Nostr Web Client

Been spending some time looking at the design of Silent Payments, just from a crypto point of view. Overall I like it; the only wiggle room for attack I can find so far is if the spending key is somehow a key that itself previously existed and was used for something, which it never would be. I see basically no attacks that make sense, so far. If I have a complaint about the BIP, it's that it isn't as clear as it should be about what privacy guarantees it's claiming (though the common sense reading seems to be right; it should be explicit though). Obviously the way out there stuff, like inputs that are from MuSig2/FROST, or coinjoins, which are pointed at in the BIP, are very much uncharted territory and would be hard to get right, but for now I think that is just not going to happen. Anyway I'll keep looking.

#cryptography #bitcoin

Reply to this note

Please Login to reply.

Discussion

waxwing 3mo ago

For example: for receiver B, and multiple payers A_i, we want this: payments P_i are not linkable to B, except payment P_i is linkable to B by payer A_i (of course!). Thinking in this way allows you to realize for example that the effectiveness of SilentPayments may crucially depend on B's spending policies. (in the ideal case: B only receives coins via this protocol and only co-spends utxos that were created with it; you can satisfy yourself that in this case the non-cospent utxos should not be linkable. Or maybe you can't. But that's the kind of thing I think is worth investigating. A bit beyond a BIP of course, maybe, likely, someone has already done it.)

/dev/fd0 3mo ago

Silent payments has 2 basic problems:

1. Scanning requirement

2. No privacy if multiple inputs are used together in a transaction later

/dev/fd0 3mo ago

Here's an alternative that fixes problem 1: https://delvingbitcoin.org/t/stealth-addresses-using-nostr/1816

waxwing 3mo ago

Interesting thought for sure. Obviously *any* out of band could work (with clearly some tradeoff), nostr fits particularly nicely. I'll read it more.

steepdawn974 3mo ago

Re 1) Frigste may he a solution (for those running a node already)

2) post-mix hygene is always as issue, amd has to be solved on the app level imho. I dont see how this can be addressed onchain

nostr:nevent1qqsxtg6cdtyv9yytwl3kc0jnzzssc8k7xzwju64tyqqry9wfwld8tvcpz3mhxue69uhkummnw3ezummcw3ezuer9wcpzp0n622gm2vhghyv09hyczjy53gea8cx6qaug6aqk7ua5cag57z8xqvzqqqqqqyu4y7q7