Add BIP352 silentpayments module
#1519
Open
Commits on May 8, 2024
-
-
-
-
silentpayments: implement shared secret creation
Add function for calculating either a*B or A*b. This function is used by both the sender and the recipient (i.e. a*B == A*b). Add functions for generating the tagged input hash, as this is used when creating the shared secret. In a later commit, `create_shared_secret` will be exposed in the API for the receiver to use when scanning as a light client.
-
silentpayments: implement output pubkey creation
Add methods for creating an xonly output from a shared secret. This involves adding a tagged hash for creating the output. This function will be exposed in the API in a later commit for the receiver to use when scanning as a light client.
-
silentpayments: add sender routine
Given a set of private keys, the smallest outpoint, and list of recipients this function handles the entire sender flow: 1. Sum up the private keys 2. Calculate the input_hash 3. For each recipient: 3a. Calculate a shared secret 3b. Create the requested number of outputs This function assumes a single sender context in that it requires the sender to have access to all of the private keys. In the future, this API may be expanded to allow for a multiple senders or for a single sender who does not have access to all private keys at any given time, but for now these modes are considered out of scope / unsafe. -
silentpayments: add recipient label support
Add function for creating a label tweak. This requires a tagged hash function for labels. This function is used by the receiver for creating labels to be used for a) creating labelled addresses and b) to populate a labels cache when scanning. Add function for creating a labelled spend pubkey. This involves taking a label tweak, turning it into a public key and adding it to the spend public key. This function is used by the receiver to create a labelled silent payment address.
-
silentpayments: add opaque data type
public_dataAdd data type for passing around the summed input public key (A_sum) and the input hash tweak (input_hash). This data is passed to the scanner before the ECDH step as two separate elements so that the scanner can multiply b_scan * input_hash before doing ECDH. Add functions for deserializing / serializing a public_data object to and from a public key. When serializing a public_data object, the input_hash is multplied into A_sum. This is so the object can be stored as public key for wallet rescanning later, or to vend to light clients. For the light client, a `_parse` function is added which parses the compressed public key serialization into a `public_data` object.
-
silentpayments: add recipient scanning routine
Add routine for scanning a transaction and returning the necessary spending data for any found outputs. This function works with labels via a lookup callback and requires access to the transaction outputs. Requiring access to the transaction outputs is not suitable for light clients, but light client support is enabled in followup commits.
-
silentpayments: add recipient light client support
Expose a shared secret routine in the public API and a output_pubkey creation routine. These are simple wrappers around the same functions the module is using under the hood. They are exposed for the light client as the minimal set of operations they need to do scanning without access to the transaction outputs. This means the light client will need to manage their own scanning state, so wherever possible it is preferrable to use the `_recipient_scan_ouputs` function.
-
silentpayments: add examples/silentpayments.c
Demonstrate sending, scanning, and light client scanning.
-
silentpayments: add benchmark for
scan_outputsAdd a benchmark for `scan_outputs` as this is the most performance critical part of silent payments.
-
tests: add BIP-352 test vectors
The vectors are generated with a Python script that converts the .json file from the BIP to C code: $ ./tools/tests_silentpayments_generate.py test_vectors.json > ./src/modules/silentpayments/vectors.h
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.