1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
Return-Path: <pete@petertodd.org>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 1315EC0032
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 4 Aug 2023 17:39:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id ED3996109B
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 4 Aug 2023 17:39:10 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org ED3996109B
Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key,
unprotected) header.d=messagingengine.com header.i=@messagingengine.com
header.a=rsa-sha256 header.s=fm3 header.b=EONdZ48G
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -0.701
X-Spam-Level:
X-Spam-Status: No, score=-0.701 tagged_above=-999 required=5
tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001,
RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id AnfrYp9rfhWW
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 4 Aug 2023 17:39:09 +0000 (UTC)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
[66.111.4.28])
by smtp3.osuosl.org (Postfix) with ESMTPS id 33C1061371
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 4 Aug 2023 17:39:09 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 33C1061371
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
by mailout.nyi.internal (Postfix) with ESMTP id 244085C0068
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 4 Aug 2023 13:39:07 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
by compute5.internal (MEProxy); Fri, 04 Aug 2023 13:39:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-type:content-type:date:date
:feedback-id:feedback-id:from:from:in-reply-to:message-id
:mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy
:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=
1691170747; x=1691257147; bh=wov3r/TBgcd0M8Tt/a9rTZaQVjV81RNsbrn
0pbfDzp8=; b=EONdZ48GpbNLKBpPc/WabvW3oOm+OFksOLlDGXRBjZtxT6PSM72
rwQ4Ve0Rq2jy2llnVw0FZ5PqMNF65t6eTd+lm5gNCZjLECNARKoEphQcLMGU4Qi6
feH84cvJo8ckKWsEg3fX/k8T+vEmv3rOECySoW6t4Mct/4Wai22qPXH7vvB6FIgR
FEubNVNVXrCNJcmLIV7JCeTPBY1SoIcZkJy7c4QRenK6dnF69VigRnzqdzBPRTQD
LGjwuZ8GAC3pStvenqyan0kBj+JBwcU4139sDQ4a8XmeOE8ud8V9MKJyu0znDRiL
xHuQmRV3sVhQiNd5Q+jsVRztbkIMCHVztOA==
X-ME-Sender: <xms:ujfNZOCAGqUDcP3xueXLIZHJNr_sTKgwef8cxP3Y1lm0FLh949MxSg>
<xme:ujfNZIg7iHL1wFG75fySHXvu4DV-LCeqFrAEMB-8-HSuxDd7za2z4GSQyF7_fyVvI
lYk69_bcHFaaqRkJ9o>
X-ME-Received: <xmr:ujfNZBnhPfIVgwWnIFZv5X40yQYx1GOukA4_PVdLXb6-1FQfYsUN-QulMQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrkeeggdduudegucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkgggtugesghdtreertd
dtvdenucfhrhhomheprfgvthgvrhcuvfhougguuceophgvthgvsehpvghtvghrthhouggu
rdhorhhgqeenucggtffrrghtthgvrhhnpefhteevgeeuvdekheeivdeffeduuedufefhte
elheffgfelueefieffjeefffeuleenucffohhmrghinhepphgvthgvrhhtohguugdrohhr
ghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvg
htvgesphgvthgvrhhtohguugdrohhrgh
X-ME-Proxy: <xmx:ujfNZMy5hDJR3597zmnN92dIO6acvLYr2AERl6cvK1QAXxvpNZblFg>
<xmx:ujfNZDQoxC3FSP0DBKONY1U983nUdBlYmLBHY9D4UUQvoIfhTEcgSA>
<xmx:ujfNZHZyemGZbVGdpPwvprrbFTwu04Ki9BT_scHKKvATk3Ppq2QFlw>
<xmx:uzfNZOeHkJO8UcgyZYN0p9XDRSHxi71RVAm5fd1Lyrzsioj2lvRKRw>
Feedback-ID: i525146e8:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
<bitcoin-dev@lists.linuxfoundation.org>; Fri,
4 Aug 2023 13:39:06 -0400 (EDT)
Received: by localhost (Postfix, from userid 1000)
id 6A6BF5F851; Fri, 4 Aug 2023 17:39:03 +0000 (UTC)
Date: Fri, 4 Aug 2023 17:39:03 +0000
From: Peter Todd <pete@petertodd.org>
To: bitcoin-dev@lists.linuxfoundation.org
Message-ID: <ZM03twumu88V2NFH@petertodd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="SB8PAdHnrhigqCwh"
Content-Disposition: inline
Subject: [bitcoin-dev] BIP-352 Silent Payments addresses should have an
expiration time
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Aug 2023 17:39:11 -0000
--SB8PAdHnrhigqCwh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
tl;dr: Wallets don't last forever. They are often compromised or lost. When
this happens, the addresses generated from those wallets become a form of t=
oxic
data: funds sent to those addresses can be easily lost forever.
All Bitcoin addresses have this problem. But at least existing Bitcoin
addresses aren't supposed to be reused. Silent Payments are: the whole poin=
t is
to have a single address that you can safely pay to multiple times, without
privacy concerns. Failing to make Silent Payment addresses eventually expir=
e in
a reasonable amount of time is thus a particularly harmful mistake.
Fixing this is easy: add a 3 byte field to silent payments addresses, encod=
ing
the expiration date in terms of days after some epoch. 2^24 days is 45,000
years, more than enough. Indeed, 2 bytes is probably fine too: 2^16 days is=
180
years. We'll be lucky if Bitcoin still exists in 180 years.
Wallets should pick a reasonable default, eg 1 year, for newly created
addresses. Attempts to pay an expired address should just fail with a simple
"address expired". Lightning invoices are a good example here: while invoic=
es
does not require expiration from a technical point of view, they do expire =
for
similar UX reasons as applies to silent payments.
--=20
https://petertodd.org 'peter'[:-1]@petertodd.org
--SB8PAdHnrhigqCwh
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmTNN7QACgkQLly11TVR
Lzcqag//XGfqhEuXQMff0t8/BdgkNuOlW0JVbDcbQkoqtlvjtKEQNSvhSCPO6CVk
8GXc59qBLGe0oz+O5BdRrwnymEGj3bu9cSLm9l9n/t/LPZ4i6/3TIG1t4f5VVvuD
jmFA/1/tneA7Gv6ZGj1pxbmpZ1XluhrGLRrLi52BPjbXExIIfzoJWjnVvhUSjzvO
X966+Kj3Y1iIe2BOUfncT/Ig0tViU0JfbGXsLD4skTc7Jn8VrUWvpp55DMy8cRuK
XtIu660reaFLJVsC67IsvZJdTJR++Jsa4lhIuoCNnRLU50YyVckdUlsoOiZcfI0v
W5pC28fIcf3CAIjUDJMV3sp7DdEhNH8MTFGngZHuGqNLnj3KRbQ55bBkaUlliKNn
NRxoLebKLenbGweO7mxT4BMa0K4N3GA/7Pan4HYF4/p7soGjvTO/j8Lh/EqYvoF2
c4KF0LlHfnnCaHlAflIgar1RsnQ0dBZtA439sDQhKaGc2dkevsztU+gj9PDqNPRv
eaW6NLwhgbU8VV1iR6qeF11tPe8nfP+fpK0Abz3zYWnsnPttG1OvUVhAWJGxjNrp
SD+zTi4Q5WSJ9JnFP70Eep4CXtC2qwWSRUxMKCg5jsJtGrhzi3yMRXzYegRweO+A
mc5dv37uTGnc5Le981X+TbQI77AKxbajXd5jY/irCK59WnoVFOg=
=2pUB
-----END PGP SIGNATURE-----
--SB8PAdHnrhigqCwh--
|
