Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8D0B9C002D for ; Sat, 30 Jul 2022 13:41:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 540524175C for ; Sat, 30 Jul 2022 13:41:49 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 540524175C Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=e11cCiAh X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h-aPP4ZFqRx2 for ; Sat, 30 Jul 2022 13:41:47 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org ACFD241721 Received: from mail-oa1-x35.google.com (mail-oa1-x35.google.com [IPv6:2001:4860:4864:20::35]) by smtp4.osuosl.org (Postfix) with ESMTPS id ACFD241721 for ; Sat, 30 Jul 2022 13:41:47 +0000 (UTC) Received: by mail-oa1-x35.google.com with SMTP id 586e51a60fabf-10d6ddda695so9151226fac.0 for ; Sat, 30 Jul 2022 06:41:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc; bh=a/nbHIifRhodgOz+Qid4NR6luZmsUNe5O2CSSs/X3XM=; b=e11cCiAh4aiLAv3IZO1wsJTRpRVkLK1pcmOHpnkJ1wip36tC0OMDlSFh3qa2ug8HkX mmhuhLn6GB/QeJUxhmu1p60drt7WUMdNRD8ZurIstgWv1Tyr4kSjRbJjMcxExy/WBhRc ATWsgPukDT7e5Cy42uHHwh5lKEwBEhgyKKj7ds8RhegjWmQXu96KRnuWzmvkdqdPxmFK j5bBWwrl27BG61lRluhqI1duNfSRuaLCe0qs6otuPRdUw+vA+ctr5me/xhbCSqJsijku 8KncfmA3+LgG/uIKQu/b/sb6s0+Fo4x6a692XBuuztMMg5GOhDB9l95u17Z7tBjjll1y 4DEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc; bh=a/nbHIifRhodgOz+Qid4NR6luZmsUNe5O2CSSs/X3XM=; b=sSHbECK+MkHNQx5WdzEs7pIy08JerkJYMTVhOxHu0MakmjU8SAZnhhLfYCKPsjuCJj KkDMJN244cvJ9fZc9zoGyscXP2Kqg+Tr7VvMz1GDFky1CfetIFTwF2WFD0IrA8SZXl3E DdUp90/izTqYX0YsdFNiO9M2McJSUi0Qq++y4P57DpZ6drA6OIxRv/ZSw38WSxvYnI/v bssnNL4kcLhMwAmM9inOI+Poev91o59t/pYt8JDaTf8Qh6Bxd15MuJDsfNfQQuaNSe6t 9HpF6e4iQWiIwrqW/h3wH7oKyJH3IqPbsxOxzCt7dleBbXyQ6cBtROIzJEXbg67ii2rp +4yw== X-Gm-Message-State: AJIora/kwBpwkJ52i8sVjUdou+Jm4tSV0Zsf3L0eVk/355n5tNsoD2+H RxuXLq5TSXkW6dIa8pPK4g2oRMvgzv7lJAlDlUM= X-Google-Smtp-Source: AGRyM1smEfujYkDyFdk38D4FxhOkf72bVdBhAzij0KGrt2qukowoh0yiitZhAPj9ZH/at52XpJUnpr3bNnHBY9OxyOg= X-Received: by 2002:a05:6870:b403:b0:10e:7914:adb with SMTP id x3-20020a056870b40300b0010e79140adbmr3860855oap.126.1659188506669; Sat, 30 Jul 2022 06:41:46 -0700 (PDT) MIME-Version: 1.0 References: <-BUM-o-GxD7jpYy6cOdoALb-p2xbdEFds3De08nUFseeif6-OS6p_A7u7B_h45rkuflSix9kaC4e9fbOs_YwOL6xbrCF5ebjyGKurT4MeJU=@protonmail.com> In-Reply-To: <-BUM-o-GxD7jpYy6cOdoALb-p2xbdEFds3De08nUFseeif6-OS6p_A7u7B_h45rkuflSix9kaC4e9fbOs_YwOL6xbrCF5ebjyGKurT4MeJU=@protonmail.com> From: Ruben Somsen Date: Sat, 30 Jul 2022 15:41:36 +0200 Message-ID: To: Alfred Hodler , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="0000000000008e363d05e505ed50" X-Mailman-Approved-At: Sat, 30 Jul 2022 13:43:07 +0000 Subject: Re: [bitcoin-dev] New BIP: Private Payments X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jul 2022 13:41:49 -0000 --0000000000008e363d05e505ed50 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Alfred, Thanks for all the effort. Note that in the previous thread I mentioned[0] that this proposal introduces a scanning requirement in order to detect incoming notifications (complicating light client implementation). I recommend that you put this information in the BIP, as this is an important downside that readers should be aware of. I'm also now realizing that your proposal is actually *very* similar to the BIP47 protocol improvement suggestions that were made in Prague: https://gist.github.com/RubenSomsen/21c477c90c942acf45f8e8f5c1ad4fae As far as I can tell, the one difference is that you added an extra ECDH calculation to hide the recipient payment code. Uncoincidentally, this is also exactly what causes the downside of having a scanning requirement, and it seems the only benefit you get in return is that you don't have to outsource the notification (as is the case in the Prague protocol) and can broadcast it yourself instead. I'm personally unsure whether this is a net improvement, but that is certainly open to debate. I'd say it's worth having this discussion prior to finalizing the BIP, as otherwise it could potentially result in yet another incompatible standard further down the line. Considering the similarity, perhaps you could consider crediting the participants of the Prague discussion (namely Alekos Filini, Martin Habov=C5=A1tiak, and myself). And I imagine Silent Payments[1] may have ser= ved as an inspiration as well. I also recommend taking another look at the "Allowing collisions" paragraph from the Prague discussion, as it can potentially shave off up to 28 bytes. I hope you find this feedback reasonable and it doesn't discourage you. There's way too much work to be done on Bitcoin, so I'm happy to see you are actively putting in the effort to move things forward. Working out the details such as how to handle address formats is also very much appreciated. Keep it up. Cheers, Ruben [0] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020607.ht= ml [1] https://gist.github.com/RubenSomsen/c43b79517e7cb701ebf77eec6dbb46b8 On Sat, Jul 30, 2022 at 1:59 PM Alfred Hodler via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Hi, > > We propose a new BIP that facilitates more private two-party transactions= . > This is a strict improvement upon BIP47, with increased privacy and bette= r > future-proofing. > > The contents may be found here: > > https://github.com/alfred-hodler/bips/blob/bip-alfredhodler-private-payme= nts/bip-alfredhodler-privatepayments.mediawiki > > We hope to collect feedback and be assigned with a BIP number. A referenc= e > implementation will be published once the BIP is deemed viable. > > Alfred > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --0000000000008e363d05e505ed50 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Alfred,

Thanks for all the effort.
Note that in the previous thread I mentioned[0] that this prop= osal introduces a scanning requirement in order to detect incoming notifica= tions (complicating light client implementation). I recommend that you put = this information in the BIP, as this is an important downside that readers = should be aware of.

I'm also now realizing tha= t your proposal is actually *very* similar to the BIP47 protocol improvemen= t suggestions that were made in Prague:

As far as I can tell, the one difference is that you added an extra= ECDH calculation to hide the recipient payment code. Uncoincidentally, thi= s is also exactly what causes the downside of having a scanning requirement= , and it seems the only benefit you get in return is that you don't hav= e to outsource the notification=C2=A0(as is the case in the Prague protocol= ) and can broadcast it yourself instead. I'm personally unsure whether = this is a net improvement, but that is certainly open to debate. I'd sa= y it's worth having this discussion prior to finalizing the BIP, as oth= erwise it could potentially result in yet another incompatible standard fur= ther down the line.

Considering the similarity, pe= rhaps you could consider crediting the participants of the Prague discussio= n (namely Alekos Filini, Martin Habov=C5=A1tiak, and myself). And I imagine= Silent Payments[1] may have served as an inspiration as well. I also recom= mend taking another look at the "Allowing collisions" paragraph f= rom the Prague discussion, as it can potentially shave off up to 28 bytes.<= /div>

I hope you=C2=A0find this feedback reasonable and = it doesn't discourage you. There's way too much work to be done on = Bitcoin, so I'm happy to see you are actively putting in the effort to = move things forward. Working out the details such as how to handle address = formats is also very much appreciated. Keep it up.

Cheers,
Ruben


[0]=C2=A0<= a href=3D"https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June= /020607.html">https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-= June/020607.html




On Sat, Jul 30, 2022 at 1:59 PM Alfred Hodler via bitcoi= n-dev <bitcoin-= dev@lists.linuxfoundation.org> wrote:
Hi,

We propose a new BIP that facilitates more private two-party transactions. = This is a strict improvement upon BIP47, with increased privacy and better = future-proofing.

The contents may be found here:
https://github.com/alfred-hodler/bips/blob/bip-alfredhod= ler-private-payments/bip-alfredhodler-privatepayments.mediawiki

We hope to collect feedback and be assigned with a BIP number. A reference = implementation will be published once the BIP is deemed viable.

Alfred

_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--0000000000008e363d05e505ed50--