Replying to Avatar Super Testnet

> Bob reads the op_return

How does he do that without contacting a server? The OP said he uses bip47 on a mobile phone, so it is very unlikely that a copy of the blockchain is on the device. Therefore, unless you are in the very special circumstance of actively syncing blocks on your mobile device, your bip47 wallet contacts a server.
Avatar
Kortik πŸ‡¦πŸ‡² 2mo ago

BIP47 doesn't require any centralized backend servers. Bip47 addresses are generated client side and outside of the xpub space. If you choose to query that address through someone else's node then of course you receive degraded privacy but that node has 0 knowledge the address is a PayNym derived one.

Think of this

Paynym.rs isn't a modified version of BIP47. It's a directory.

A metaphor:

- BIP47 payment code <=> PGP pubkey

- paynym.rs <=> PGP keyserver

their is no paynym server paynym.is just host Pepe bots which is represented by pm8 number and derived from your private key. bip47 is serverless. All you need to share or to publish for BIP47 is a payment code, like this:

PM8TJUAu8QqW5WasFvDUH4qcviw8aCdcJfwkzHMM4KjkduyoN7yXtL5fxCtotcg5wrxpHRRbuQVD3XHzz2RzDCD58TzCrRwPw1xyUbRLdeds9ygNwxty

But the fact that I've shared this payment code with you on doesn't mean that servers are required for BIP47. One can publish the payment code whereever you wish (e.g.: 3rd party directory, personal website hosted by yourself). More important: It just need to be retrieved once by your counterparty.

you publish your payment code, then a thousand people can send btc to a thousand different addresses without any leakage as there was no need to share those addresses at all

Here

https://www.npmjs.com/package/@samouraiwallet/bip47

Reply to this note

Please Login to reply.

Discussion

Avatar
Super Testnet 2mo ago

> If you choose to query that address through someone else's node then of course you receive degraded privacy

Sir, that's a server, and mobile wallets all require it except for the very rare case where a mobile device itself actively syncs blocks and parses them on its own

Silent Payments are better for several reasons. Two of them are: (1) with silent payments, you can run it (even on a mobile device) *without* querying someone else's node about your address (2) it doesn't require putting a notification transaction on the blockchain, which costs money and puts needless data on it

Avatar
Kortik πŸ‡¦πŸ‡² 2mo ago

Well bip47 does not require notification txn. If both parties online one just shares pm8 code and there is no need for notification txn

Notification txn requires only if one party is offline

you just follow each others paynym and use cahoots using soroban like in this video example of stowaway txn (payjoin) there is no need to make notification txn at all unless other party is offline or you know you will be paying same entity repeatedly when they are offline then use notif txn. Here video example inside wallet

https://r2a.primal.net/uploads2/7/96/3a/7963aebfe0332045cd8b735a8c5e6169a4f47d19346b2d0dc3b6d3a45b838ac2.mp4

Avatar
Super Testnet 2mo ago

Silent payments are a better protocol than bip47 because they allow you to send payments to *offline* people without a notification transaction, repeatedly, and because both protocols, when run on a mobile device, require a server's assistance anyway, apart from a rare exception where the mobile device is actively syncing the blockchain (in which case neither protocol needs a server's assistance, except to sync the blocks)

Avatar
Kortik πŸ‡¦πŸ‡² 2mo ago

BIP47 is first and foremost for entities who send/receive repeated payments to/from their counterparties. Examples of such entities are exchanges, mining pools, companies paying salaries to their collaborators, merchants, etc

and trying to address these entities make a lot of sense because most occurrences of address reuse are now caused by these entities. And sadly, it has a huge impact on the privacy of everybody. Silent Payments are not a better solution than BIP47. They don't even try to address the same target .

The point of the notif tx is that it doesn't require a synchronuous comm' between the 2 entities, it communicates the "identity" of the sender and it acts as a backup of the derived keys for the receiver. The partially public aspect of the notif tx is the price paid for that.

There is no server. Plus The notification transaction for BIP47 is an advantage, not a disadvantage. It makes you less likely to be dusted as a receiver and, as a sender, you don’t have to construct transactions with a taproot output - a script type that no one serious about on chain privacy uses. While SP are a magnet for dust attacks, have a significant scanning overhead for wallets and they require a taproot output in a tx too which is a negative.

the only difference between SP and BIP47 is that BIP47 requires for each output a lookup against n monitored addresses while SP requires these lookups + the computation of P0. This additional work is independent of the number of addresses tracked by the node, hence the claim that labels improve the scalability of SP

There's is still an additional load (computation of P0) but it scales with the number of outputs, not with the number of tracked addresses. Main benefit is that the former is bounded (by the max blocksize) while the latter is potentially unlimited...

Anyway Silent payments has significant performance and computational costs for the block scanning and key derivation.

It must scan every output of every block for every user. Recovering a wallet would require rescanning every output of the entire blockchain from wallets creation

Another difference is in terms of the security model associated to each mode. In the case of SP, b_scan (scan private key) must be known by the node monitoring the blockchain while BIP47 only requires public information (public keys).

Avatar
Kortik πŸ‡¦πŸ‡² 2mo ago

BIP47 is Serverless: GROK knows