Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E92DF258 for ; Thu, 22 Oct 2015 05:54:13 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from zinan.dashjr.org (zinan.dashjr.org [192.3.11.21]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 946A0103 for ; Thu, 22 Oct 2015 05:54:13 +0000 (UTC) Received: from ishibashi.localnet (unknown [IPv6:2001:470:5:265:61b6:56a6:b03d:28d6]) (Authenticated sender: luke-jr) by zinan.dashjr.org (Postfix) with ESMTPSA id 3241A38A46D1; Thu, 22 Oct 2015 05:54:01 +0000 (UTC) X-Hashcash: 1:25:151022:justus@openbitcoinprivacyproject.org::NcwrfARX02VUdkV9:3hBs X-Hashcash: 1:25:151022:bitcoin-dev@lists.linuxfoundation.org::wLRI8iMbKVqK9U0Q:9jIv To: Justus Ranvier , "Bitcoin Dev" From: Luke Dashjr Date: Thu, 22 Oct 2015 05:53:59 +0000 X-PGP-Key-Fingerprint: E463 A93F 5F31 17EE DE6C 7316 BD02 9424 21F4 889F X-PGP-Key-ID: BD02942421F4889F X-PGP-Keyserver: hkp://pgp.mit.edu MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201510220554.00367.luke@dashjr.org> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 22 Oct 2015 08:43:51 +0000 Subject: Re: [bitcoin-dev] [Bitcoin-development] Reusable payment codes X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Oct 2015 05:54:14 -0000 On Friday, April 24, 2015 8:00:46 PM Justus Ranvier wrote: > This link contains an RFC for a new type of Bitcoin address called a > "payment code" Sorry for the late review. I'm concerned with the "notification address" requirement, which entails address reuse and blockchain spam. Since it entails address reuse, the recipient is forced to either leave them unspent forever (bloating the UTXO set), or spend it which potentially compromises the private key, and (combined with the payment code) possibly as much as the entire wallet. Instead, I suggest making it a single zero-value OP_RETURN output with two pushes: 1) a hash of the recipient's payment code, and 2) the encrypted payment code. This can be searched with standard bloom filters, or indexed with whatever other optimised algorithms are desired. At the same time, it never uses any space in the UTXO set, and never needs to be spent/mixed/dusted. Luke