Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W4ff7-00088Z-26 for bitcoin-development@lists.sourceforge.net; Sat, 18 Jan 2014 23:50:49 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.217.169 as permitted sender) client-ip=209.85.217.169; envelope-from=gmaxwell@gmail.com; helo=mail-lb0-f169.google.com; Received: from mail-lb0-f169.google.com ([209.85.217.169]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1W4ff6-0004Yb-7q for bitcoin-development@lists.sourceforge.net; Sat, 18 Jan 2014 23:50:49 +0000 Received: by mail-lb0-f169.google.com with SMTP id q8so4068708lbi.0 for ; Sat, 18 Jan 2014 15:50:41 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.153.6.34 with SMTP id cr2mr6547lad.44.1390089041505; Sat, 18 Jan 2014 15:50:41 -0800 (PST) Received: by 10.112.198.65 with HTTP; Sat, 18 Jan 2014 15:50:41 -0800 (PST) In-Reply-To: <52F8B4EC-F955-46E4-B871-3BEEFF69907D@taplink.co> References: <20140114225321.GT38964@giles.gnomon.org.uk> <20140116212805.GA4421@petertodd.org> <20140117144601.GA8614@petertodd.org> <52DA093D.4070505@gmail.com> <52F8B4EC-F955-46E4-B871-3BEEFF69907D@taplink.co> Date: Sat, 18 Jan 2014 15:50:41 -0800 Message-ID: From: Gregory Maxwell To: Jeremy Spilman Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1W4ff6-0004Yb-7q Cc: Bitcoin Development Subject: Re: [Bitcoin-development] Stealth Addresses X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Jan 2014 23:50:49 -0000 On Sat, Jan 18, 2014 at 3:12 PM, Jeremy Spilman wrote: > In the case where payment is being sent only to Q1, and Q2 is for discove= ry only, perhaps we could use a 160-bit curve for d2/Q2 and e/P resulting i= n 20 byte vs 32 bytes in the OP_RETURN, and of course faster multiplication= . > > 80-bits of security I assume still greatly exceeds the actual level of pr= ivacy you get with the overall solution, and since Q2 is never protecting a= ctual funds... > > But if it's a "real weakening" of the privacy then definitely not worth i= t, and even the added complexity of another curve seems possibly not worth = it... Well super-fast hand optimized code for (your choice of) 160 bit curve may not ever exist, making it slower in practice. Plus the extra code to carry around even if it does exist=E2=80=A6