Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1W34q1-0000s7-2F for bitcoin-development@lists.sourceforge.net; Tue, 14 Jan 2014 14:19:29 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.110 as permitted sender) client-ip=62.13.148.110; envelope-from=pete@petertodd.org; helo=outmail148110.authsmtp.com; Received: from outmail148110.authsmtp.com ([62.13.148.110]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1W34pv-0000Ns-9m for bitcoin-development@lists.sourceforge.net; Tue, 14 Jan 2014 14:19:29 +0000 Received: from mail-c235.authsmtp.com (mail-c235.authsmtp.com [62.13.128.235]) by punt14.authsmtp.com (8.14.2/8.14.2) with ESMTP id s0EEJH4b006046; Tue, 14 Jan 2014 14:19:17 GMT Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id s0EEJ8Dv089764 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 14 Jan 2014 14:19:10 GMT Date: Tue, 14 Jan 2014 09:19:08 -0500 From: Peter Todd To: Jeremy Spilman Message-ID: <20140114141908.GB29950@savin> References: <20140110102037.GB25749@savin> <20140113194049.GJ38964@giles.gnomon.org.uk> <52D4458C.6010909@gmail.com> <19AE1549-16E0-4119-8BE9-8F4DFD3381C1@taplink.co> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="oC1+HKm2/end4ao3" Content-Disposition: inline In-Reply-To: <19AE1549-16E0-4119-8BE9-8F4DFD3381C1@taplink.co> User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: d6bea78a-7d26-11e3-b802-002590a15da7 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aQdMdwYUElQaAgsB AmIbWlBeUVR7WGI7 bAxPbAVDY01GQQRq WVdMSlVNFUsrAWl0 fBZqFBl6fgJAfDBx Zk5hWD4PWhYvJEF1 E1NTQW8AeGZhPWMC AkhYdR5UcAFPdx8U a1UrBXRDAzANdhES HhM4ODE3eDlSNilR RRkIIFQOdA4wAjM1 QwwCVRwjEVcIXD4+ NHQA X-Authentic-SMTP: 61633532353630.1023:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 76.10.178.109/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1W34pv-0000Ns-9m Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Stealth Addresses X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2014 14:19:29 -0000 --oC1+HKm2/end4ao3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 13, 2014 at 02:02:00PM -0800, Jeremy Spilman wrote: >=20 > > Uh while I'm responding again, what I'd discussed with Peter Todd in > > IRC used two EC points in the stealth address. One for the payment and > > one for the ECDH. The reason to use two is that it makes delegating > > detection possible and so you don't have to have you spending keys > > online to even detect these payments. Why'd that get dropped? >=20 > I think this is exactly what I've implemented. >=20 > I decided to put both pubKeys in a 2-of-2 multisig, instead of keeping on= e of the pubKeys in the OP-RETURN, to prevent a malicious sender from trigg= ering false positives on your online detection key when the funds are actua= lly still fully controlled by the payer. >=20 > You can still have a false positive (only 1 of 2 keys actually yours) but= the funds would be trapped so it's unlikely anyone would do it.=20 How would they trigger false positives? The payee recovers the nonce with ECDH from the payor's ephemereal pubkey and their online detection secret key. They use BIP32 public derivation with their offline spending pubkey(s), if the derived pubkeys match the actual scriptPubKey they know the output is spendable by them. I don't see how that can go wrong. --=20 'peter'[:-1]@petertodd.org 000000007dd7a87aec311fb7fb13770f54edf628e6976f8c6091a5b2638878a7 --oC1+HKm2/end4ao3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQGrBAEBCACVBQJS1UdbXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwN2RkN2E4N2FlYzMxMWZiN2ZiMTM3NzBmNTRlZGY2MjhlNjk3NmY4YzYw OTFhNWIyNjM4ODc4YTcvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfsV8Qf+LQ5Gdb3uKMh95chR1IonmIzK 0n3P8E59oYpc/b7YLANfHAUARh/SYkDV/f5Sq5q38bvcGY61suOVqL6FPI2fMYEj N96hhNWPlqgqj9m4ak2vVnaX193ImVa5tsaDjBPOXCztr7DVoNqy0v+a/TFl3Eu6 Fqr4pm8y9M1fmjOlen+DBEnSTNJgs1hJcCeZy1Qe7+eDTCaqYf4nHmU7Zl2xkFXn vHf40N2L5HyTJilWgPHD2KnSVNERGp7F7c4hGvW2YzAUi+YLPypvPH/T19o9Ldgv pZuprzTBA3c3TCTHjzOXwBcK8TNGai+7BTH1USQDUqfbl1lzJKv1C0dbxWagPQ== =l02T -----END PGP SIGNATURE----- --oC1+HKm2/end4ao3--