* Re: [bitcoin-dev] [Bitcoin-development] Reusable payment codes
@ 2015-10-22 5:53 Luke Dashjr
2015-10-22 14:55 ` Justus Ranvier
0 siblings, 1 reply; 9+ messages in thread
From: Luke Dashjr @ 2015-10-22 5:53 UTC (permalink / raw)
To: Justus Ranvier, Bitcoin Dev
On Friday, April 24, 2015 8:00:46 PM Justus Ranvier wrote:
> This link contains an RFC for a new type of Bitcoin address called a
> "payment code"
Sorry for the late review. I'm concerned with the "notification address"
requirement, which entails address reuse and blockchain spam. Since it entails
address reuse, the recipient is forced to either leave them unspent forever
(bloating the UTXO set), or spend it which potentially compromises the private
key, and (combined with the payment code) possibly as much as the entire
wallet.
Instead, I suggest making it a single zero-value OP_RETURN output with two
pushes: 1) a hash of the recipient's payment code, and 2) the encrypted
payment code. This can be searched with standard bloom filters, or indexed
with whatever other optimised algorithms are desired. At the same time, it
never uses any space in the UTXO set, and never needs to be
spent/mixed/dusted.
Luke
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [bitcoin-dev] [Bitcoin-development] Reusable payment codes 2015-10-22 5:53 [bitcoin-dev] [Bitcoin-development] Reusable payment codes Luke Dashjr @ 2015-10-22 14:55 ` Justus Ranvier 2015-10-22 20:43 ` Luke Dashjr 0 siblings, 1 reply; 9+ messages in thread From: Justus Ranvier @ 2015-10-22 14:55 UTC (permalink / raw) To: Bitcoin Dev [-- Attachment #1.1: Type: text/plain, Size: 1401 bytes --] On 22/10/15 00:53, Luke Dashjr wrote: > Sorry for the late review. I'm concerned with the "notification address" > requirement, which entails address reuse and blockchain spam. Since it entails > address reuse, the recipient is forced to either leave them unspent forever > (bloating the UTXO set), or spend it which potentially compromises the private > key, and (combined with the payment code) possibly as much as the entire > wallet. > > Instead, I suggest making it a single zero-value OP_RETURN output with two > pushes: 1) a hash of the recipient's payment code, and 2) the encrypted > payment code. This can be searched with standard bloom filters, or indexed > with whatever other optimised algorithms are desired. At the same time, it > never uses any space in the UTXO set, and never needs to be > spent/mixed/dusted. The notification transaction portion is my least-favorite portion of the spec, but I don't see any alternatives that provide an unambiguous improvement, including your suggestion. One of the most highly-weighted goals of this proposal is to be usable on as many mobile/light wallets as possible. I know for sure that all existing platforms for balance querying index by address. Support for bloom filters or other querying methods is less comprehensive, meaning the set of wallets that can support payment codes would be smaller. [-- Attachment #1.2: 0xEAD9E623.asc --] [-- Type: application/pgp-keys, Size: 18729 bytes --] [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 801 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [bitcoin-dev] [Bitcoin-development] Reusable payment codes 2015-10-22 14:55 ` Justus Ranvier @ 2015-10-22 20:43 ` Luke Dashjr 2015-10-22 20:58 ` Justus Ranvier 2015-10-22 21:05 ` Kristov Atlas 0 siblings, 2 replies; 9+ messages in thread From: Luke Dashjr @ 2015-10-22 20:43 UTC (permalink / raw) To: Justus Ranvier; +Cc: Bitcoin Dev On Thursday, October 22, 2015 2:55:14 PM Justus Ranvier wrote: > On 22/10/15 00:53, Luke Dashjr wrote: > > Sorry for the late review. I'm concerned with the "notification address" > > requirement, which entails address reuse and blockchain spam. Since it > > entails address reuse, the recipient is forced to either leave them > > unspent forever (bloating the UTXO set), or spend it which potentially > > compromises the private key, and (combined with the payment code) > > possibly as much as the entire wallet. > > > > Instead, I suggest making it a single zero-value OP_RETURN output with > > two pushes: 1) a hash of the recipient's payment code, and 2) the > > encrypted payment code. This can be searched with standard bloom > > filters, or indexed with whatever other optimised algorithms are > > desired. At the same time, it never uses any space in the UTXO set, and > > never needs to be > > spent/mixed/dusted. > > The notification transaction portion is my least-favorite portion of the > spec, but I don't see any alternatives that provide an unambiguous > improvement, including your suggestion. > > One of the most highly-weighted goals of this proposal is to be usable > on as many mobile/light wallets as possible. > > I know for sure that all existing platforms for balance querying index > by address. Support for bloom filters or other querying methods is less > comprehensive, meaning the set of wallets that can support payment codes > would be smaller. No, they just need to improve their software, and only to support receiving with payment codes (not sending to them). BIPs should in general not be designed around current software, especially in this case where there is no benefit to doing so (since it requires software upgrades anyway). Luke ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [bitcoin-dev] [Bitcoin-development] Reusable payment codes 2015-10-22 20:43 ` Luke Dashjr @ 2015-10-22 20:58 ` Justus Ranvier 2015-10-22 21:47 ` Luke Dashjr 2015-10-23 1:22 ` Peter Todd 2015-10-22 21:05 ` Kristov Atlas 1 sibling, 2 replies; 9+ messages in thread From: Justus Ranvier @ 2015-10-22 20:58 UTC (permalink / raw) To: Bitcoin Dev [-- Attachment #1.1: Type: text/plain, Size: 1098 bytes --] On 22/10/15 15:43, Luke Dashjr wrote: > BIPs should in general not be > designed around current software I strongly disagree with this statement. There is a version byte in the payment code specification for a reason. Version 1 payment codes are designed to be deployable by wallet implementers today, without requiring them to wait on any network-level changes whatsoever, which includes IsStandard() redefinitions, or yet-to-be-invented-and-deployed filtering schemes. As far as I know, multi-push OP_RETURN outputs are not standard transactions and so wallet users can not rely on transactions containing them to be relayed through the network, therefore any improvement to the protocol which requires that feature is not appropriate for version 1. When additional capabilities are deployed in the network such that Bitcoin users can rely on their existence, that would be a great time to specify a version 2 payment code that uses those features and encourage users to upgrade (which should be a fairly smooth process since their actual keys don't need to change). [-- Attachment #1.2: 0xEAD9E623.asc --] [-- Type: application/pgp-keys, Size: 18729 bytes --] [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 801 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [bitcoin-dev] [Bitcoin-development] Reusable payment codes 2015-10-22 20:58 ` Justus Ranvier @ 2015-10-22 21:47 ` Luke Dashjr 2015-10-22 22:01 ` Justus Ranvier 2015-10-23 1:22 ` Peter Todd 1 sibling, 1 reply; 9+ messages in thread From: Luke Dashjr @ 2015-10-22 21:47 UTC (permalink / raw) To: Justus Ranvier; +Cc: Bitcoin Dev On Thursday, October 22, 2015 8:58:58 PM Justus Ranvier wrote: > I strongly disagree with this statement. Well, I strongly disagree with adopting the BIP as it stands. > Version 1 payment codes are designed to be deployable by wallet > implementers today, without requiring them to wait on any network-level > changes whatsoever, which includes IsStandard() redefinitions, or > yet-to-be-invented-and-deployed filtering schemes. No, those are not network-level changes. They are mere software changes that can be deployed along with the rest of the proposal. > As far as I know, multi-push OP_RETURN outputs are not standard > transactions and so wallet users can not rely on transactions containing > them to be relayed through the network, therefore any improvement to the > protocol which requires that feature is not appropriate for version 1. "Standard" means defined in a BIP. To date, there are no standard transactions using OP_RETURN period. IsStandard is a node policy that should have no influence on future BIPs. > When additional capabilities are deployed in the network such that > Bitcoin users can rely on their existence, that would be a great time to > specify a version 2 payment code that uses those features and encourage > users to upgrade (which should be a fairly smooth process since their > actual keys don't need to change). Such changes should not be made until there is a standard for them. Luke ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [bitcoin-dev] [Bitcoin-development] Reusable payment codes 2015-10-22 21:47 ` Luke Dashjr @ 2015-10-22 22:01 ` Justus Ranvier 0 siblings, 0 replies; 9+ messages in thread From: Justus Ranvier @ 2015-10-22 22:01 UTC (permalink / raw) To: Bitcoin Dev [-- Attachment #1.1: Type: text/plain, Size: 1469 bytes --] On 22/10/15 16:47, Luke Dashjr wrote: > Well, I strongly disagree with adopting the BIP as it stands. That's fine. Nobody is required to adopt an informational BIP if they do not wish to do so. > No, those are not network-level changes. They are mere software changes that > can be deployed along with the rest of the proposal. They are "mere software changes" outside the control of the users and wallet developers who may wish to use and implement payment codes, so are indistinguishable from a network-level change. > "Standard" means defined in a BIP. To date, there are no standard > transactions using OP_RETURN period. IsStandard is a node policy that should > have no influence on future BIPs. Since Bitcoin Core 0.11, 80 byte OP_RETURN transactions are standard, so that's what payment codes use: https://github.com/bitcoin/bitcoin/commit/fcf646c Whether or not it "should" have an influence, it is an absolute fact that Bitcoin users are affected by it. A user whose transactions are not relayed or mined doesn't care about the politics surrounding node policy. Designing standards without putting the needs of its intended users first is a great way to see the standard fail. > Such changes should not be made until there is a standard for them. Have you ever heard the term "permissionless innovation" by chance? Particularly in reference to Bitcoin? If you don't like payment codes, then don't use them. [-- Attachment #1.2: 0xEAD9E623.asc --] [-- Type: application/pgp-keys, Size: 18729 bytes --] [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 801 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [bitcoin-dev] [Bitcoin-development] Reusable payment codes 2015-10-22 20:58 ` Justus Ranvier 2015-10-22 21:47 ` Luke Dashjr @ 2015-10-23 1:22 ` Peter Todd 2015-10-23 15:57 ` Justus Ranvier 1 sibling, 1 reply; 9+ messages in thread From: Peter Todd @ 2015-10-23 1:22 UTC (permalink / raw) To: Justus Ranvier; +Cc: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 1104 bytes --] On Thu, Oct 22, 2015 at 03:58:58PM -0500, Justus Ranvier via bitcoin-dev wrote: > On 22/10/15 15:43, Luke Dashjr wrote: > > BIPs should in general not be > > designed around current software > > I strongly disagree with this statement. > > There is a version byte in the payment code specification for a reason. > > Version 1 payment codes are designed to be deployable by wallet > implementers today, without requiring them to wait on any network-level > changes whatsoever, which includes IsStandard() redefinitions, or > yet-to-be-invented-and-deployed filtering schemes. > > As far as I know, multi-push OP_RETURN outputs are not standard > transactions and so wallet users can not rely on transactions containing > them to be relayed through the network, therefore any improvement to the > protocol which requires that feature is not appropriate for version 1. FWIW multi-push OP_RETURN outputs will be standard in v0.12.0: https://github.com/bitcoin/bitcoin/pull/6424 -- 'peter'[:-1]@petertodd.org 0000000000000000066dc6b040d8be42153f784df37745b46c4ad667e0788781 [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 650 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [bitcoin-dev] [Bitcoin-development] Reusable payment codes 2015-10-23 1:22 ` Peter Todd @ 2015-10-23 15:57 ` Justus Ranvier 0 siblings, 0 replies; 9+ messages in thread From: Justus Ranvier @ 2015-10-23 15:57 UTC (permalink / raw) To: Peter Todd; +Cc: Bitcoin Dev [-- Attachment #1.1: Type: text/plain, Size: 664 bytes --] On 22/10/15 20:22, Peter Todd wrote: > FWIW multi-push OP_RETURN outputs will be standard in v0.12.0: > > https://github.com/bitcoin/bitcoin/pull/6424 > As I said before, once the prerequisites for a better notification method are usable in the network, I'd love to define a version 2 payment code that uses such an better notification system. In the meantime. every block mined shows very consistent 70% address reuse. Anything that can bring that number down is a good thing. Even if version 1 payment codes could only potentially drop that number from 70% to 30% instead of to 0%, they'd still be worth using while we wait for version 2. [-- Attachment #1.2: 0xEAD9E623.asc --] [-- Type: application/pgp-keys, Size: 18729 bytes --] [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 801 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [bitcoin-dev] [Bitcoin-development] Reusable payment codes 2015-10-22 20:43 ` Luke Dashjr 2015-10-22 20:58 ` Justus Ranvier @ 2015-10-22 21:05 ` Kristov Atlas 1 sibling, 0 replies; 9+ messages in thread From: Kristov Atlas @ 2015-10-22 21:05 UTC (permalink / raw) To: Luke Dashjr; +Cc: Bitcoin Dev [-- Attachment #1: Type: text/plain, Size: 2478 bytes --] The consequence of previous ECDH address proposals "not designing around current software" is a sustained ~70% of transactions reusing addresses, as you saw in my Reddit post recently. If you have a fear that an inferior proposal will gain popularity, you can always propose a superior one. If it's *actually* superior, it will win out. On Thu, Oct 22, 2015 at 4:43 PM, Luke Dashjr via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > On Thursday, October 22, 2015 2:55:14 PM Justus Ranvier wrote: > > On 22/10/15 00:53, Luke Dashjr wrote: > > > Sorry for the late review. I'm concerned with the "notification > address" > > > requirement, which entails address reuse and blockchain spam. Since it > > > entails address reuse, the recipient is forced to either leave them > > > unspent forever (bloating the UTXO set), or spend it which potentially > > > compromises the private key, and (combined with the payment code) > > > possibly as much as the entire wallet. > > > > > > Instead, I suggest making it a single zero-value OP_RETURN output with > > > two pushes: 1) a hash of the recipient's payment code, and 2) the > > > encrypted payment code. This can be searched with standard bloom > > > filters, or indexed with whatever other optimised algorithms are > > > desired. At the same time, it never uses any space in the UTXO set, and > > > never needs to be > > > spent/mixed/dusted. > > > > The notification transaction portion is my least-favorite portion of the > > spec, but I don't see any alternatives that provide an unambiguous > > improvement, including your suggestion. > > > > One of the most highly-weighted goals of this proposal is to be usable > > on as many mobile/light wallets as possible. > > > > I know for sure that all existing platforms for balance querying index > > by address. Support for bloom filters or other querying methods is less > > comprehensive, meaning the set of wallets that can support payment codes > > would be smaller. > > No, they just need to improve their software, and only to support receiving > with payment codes (not sending to them). BIPs should in general not be > designed around current software, especially in this case where there is no > benefit to doing so (since it requires software upgrades anyway). > > Luke > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > [-- Attachment #2: Type: text/html, Size: 3360 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2015-10-23 16:04 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-10-22 5:53 [bitcoin-dev] [Bitcoin-development] Reusable payment codes Luke Dashjr 2015-10-22 14:55 ` Justus Ranvier 2015-10-22 20:43 ` Luke Dashjr 2015-10-22 20:58 ` Justus Ranvier 2015-10-22 21:47 ` Luke Dashjr 2015-10-22 22:01 ` Justus Ranvier 2015-10-23 1:22 ` Peter Todd 2015-10-23 15:57 ` Justus Ranvier 2015-10-22 21:05 ` Kristov Atlas
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox