This almost made it to Bitcoin Core's next major release v28 but was dropped from the priority list to be replaced by another update.
There's a "Tracking Issue" for those who want to see when this will get implemented in the reference client, currently at 4/15 tasks completed.
Link: BIP352 tracking issue (issue# 28536)
Topic: Wallets supporting Silent Payments - page 3. (Read 1036 times)
Fungible tokens are trash and a waste of money, don’t get me wrong. However, Runes are not an attack vector, as they implement similar protocols in a much more efficient manner.
What I said was subjective. I consider them an attack vector because I see them as intentional spam meant to fill up blocks with garbage and keep out genuine use from people not willing to play along and overpay their transactions hundreds or thousands of times. Not to mention the scam side of them for tricking gullible know-nothings into investing in such crap. 
That rules out the on-chain spam like Runes and Ordinals probably (not sure which of these two attack vectors use taproot).
Runes use OP_RETURN, Ordinals use Taproot. Fungible tokens are trash and a waste of money, don’t get me wrong. However, Runes are not an attack vector, as they implement similar protocols in a much more efficient manner. SPV clients don't have this information locally (you don't have a record of the blockchain on your computer), so they will need more time and bandwidth to verify everything.
If you've used Monero in an SPV client, then it's similar process. Feather, as an example, fetches blockchain data from default servers, and unless you've lost your block height, syncing does not take a lot of time to finish. In fact, in Bitcoin, it'll be much faster because the servers will only send you Taproot transactions. Obviously a little kind of burden to SPV clients. However, when adoption increases, such discrepancies will fade away just like as it was with bc1 addresses.
I don't think it will. A full node stores the entire blockchain record locally and it's, therefore, easier and quicker for it to go and check all the transactions that could belong to you. SPV clients don't have this information locally (you don't have a record of the blockchain on your computer), so they will need more time and bandwidth to verify everything. 
The way I understood it, people running their own nodes will benefit in the speed of scanning compared to those relying on SPV clients. Someone correct me if I am wrong.
That's correct. When a sender pays you silently, you don't know where your bitcoin is, unless you check for all incoming transactions and perform the necessary operations. That's a burden for SPV clients, because they somehow need to be aware of all incoming transactions (that matter*). * not all transactions can be silent payments, so there are a lot of exclusions the server can make.
Thanks BlackHatCoiner for the detailed explanation of why the address appeared longer than normal.
* not all transactions can be silent payments, so there are a lot of exclusions the server can make.
Correct. Only taproot transactions can be silent payments. So a server can skip anything that isn't a taproot output. Servers can also skip any taproot output below a certain size. That rules out the on-chain spam like Runes and Ordinals probably (not sure which of these two attack vectors use taproot). Finally, there could be an option to scan only taproot outputs after a certain date or block height. If you generated your silent payment address last week, there is no need to have your client scan anything older than that because you can't possibly receive a payment before you had a silent payment address. More details are covered in these docs:
https://silentpayments.xyz/docs/explained/
Why is it a way longer than the usual addresses?
For the same reason Monero addresses are longer. Because, it encodes two public keys.This explains with many details on differences among Bitcoin address types and length (total characters of each address type). At the bottom of article, it has a Reference table that summarize explanations very well.
An example of difference is Segwit single signature address will have 42 characters but a multisig address will have 62 characters.
Why is it a way longer than the usual addresses?
For the same reason Monero addresses are longer. Because, it encodes two public keys. One which is used to spend the bitcoin, and another which is used to scan the bitcoin. Think of it like this:- The receiver creates two pairs of private and public keys; (a, A) for scanning, and (b, B) for spending. Their silent payment address is [A, B] (concatenation of public keys A, B)
- The sender uses one of their inputs as another pair of private and public keys. Let's call them r and R.
- The sender constructs a public key P which is the result of adding the public key of the private key hash(r*A) to B. (At this point, the receiver doesn't know they control P)
- When the receiver receives the sender's transaction, they can perform a mathematical operation, and realize they can work out the private key that is used to produce P.
Read more about it in here: https://monero.stackexchange.com/a/1535/17055. It's how a stealth address works, which is very similar to how a silent payment address works.
The way I understood it, people running their own nodes will benefit in the speed of scanning compared to those relying on SPV clients. Someone correct me if I am wrong.
That's correct. When a sender pays you silently, you don't know where your bitcoin is, unless you check for all incoming transactions and perform the necessary operations. That's a burden for SPV clients, because they somehow need to be aware of all incoming transactions (that matter*). * not all transactions can be silent payments, so there are a lot of exclusions the server can make.
Here is example how Silent Payment addresses look
Why is it a way longer than the usual addresses?Quote
sp1qq0rdyln9cwthvkyd7z7yq5kcpdhlc70h5u9tk2v8dja0gm684twxsqsls3j3phhlg0gnkawqeqq p20q03en269hg26g2fw03tzrc9g75zuume85y
https://bitcoinwiki.org/wiki/cryptonote
How to recognize different crypto address types
Quote
Monero addresses start with 4 and 8, and are even longer: 95 characters.
Example:
4AdUndXHHZ6cfufTMvppY6JwXNouMBzSkbLYfpAV5Usx3skxNgYeYTRj5UzqtReoS44qo9mtmXCqY45 DJ852K5Jv2684Rge
Example:
4AdUndXHHZ6cfufTMvppY6JwXNouMBzSkbLYfpAV5Usx3skxNgYeYTRj5UzqtReoS44qo9mtmXCqY45 DJ852K5Jv2684Rge
The sp1 address above has more than 95 characters, it has 116 characters.
This means the wallet keeps generating different addresses which interacts with the blockchain while allowing the user to maintain 1 addy from their own end. How will the blockchain analysis be?
Each payment on the blockchain will look like any other Taproot payment. Third parties wouldn't be able to look at the on-chain data and recognize that it's a payment made to a silent payment address. Silent payments require more work on the receiver's end to scan the blockchain and recognize that payments were sent their way. The way I understood it, people running their own nodes will benefit in the speed of scanning compared to those relying on SPV clients. Someone correct me if I am wrong. Every time you receive coins with Silent Payment they will end up in new bitcoin address, so there is no more address reuse.
This means the wallet keeps generating different addresses which interacts with the blockchain while allowing the user to maintain 1 addy from their own end. How will the blockchain analysis be?Here is example how Silent Payment addresses look
Why is it a way longer than the usual addresses? Quote
sp1qq0rdyln9cwthvkyd7z7yq5kcpdhlc70h5u9tk2v8dja0gm684twxsqsls3j3phhlg0gnkawqeqq p20q03en269hg26g2fw03tzrc9g75zuume85y
Foundation Passport has also announced that they are planning to introduce support for BIP351 and Silent Payments. They plan to integrate it with both Envoy and the Passport hardware wallet in the future. Of course, it's not added yet, but just something for you to keep an eye on.
I am not using a SeedSigner, but which is one of the safest cold storage that can be used. I am not using a web wallet, but Silentium wallet is a web wallet. I wanted to try how it would work on Cake wallet and I decided to download it but I saw this malware warning which made me uninstall the wallet immediately:
I have not seen this warning before, but I can not risk it. Or what do you think about installing it?
Bluewallet is working on silent payment and I am looking forward to see a release of an update that will support it. I hope Electrum and other reputable wallets also will support it.
I have not seen this warning before, but I can not risk it. Or what do you think about installing it?
Bluewallet is working on silent payment and I am looking forward to see a release of an update that will support it. I hope Electrum and other reputable wallets also will support it.
Silent Payments are interesting new form of Bitcoin addresses that allows preserving privacy with one reusable address.
All Silent Payment bitcoin addresses are starting with sp1 and they can be considered as stealth addresses or reusable payment codes.
Only the sender and receiver can connect Silent Payment address address with on-chain activity, so this makes it perfect for donations purposes as a single address.
Every time you receive coins with Silent Payment they will end up in new bitcoin address, so there is no more address reuse.
Silent Payments was originally proposed by Ruben Somsen as BIP-0352 back in 2022, but this year they are really kicking off and wallets are starting to implement it.
https://github.com/bitcoin/bips/blob/master/bip-0352.mediawiki
Here is example how Silent Payment addresses look
Wallets currently supporting Silent Payments:
All Silent Payment bitcoin addresses are starting with sp1 and they can be considered as stealth addresses or reusable payment codes.
Only the sender and receiver can connect Silent Payment address address with on-chain activity, so this makes it perfect for donations purposes as a single address.
Every time you receive coins with Silent Payment they will end up in new bitcoin address, so there is no more address reuse.
Silent Payments was originally proposed by Ruben Somsen as BIP-0352 back in 2022, but this year they are really kicking off and wallets are starting to implement it.
https://github.com/bitcoin/bips/blob/master/bip-0352.mediawiki
Here is example how Silent Payment addresses look
Quote
sp1qq0rdyln9cwthvkyd7z7yq5kcpdhlc70h5u9tk2v8dja0gm684twxsqsls3j3phhlg0gnkawqeqq p20q03en269hg26g2fw03tzrc9g75zuume85y
Wallets currently supporting Silent Payments:
- Cake Wallet beta
- Silentium wallet web experimental
- SeedSigner test
- Blue Wallet sending only
Jump to: