The email explores the intricacies of implementing and refining a Partially Signed Bitcoin Transaction (PSBT) workflow tailored for silent payment outputs, which are integral to enhancing privacy in cryptocurrency transactions.
It delves into the technical challenges and potential solutions associated with spending from and sending to silent payment addresses. The process of spending involves a unique method where the shared_secret_tweak
is applied to the spend private key during the signing phase to properly derive the signing key. This crucial step, detailed with code references on GitHub (sp-client), ensures that transactions directed towards silent payment addresses can be signed accurately.
Moreover, the sender outlines a strategy for addressing the accurate calculation of transaction fees and the adaptability of the PSBT until final output keys are generated. This approach incorporates a placeholder scriptpubkey in the unsigned transaction, allowing for precise fee estimations and subsequent adjustments to the PSBT based on the current transaction state. Further details are provided through another GitHub link (sp-client details), showcasing the method's effectiveness despite its potential for optimization.
In addition to spending methodologies, the correspondence addresses the complexities involved in sending silent payments, particularly regarding the generation of outputs and inputs, and the access to private keys required for such transactions. A promising solution is presented in the form of a draft Bitcoin Improvement Proposal (BIP) by delvingless andrewtoth, accessible at https://gist.github.com/andrewtoth/dc26f683010cd53aca8e477504c49260, which introduces the concept of an OutputGenerator
role. This role simplifies the integration of silent payment logic into existing systems by limiting the modifications needed for other roles in the transaction process. Specifically, signers would only need to confirm a new field, DLEQ_PROOF
, to verify the correctness of output generation without needing direct access to generating private keys.
Additionally, the proposal entertains the innovative idea of using an "ECDH share" instead of full access to private keys for the OutputGenerator, offering a potentially more secure way to cooperate cryptographically. However, concerns about the security of this method are raised, particularly regarding how signing devices would respond to Diffie-Hellman requests, highlighting the need for a careful evaluation of advanced features against their security risks. In summary, the discussions and proposals outlined in the email represent significant progress towards achieving more private and secure cryptocurrency transactions through the use of silent payments in PSBTs, while also acknowledging the ongoing technical and security challenges that must be addressed.