Topic: Wallets supporting Silent Payments - page 2. (Read 1091 times)
It looks like BitBox will soon become the first hardware wallet manufacturer to support silent payments. It will probably be released soon with an upcoming firmware/software update. There is already a video of a BitBox02 making a transaction to a silent payment address.
[...]
The problem with this solution is that you can't have an accurate transaction history if you need to use the wallet from more than one device regularly. Personally, I don't find this that much of an issue.It's difficult to keep track of your transactions in more than one device anyways, unless I'm the only one using labels.
Silent payments would not be very silent if they could be easily identified in the blockchain (hence chain analysis also identifies them) - so therefore it's a good thing that there's crap like Ordinals and Runes for it to blend in with, "obfuscation" if you may call it that.
It's pretty easy to spot an Ordinal. I don't see how this obfuscates the silent payments.On the other hand when the blocks are full of Taproot outputs, it becomes more computationally expensive to search for them.
According to these stats, in the last 90 days, only 1.66% of the output volume was of type taproot. People still use P2PKH very regularly (35.92%!!!), even under high fees. 
On second thought: I don't think the bold part should be the default: if you use multiple wallets, or resync your main wallet, you'd want your spent inputs to show up too.
Here's a quick thought: When creating your wallet, scan for all transactions that include a Taproot output. When opening your wallet afterwards, look only for unspent inputs. This way, it'll take some more time to find your transaction history only during setup. For faster scanning, silent payment software could give you a wallet block height for when recovering it in the future.
Silent payments would not be very silent if they could be easily identified in the blockchain (hence chain analysis also identifies them) - so therefore it's a good thing that there's crap like Ordinals and Runes for it to blend in with, "obfuscation" if you may call it that.
On the other hand when the blocks are full of Taproot outputs, it becomes more computationally expensive to search for them. The process is parallelizable to a degree, but only for parsing the transactions in a block. Unless you are querying from a node that carries block undo history.
So maybe we will see more applications of taproot in the future.
On second thought: I don't think the bold part should be the default: if you use multiple wallets, or resync your main wallet, you'd want your spent inputs to show up too.
Here's a quick thought: When creating your wallet, scan for all transactions that include a Taproot output. When opening your wallet afterwards, look only for unspent inputs. This way, it'll take some more time to find your transaction history only during setup. For faster scanning, silent payment software could give you a wallet block height for when recovering it in the future.
That's what I mean: I don't see how this can work without the server knowing the details and without the user downloading all (new) blocks?
In the case with silent payments, it can be implemented more efficiently than in Feather: Request from the server to send you only transactions that contain a Taproot ouput, occurred after the last time you opened your wallet, and haven't yet been spent. That will exclude a lot of unnecessary information.
The latest 6.6.7 version of Blue Wallet now has support for silent payments. At the moment, you can only use Blue Wallet to send to silent payment addresses. The release notes don't mention that you can use the app to create a silent payment address. I am running the latest version on my phone and I tried to create a new wallet, but I couldn't find silent payments among the options.
Thanks for reporting.I added Blue Wallet to the list of wallets that (partially) support Silent Payments.
More wallets will eventually add Silent Payments when they become more stable.
Latest blog article explaining how Silent Payments work:
https://medium.com/@ottosch/how-silent-payments-work-41bea907d6b0
In the case with silent payments, it can be implemented more efficiently than in Feather: Request from the server to send you only transactions that contain a Taproot ouput, occurred after the last time you opened your wallet, and haven't yet been spent. That will exclude a lot of unnecessary information.
Thanks, this makes sense. It's quite genius! How? From what I understand about Silent Payments, you'll need to check all blocks to see which payments belong to you. If you use a light (or web) wallet, how can your wallet know this without a central server also knowing it?
Think of it like Monero: when you request blocks from a FeatherWallet server, the server does not know which coins are yours. You're just downloading blocks, checking if any of the transactions are yours, and if not, discarding. The server does not know which transactions you keep.That's what I mean: I don't see how this can work without the server knowing the details and without the user downloading all (new) blocks?
In the case with silent payments, it can be implemented more efficiently than in Feather: Request from the server to send you only transactions that contain a Taproot ouput, occurred after the last time you opened your wallet, and haven't yet been spent. That will exclude a lot of unnecessary information. They won't know who you are, but wouldn't they still be able to link all Silent Payments together? Say you post your SP-address here, and receive 2 donations. You'll receive both of them on a different Bitcoin address. But Silentium will know they belong together, right?
No they won't.Only sender and receiver know addresses and amounts that are send
I'm skeptical about Electrum, because their priority is to be lightweight, and silent payments move the burden to the user
That's what I mean: I don't see how this can work without the server knowing the details and without the user downloading all (new) blocks?
It'll take a while to spread on the reputable wallet software. I'm skeptical about Electrum, because their priority is to be lightweight, and silent payments move the burden to the user, but at least it's optional. You could argue the same about lightning, and they've written an entire lightning network implementation.
Let's see. Electrum and Sparrow are the ones that will activate the network effect.
Let's see. Electrum and Sparrow are the ones that will activate the network effect.
The latest 6.6.7 version of Blue Wallet now has support for silent payments. At the moment, you can only use Blue Wallet to send to silent payment addresses. The release notes don't mention that you can use the app to create a silent payment address. I am running the latest version on my phone and I tried to create a new wallet, but I couldn't find silent payments among the options.
They won't know who you are, but wouldn't they still be able to link all Silent Payments together? Say you post your SP-address here, and receive 2 donations. You'll receive both of them on a different Bitcoin address. But Silentium will know they belong together, right?
No they won't.Only sender and receiver know addresses and amounts that are send, but it's obviously always better to run a full node.
Someone could potentially suspect that your addresses are used if you consolidate exact amounts later into one address.
Easy to add node in Cake wallet settings.
I've never used it, and just checked: it's a phone app. I assume the server will handle the details on the Silent Payment, right? So it still defeats the purpose of "keeping it silent".
There is also Cake wallet for desktop, Linux, Mac and wind0ws.More about silent payments:
https://silentpayments.xyz/
You can use Silentium with tor browser to hide your IP address, and I think you can generate seed words offline.
They won't know who you are, but wouldn't they still be able to link all Silent Payments together? Say you post your SP-address here, and receive 2 donations. You'll receive both of them on a different Bitcoin address. But Silentium will know they belong together, right?I won't claim to fully understand how Silend Payments work, but as far as I know, running a full node is the only way to make sure nobody else knows which transactions belong to the same SP-address.
Quote
Cake wallet works much better but note that Silent Payments is still in beta phase.
I've never used it, and just checked: it's a phone app. I assume the server will handle the details on the Silent Payment, right? So it still defeats the purpose of "keeping it silent". Isn't a web wallet the opposite of what you'd want for Silent Payments? It's convenient, because you don't have to process all blocks, but your privacy depends on a third party.
You can use Silentium with tor browser to hide your IP address, and I think you can generate seed words offline.I am not supporting any wallets in this list, and Silentium is more experimental proof of concept wallet to test how Silent Payments work, so it should not be used with larger amount of coins.
There are some reports from users with coins getting stuck using Silentium because of sync issues, so I don't recommend it for anything serious.
Cake wallet works much better but note that Silent Payments is still in beta phase.
- Cake Wallet beta
- Silentium wallet web
- SeedSigner test
Is there a discussion about Silent Payments going around on the Forum? I just found out about it, am very curious to learn more but I do not think I understand how it works yet.
See witcher_sense's topic: Silent payments. When the recipient provides a silent payment address to the sender, does the sender actually combine some keys and will this key result in a public address of the recipient's wallet that only he (the recipient) knows?
Yes. As shown above, the sender uses the key pair of one of his inputs (r for private key, R for public key). He then creates another key pair, hash(r*A) as private key and hash(r*A)*G as the public key. Then, he adds hash(r*A)*G to public key B, which is the key the recipient uses to spend the bitcoin. The resulting public key is hash(r*A)*G + B. The private key of this public key is hash(r*A) + b, which is unknown for the sender (as he does not know b), but known by the recipient, because r*A = r*a*G = r*G*a = a*R. The recipient knows a, R, b. Therefore, they can spend from the receiving address.
Is there a discussion about Silent Payments going around on the Forum? I just found out about it, am very curious to learn more but I do not think I understand how it works yet.
Which part is more difficult to understand? 
Is there a discussion about Silent Payments going around on the Forum? I just found out about it, am very curious to learn more but I do not think I understand how it works yet.
If I understand correctly how silent payments in bitcoin work in practice:
When the recipient provides a silent payment address to the sender, does the sender actually combine some keys and will this key result in a public address of the recipient's wallet that only he (the recipient) knows?
Is this silent payment address reusable with privacy and security?
It reminded me of BIP47, as it is similar.
When the recipient provides a silent payment address to the sender, does the sender actually combine some keys and will this key result in a public address of the recipient's wallet that only he (the recipient) knows?
Is this silent payment address reusable with privacy and security?
It reminded me of BIP47, as it is similar.
FOR THE SENDER
When someone wants to send funds to a Silent Payment address, in practice all they’ll need to do is scan or copy/paste the payment code into their favorite wallet (assuming it is supported), and send the payment as usual. But what exactly is happening behind the scenes?
When the sender enters the Silent Payment address into their wallet, their wallet will combine three keys to create a unique, one-time address that only the intended recipient can spend from. This unique address is created by combining the public key (or “address,” in layman’s terms) of one of the inputs that the sender wants to spend to the recipient, the public key of the recipient (contained in the Silent Payment address), and a “shared secret” key the sender generates that only the sender and recipient know. Thanks to something known as the “commutative” property in cryptography, the sender can combine these keys but cannot spend from the resulting address, as they don’t know the recipient’s private key (of course).
What three keys are these? I think this article was not very clear in explaining how silent payments work. When someone wants to send funds to a Silent Payment address, in practice all they’ll need to do is scan or copy/paste the payment code into their favorite wallet (assuming it is supported), and send the payment as usual. But what exactly is happening behind the scenes?
When the sender enters the Silent Payment address into their wallet, their wallet will combine three keys to create a unique, one-time address that only the intended recipient can spend from. This unique address is created by combining the public key (or “address,” in layman’s terms) of one of the inputs that the sender wants to spend to the recipient, the public key of the recipient (contained in the Silent Payment address), and a “shared secret” key the sender generates that only the sender and recipient know. Thanks to something known as the “commutative” property in cryptography, the sender can combine these keys but cannot spend from the resulting address, as they don’t know the recipient’s private key (of course).
the devs from the hardware wallet Bitbox2 are working on integrating sending to a silent payment address 
Quote
bitcoin: support sending to silent payment addresses
https://github.com/BitBoxSwiss/bitbox02-firmware/pull/1220
Cake wallet just released new beta version of their desktop wallet for wind0ws and linux os, and they added Silent Payments for Bitcoin!
Anyone wanting to test silent payment please tell me and we can do test transaction between two of us.
This is still beta version and bugs are possible so please use smaller amounts.
Cake desktop wallet now also support Monero.
Cake wallet latest release:
https://github.com/cake-tech/cake_wallet/releases/tag/v4.18.0
Anyone wanting to test silent payment please tell me and we can do test transaction between two of us.
This is still beta version and bugs are possible so please use smaller amounts.
Cake desktop wallet now also support Monero.
Cake wallet latest release:
https://github.com/cake-tech/cake_wallet/releases/tag/v4.18.0
And this is not something that can be banned or anything because it's literally just using bitcoin addresses in a way that cannot be tracked by chain analysis.
They can still be tracked, so this is not a perfect privacy solution for bitcoin, but it is still a big improvement. Jump to: