0 sats \ 0 replies \ @sethforprivacy OP 19h \ parent \ on: All you need to know about Silent Payments in one site | silentpayments.xyz bitcoin
No rush at all :)
So glad it's been helpful already!
It just looks like any other on-chain Taproot payment, there is nothing distinctive on-chain that makes it stand out as having used a Silent Payment address.
Yes, think LN address but for on-chain, and without requiring extra infrastructure unlike LN addresses.
I just give you my SP address:
sp1qqweplq6ylpfrzuq6hfznzmv28djsraupudz0s0dclyt8erh70pgwxqkz2ydatksrdzf770umsntsmcjp4kcz7jqu03jeszh0gdmpjzmrf5u4zh0c
You scan it via QR or copy-paste into your favorite wallet, and on-chain you are sending to a new, unique, one-time address every time. No "send me a new address please!" hassle, no need for the receiver to keep cycling addresses, etc.
It's impossible for the sender to do so, as the output address is derived deterministically from the senders input pubkeys.
It literally makes address reuse technologically impossible :D
The difference is that you don't need separate infra just to generate new addresses for every user, but of course you still need a back-end to sync your wallet, just like any other Bitcoin wallet.
In the future this will likely just be an extension of Fulcrum/Electrum as there are already forks that add Silent Payment sync to these in a privacy-preserving way, meaning a Silent Payments user could sync using a public remote node without sacrificing privacy, thus requiring no infra.
The implementation of confidential transactions in Monero is called "RingCT" because it's implemented as a part of the ring signature construction, so you're definitely on the right path with that thought :)
Note that bulletproofs are a drastically more efficient way of handling the proofs in confidential transactions and are just a part of them.
No, I definitely know how Monero works.
Monero uses ring signatures to hide the true spend in each transaction, while Bulletproofs are a form of zero-knowledge range proof used to hide transaction amounts while still allowing them to be verifiable.
Both are core to Monero's privacy, but are different.
OK, so after digging a bit the most interesting thing by far here is the use of ring signatures (like those leveraged in Monero) to prevent any mixing round participant from being able to deterministically link other participants inputs to outputs all without a central coordinator.
In the ZeroLink protocol used by Samourai Wallet, this blinding is done as a part of the "Chaumian Coinjoin" aspect of the protocol, but AFAICT there is no similar protections in JoinMarket today as it's more difficult to coordinate this in a decentralized fashion. This is actually significant, as it reduces the vulnerability of takers to both Sybil attackers and malicious makers.
Perhaps I'm missing something, but this could be extremely useful for JoinMarket to implement! This enhances the Sybil resistance of fidelity bonds and also better protects makers against takers that attempt to reveal their outputs.
This is exactly why we don't even allow users to do dice roll entry on Passport.
Juice is almost never worth the squeeze and users WILL mess it up at some point.