Skip to content

Commit

Permalink
Update bip-0352.mediawiki
Browse files Browse the repository at this point in the history 
Co-authored-by: Vojtěch Strnad <[email protected]>
  • Loading branch information
@josibake @vostrnad
josibake and vostrnad authored Aug 4, 2023
1 parent 475a40b commit 91bf059
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion bip-0352.mediawiki
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ Future Silent Payments versions will use the following versioning scheme:
** ''v1'' through ''v30'': read the first 66-bytes of the data part and discard the remaining bytes (if any)
** ''v31'': fail
* Receiver addresses are always [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP341] taproot outputs<ref name="why_taproot">'''Why only taproot outputs?''' Providing too much optionality for the protocol makes it difficult to implement and can be at odds with the goal of providing the best privacy. Limiting to taproot outputs helps simplify the implementation significantly while also putting users in the best eventual anonymity set.</ref>
* The sender should sign with one of the sighash flags ''DEFAULT, ALL, SINGLE, NONE'' (''ANYONECANPAY'' is unsafe). It is strongly recommended implementations use ''SIGHASH_DEFAULT'' when applicable, or ''SIGHASH_ALL''<ref name="why_sighash_default_or_all">'''Why recommend ''SIGHASH_[DEFAULT|ALL]''?''' Since the output address for the receiver is derived from from the sum of the ''[[#inputs-for-shared-secret-derivation|Inputs For Shared Secret Derivation]]'' public keys, the inputs must not change once the sender has signed the transaction. If the inputs are allowed to change after the fact, the receiver will not be able to calculate the shared secret needed to find and spend the output. It is currently an open question on how a future version of silent payments could be made to work with new sighash flags such as ''SIGHASH_GROUP'' and ''SIGHASH_ANYPREVOUT''.</ref>
* The sender should sign with one of the sighash flags ''DEFAULT'', ''ALL'', ''SINGLE'', ''NONE'' (''ANYONECANPAY'' is unsafe). It is strongly recommended implementations use ''SIGHASH_ALL'' (''SIGHASH_DEFAULT'' for taproot inputs) when possible<ref name="why_not_sighash_anyonecanpay">'''Why is it unsafe to use ''SIGHASH_ANYONECANPAY''?''' Since the output address for the receiver is derived from from the sum of the [[#inputs-for-shared-secret-derivation|Inputs For Shared Secret Derivation]] public keys, the inputs must not change once the sender has signed the transaction. If the inputs are allowed to change after the fact, the receiver will not be able to calculate the shared secret needed to find and spend the output. It is currently an open question on how a future version of silent payments could be made to work with new sighash flags such as ''SIGHASH_GROUP'' and ''SIGHASH_ANYPREVOUT''.</ref>
* Inputs used to derive the shared secret are from the ''[[#inputs-for-shared-secret-derivation|Inputs For Shared Secret Derivation]]'' list
=== Scanning transactions ===
Expand Down

0 comments on commit 91bf059

Please sign in to comment.