bips icon indicating copy to clipboard operation
bips copied to clipboard
verified publisher icon bitcoin

Bip Draft: Sending Silent Payments in PSBTs

Open andrewtoth opened this issue 1 year ago • 1 comments

This BIP adds support for sending silent payments using PSBTs.

If there are multiple entities handling the PSBT that do not have access to some input private keys, a DLEQ proof by the signer may be added for other entities to verify the corresponding ECDH shares used to derive the output scripts were generated correctly. This will be specified in a following BIP. For the common case of a single entity that has access to all private keys, the DLEQ proof generation is unnecessary.

Spending support is trivial and can be done with a modification to BIP370 to add a new input field for the tweak data.

andrewtoth avatar Oct 17 '24 12:10 andrewtoth

Mailing list post on Oct 17 at https://groups.google.com/g/bitcoindev/c/5G5wzqUXyk4.

jonatack avatar Oct 18 '24 20:10 jonatack

@murchandamus @jonatack @nothingmuch @guggero @theStack thank you all for your reviews.

  • Updated the spec to have either per-input or global ECDH shares and DLEQ proofs, instead of using subsets.
  • Specified using BIP374 to compute and verify DLEQ proofs.
  • Suggest adding BIP32 derivation paths for pubkey hashed inputs, so the public key is available before the witness or scriptSig is added.
  • Updated output key due to conflict with #1540.
  • Added silent payment label output type for computing change.

andrewtoth avatar Dec 31 '24 20:12 andrewtoth