Re: [bitcoin-dev] New BIP: Private Payments

From: Ruben Somsen <rsomsen@gmail•com>
To: Alfred Hodler <alfred_hodler@protonmail•com>,
	 Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] New BIP: Private Payments
Date: Sat, 30 Jul 2022 15:41:36 +0200	[thread overview]
Message-ID: <CAPv7TjZHJoY2cN9=X7vxSOEbd-YLQLrFi87e8Yj-xZJUawjRYA@mail.gmail.com> (raw)
In-Reply-To: <-BUM-o-GxD7jpYy6cOdoALb-p2xbdEFds3De08nUFseeif6-OS6p_A7u7B_h45rkuflSix9kaC4e9fbOs_YwOL6xbrCF5ebjyGKurT4MeJU=@protonmail.com>

[-- Attachment #1: Type: text/plain, Size: 2969 bytes --]

Hi Alfred,

Thanks for all the effort.

Note that in the previous thread I mentioned[0] that this proposal
introduces a scanning requirement in order to detect incoming notifications
(complicating light client implementation). I recommend that you put this
information in the BIP, as this is an important downside that readers
should be aware of.

I'm also now realizing that your proposal is actually *very* similar to the
BIP47 protocol improvement suggestions that were made in Prague:
https://gist.github.com/RubenSomsen/21c477c90c942acf45f8e8f5c1ad4fae

As far as I can tell, the one difference is that you added an extra ECDH
calculation to hide the recipient payment code. Uncoincidentally, this is
also exactly what causes the downside of having a scanning requirement, and
it seems the only benefit you get in return is that you don't have to
outsource the notification (as is the case in the Prague protocol) and can
broadcast it yourself instead. I'm personally unsure whether this is a net
improvement, but that is certainly open to debate. I'd say it's worth
having this discussion prior to finalizing the BIP, as otherwise it could
potentially result in yet another incompatible standard further down the
line.

Considering the similarity, perhaps you could consider crediting the
participants of the Prague discussion (namely Alekos Filini, Martin
Habovštiak, and myself). And I imagine Silent Payments[1] may have served
as an inspiration as well. I also recommend taking another look at the
"Allowing collisions" paragraph from the Prague discussion, as it can
potentially shave off up to 28 bytes.

I hope you find this feedback reasonable and it doesn't discourage you.
There's way too much work to be done on Bitcoin, so I'm happy to see you
are actively putting in the effort to move things forward. Working out the
details such as how to handle address formats is also very much
appreciated. Keep it up.

Cheers,
Ruben

[0]
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020607.html

[1] https://gist.github.com/RubenSomsen/c43b79517e7cb701ebf77eec6dbb46b8

On Sat, Jul 30, 2022 at 1:59 PM Alfred Hodler via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:

> Hi,
>
> We propose a new BIP that facilitates more private two-party transactions.
> This is a strict improvement upon BIP47, with increased privacy and better
> future-proofing.
>
> The contents may be found here:
>
> https://github.com/alfred-hodler/bips/blob/bip-alfredhodler-private-payments/bip-alfredhodler-privatepayments.mediawiki
>
> We hope to collect feedback and be assigned with a BIP number. A reference
> implementation will be published once the BIP is deemed viable.
>
> Alfred
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 4160 bytes --]