We could make a filter by xpub instead of the pubkey :)
Discussion
Doesn't that mean relays would have to index events by xpub and thus they can deanonymize any note author?
critical flaw:
xpub derivation works by putting the chain code C and index I through a hash function to get a modifier private key m
using the base private key b, you can calculate the derived key as b + m
for public part, m can still be calculated (chain code and index are public), but you only get base public key B
you convert m to a public key M, and calculate B + M, and that is the public key for b + m
now if b + m, the derived key, gets leaked, and the base xpub is public, m can be calculated and subtracted from b + m, to get b
you can from there calculate any other derivation path
the solution is hardened derivation but hardened derivation can only be calculated via xprv, not xpub
Yeah indexing will be harder, unless the client breaks it down and queries by a set of pubkeys directly. But for that to happen, relays must abandon the filter limits they have today.
Essentially, they will have to go develop a function in say SQL that assesses if a pubkey is inside the set of an xpub or not. Key derivation is heavy, so maybe there must be a new xpub crypto scheme that makes it easier for indexing.
Yeah, key derivation is hard. Wallets that went through a lot of whirlpool mixes are very deep in their address derivations which causes most electrum server implementations to be very slow in those cases.
That's why Fulcrum was recomended, or even Samourai built another backend (the dojo) which was just a wrapper sql DB for fast lookups from an xpub.