Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W5Scm-0006gH-6u for bitcoin-development@lists.sourceforge.net; Tue, 21 Jan 2014 04:07:40 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of taplink.co designates 50.117.27.232 as permitted sender) client-ip=50.117.27.232; envelope-from=jeremy@taplink.co; helo=mail.taplink.co; Received: from mail.taplink.co ([50.117.27.232]) by sog-mx-4.v43.ch3.sourceforge.com with smtp (Exim 4.76) id 1W5Scl-0007Vo-9z for bitcoin-development@lists.sourceforge.net; Tue, 21 Jan 2014 04:07:40 +0000 Received: from laptop-air ([192.168.168.135]) by mail.taplink.co ; Mon, 20 Jan 2014 20:12:06 -0800 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: "Gregory Maxwell" References: <20140113133746.GI38964@giles.gnomon.org.uk> <20140114225321.GT38964@giles.gnomon.org.uk> <20140115230901.GA25135@netbook.cypherspace.org> Date: Mon, 20 Jan 2014 20:00:05 -0800 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Jeremy Spilman" Organization: TapLink Message-ID: In-Reply-To: User-Agent: Opera Mail/1.0 (Win32) oclient: 192.168.168.135#jeremy@taplink.co#465 X-Spam-Score: -2.2 (--) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record -0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1W5Scl-0007Vo-9z Cc: "bitcoin-development@lists.sourceforge.net" Subject: Re: [Bitcoin-development] unlinakble static address? & spv-privacy (Re: Stealth Addresses) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2014 04:07:40 -0000 On Wed, 15 Jan 2014 17:32:31 -0800, Gregory Maxwell wrote: > I'd point out that regardless of how long the desired prefix is, the > encoded prefix should probably always be constant length in all > reusable addresses. I might be misunderstanding, but I think prefix length must be specified in the reusable address, however I agree the prefix actually published to the blockchain should be constant length. > If you don't want a particular prefix then the > sender should just pick random data for the rest of the space. There > is no need to publish any additional distinguishing data in the form > of how long the prefix is. Let's say the payee's reusable address is ' ...', where is 2 bytes. Without any length indicator. What's the payer going to put on the blockchain? How would they know what the 'rest of the space' is? They would have to put the whole verbatim into the OP_RETURN without knowing how many bits of the payee actually wants to see there. If instead, the address is ' ...' where is 2 bytes, and is 1 byte, representing number of bits of prefix that should be fixed. Then payer will know how much of from the address should be taken verbatim, and the rest of the two bytes would be replaced with random data, and exactly two bytes would be put in the OP_RETURN. If was zero, the 2 byte prefix in the reusable address must be ignored, and an entirely random 2 byte prefix would be put into the OP_RETURN. I'm a bit worried about broken implementations copying the from the reusable address into OP_RETURN when is 0, and ending up basically identifying the payee. That's the only reason I can think of to make ' ' optional in the reusable address, to prevent the opportunity to screw it up. You would *still* put a 2-byte random prefix in the OP_RETURN, even if the fields weren't in the address at all. It's just a minor concern though.