delvingbitcoin

BIP352: PSBT support

Original Postby josibake

Posted on: May 17, 2024 11:51 UTC

The discussion around supporting the sending and spending of silent payment outputs in PSBTs (Partially Signed Bitcoin Transactions) highlights both current capabilities and future possibilities for enhancing privacy and security in cryptocurrency transactions.

Focusing first on the spending aspect, it's pointed out that there might already be a viable method through the use of the PSBT_IN_PROPRIETARY type. This method involves incorporating a shared_secret_tweak alongside the spend public key within the transaction, which is crucial for deriving the tweaked spend private key necessary for signing the transaction. This approach suggests a potential for immediate implementation, though the idea of introducing new fields specifically designed for these operations, such as PSBT_IN_BIP352_TWEAK, indicates room for further development and standardization.

On the other hand, the process of sending silent payments presents more complex challenges, primarily due to the dependencies between generated outputs and inputs, as well as the necessity for access to private keys. A promising solution comes in the form of a draft BIP (Bitcoin Improvement Proposal) by delvingless-andrewtoth, available at https://gist.github.com/andrewtoth/dc26f683010cd53aca8e477504c49260, which proposes the introduction of an OutputGenerator role. This role encapsulates all silent payment logic, significantly streamlining integration with existing systems by minimizing changes required for other roles. For instance, signers would only need to verify a new field, DLEQ_PROOF, ensuring outputs were correctly generated without directly accessing the generating private keys.

Additionally, the draft touches upon an innovative concept where the OutputGenerator may not require direct access to private keys. Instead, it could operate with something akin to an "ECDH share", a cryptographic construct that allows for secure cooperation without full key disclosure. However, the text cautions against this method's unproven security and highlights potential risks, particularly regarding the response of signing devices to Diffie-Hellman requests, underscoring ongoing discussions about balancing the benefits of such advanced features against their security implications.

In conclusion, while the path to fully supporting silent payments in PSBTs involves navigating technical complexities and security considerations, the collaborative efforts and proposals discussed represent significant strides toward more private and secure cryptocurrency transactions.