[Bitcoin-development] Merge avoidance and P2P connection encryption

Mike Hearn mike at plan99.net
Thu Dec 12 18:24:46 UTC 2013

I think the right way to integrate BIP32 and BIP70 would be to specify
output scripts as normal for backwards compatibility, and then allow each
output to have an additional xpubkey and iteration count field. The
iteration counts could be unsigned.

Unfortunately to add data that isn't signed requires a backwards
incompatible change to the protocol :( There isn't currently any area that
isn't covered by the signature. We would have to add one, and then have a
matching array of iteration counts for each xpubkey that was specified in
the output.

I wonder if we should make a last minute change to BIP70 before wallets
have shipped and merchant support starts, something like

message PaymentRequest {
  optional byte unsigned_data = 6;

that would be deleted like the signature is before reserialization.

On Thu, Dec 12, 2013 at 9:28 AM, Paul Rabahy <prabahy at gmail.com> wrote:

> First off, nice article. Very clear and informative.
> I don't know if this is the best place to post this, but it seems related
> to me.
> As more wallets implement BIP32, I believe that bitcoin wallets should
> begin to encourage people to use
> https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#recurrent-business-to-business-transactions-mi0style address instead of traditional addresses. In the end, this would
> improve privacy because users never need to merge coin if they had one of
> these "super addresses".
> In addition, "super addresses" would fit nicely into BIP70. Right now, the
> PaymentDetails message allows the merchant to provide multiple outputs. If
> instead the PaymentDetails provide 1 traditional output (for reverse
> compatibility) and 1 "super address", the payment could be broken into as
> many pieces as is needed to match unspent outputs already in the customers
> wallet. Finally, the refund_to address in Payment could also be upgraded to
> a "super address" to enhance privacy there.
> I am not sure if there is a large memory requirement for "super
> addresses", but to me, it seems that a lot of these privacy enhancing
> possibilities will be simple to implement once BIP32 is widely deployed.
> On Thu, Dec 12, 2013 at 11:03 AM, Mike Hearn <mike at plan99.net> wrote:
>> I wrote an article intended for a broad/non-developer audience on a few
>> Bitcoin privacy topics:
>> - P2P connection encryption
>> - Address re-use/payment protocol
>> - CoinJoin and merge avoidance
>> I don't think there's anything much new here for people who were involved
>> with the BIP70 design discussions, but it may prove a useful resource when
>> talking about privacy features in the payment protocol. Specifically the
>> ability to request multiple outputs and submit multiple transactions that
>> satisfy them. The article elaborates on how to use that feature to achieve
>> some useful privacy outcomes.
>> I also analyze what using SSL for P2P connections would buy us and what
>> it wouldn't.
>> https://medium.com/p/7f95a386692f
>> ------------------------------------------------------------------------------
>> Rapidly troubleshoot problems before they affect your business. Most IT
>> organizations don't have a clear picture of how application performance
>> affects their revenue. With AppDynamics, you get 100% visibility into your
>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
>> Pro!
>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20131212/c0b07754/attachment.html>

More information about the bitcoin-dev mailing list