function to convert from x-only to compressed public key with even y.
>
>
> Not sure about the concerns expressed by Andrew Poelstra in the pull request related to rogue-key attacks.
>
> > Tutorial updated: https://gist.github.com/w0xlt/c81277ae8677b6c0d3dd073893210875
> > "warnings": "This address is not a new identity. It is a re-use of an existing identity with a different label."
>
>
> I could not understand the warning in the output for `getsilentaddress` RPC when used with a label.
>
> /dev/fd0
>
> Sent with Proton Mail secure email.
>
>
> ------- Original Message -------
> On Tuesday, October 11th, 2022 at 12:32 PM, woltx via bitcoin-dev bitcoin-dev at lists.linuxfoundation.org wrote:
>
>
>
> > Silent Payment v4 (coinjoin support added)
> > Changes:
> >
> > . Silent payments now use all inputs to create transactions. Previously, they only used the first input. This change increases privacy and makes silent payments compatible with coinjoin.
> >
> > . `getspaddress` RPC renamed to `getsilentaddress` for clarity
> >
> > . Added support for silent payment in PSBT via `walletcreatefundedpsbt` RPC.
> >
> > . Added a new index scheme (which stores the sum of input public keys for each transaction). The previous index `bitcoin/signet/indexes/silentpaymentindex` should be removed as it is no longer compatible with this new version.
> >
> > For reviewers:
> >
> > Now, silent payments use the scheme `hash(i1*X + i2*X + i3*X + ...)*G + X == hash(x*(I1+I2+I3+...))*G + X`, as described here: https://gist.github.com/RubenSomsen/c43b79517e7cb701ebf77eec6dbb46b8#variant-using-all-inputs
> >
> > As inputs can be Taproot, this introduced a new issue as `bitcoin-core/secp256k1` does not support x-only public key sum (perhaps due to missing prefix byte).
> >
> > I opened a new PR (#1143) to add a function to convert from x-only to compressed public key with even y. This is the solution being used by the current silent payment implementation.
> >
> > Tutorial updated: https://gist.github.com/w0xlt/c81277ae8677b6c0d3dd073893210875