BIP for Silent Payments Is Out For Review

The Silent Payments BIP is finally out for review, together with a WIP implementation for Core, wrote developer Ruben Somsen on Twitter.

BIP for Silent Payments Is Out For Review
  • "Using a new address for each Bitcoin transaction is a crucial aspect of maintaining privacy. This often requires a secure interaction between sender and receiver so that the receiver can hand out a fresh address, a batch of fresh addresses, or a method for the sender to generate addresses on-demand, such as an xpub."
  • "However, interaction is often infeasible and in many cases undesirable. To solve for this, various protocols have been proposed which use a static payment address and notifications sent via the blockchain. These protocols eliminate the need for interaction, but at the expense of increased costs for one-time payments and a noticeable footprint in the blockchain, potentially revealing metadata about the sender and receiver."
  • "Notification schemes also allow the receiver to link all payments from the same sender, compromising sender privacy."
  • "This proposal aims to address the limitations of these current approaches by presenting a solution that eliminates the need for interaction, eliminates the need for notifications, and protects both sender and receiver privacy."
  • "These benefits come at the cost of requiring wallets to scan the blockchain in order to detect payments. This added requirement is generally feasible for full nodes but poses a challenge for light clients."
  • "While it is possible today to implement a privacy-preserving light client at the cost of increased bandwidth, light client support is considered an area of open research."
  • "We aim to present a protocol which satisfies the following properties:

    - No increase in the size or cost of transactions.
    - Resulting transactions blend in with other bitcoin transactions and can’t be distinguished.
    - Transactions can’t be linked to a silent payment address by an outside observer.
    - No sender-receiver interaction required.
    - No linking of multiple payments to the same sender.
    - Each silent payment goes to a unique address, avoiding accidental address reuse.
    - Supports payment labeling.
    - Uses existing seed phrase or descriptor methods for backup and recovery.
    - Separates scanning and spending responsibilities.
    - Compatible with other spending protocols, such as CoinJoin -   Light client/SPV wallet support.
    - Protocol is upgrade-able."
  • "A single silent payment address is enough to receive funds from anyone without loss of privacy", wrote Ruben Somsen on Twitter.

Mailing List Explainer / Archive
Full Specification

How do Silent Payments compare with PayNyms?

Here's some extra reading on the subject for those new to Silent Payments or wanting to see how they compare and contrast with PayNyms (shared by Seth For Privacy in our Telegram group):