š
Original date posted:2014-01-13
š Original message:> Uh while I'm responding again, what I'd discussed with Peter Todd in
> IRC used two EC points in the stealth address. One for the payment and
> one for the ECDH. The reason to use two is that it makes delegating
> detection possible and so you don't have to have you spending keys
> online to even detect these payments. Why'd that get dropped?
I think this is exactly what I've implemented.
I decided to put both pubKeys in a 2-of-2 multisig, instead of keeping one of the pubKeys in the OP-RETURN, to prevent a malicious sender from triggering false positives on your online detection key when the funds are actually still fully controlled by the payer.
You can still have a false positive (only 1 of 2 keys actually yours) but the funds would be trapped so it's unlikely anyone would do it.
Can you take a look at the Gist and TXs on TestNet I sent out, and see if that's in line with what you expected?
I would also greatly appreciate if you could review the discussion around doing two ECDH operations with a single ephemeral key.
Thanks!
--Jeremy
Jeremy Spilman [ARCHIVE] /
npub10eā¦jc727
2023-06-07 15:11:52
in reply to nevent1qā¦c8f6
Author Public Key
npub10etkvm8l0jr0jsgdx02dxnhnu5g989dnca90guj5rklwkaplnh3sgjc727Published at
2023-06-07 15:11:52Event JSON
{
"id": "d595f0944a25ef4ca177859be2d2c5d8fdbd598019fc924b28f29b8ba947a79b",
"pubkey": "7e57666cff7c86f9410d33d4d34ef3e5105395b3c74af472541dbeeb743f9de3",
"created_at": 1686150712,
"kind": 1,
"tags": [
[
"e",
"6b79d8c7bec3dc6952db91cc68d0510d9897c37dcf58a24d8e2f4288fe42525c",
"",
"root"
],
[
"e",
"93a44d0bac355503b45bcdb08531fa6ea052117abc5535bfc5be8edf7eb27615",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "š
Original date posted:2014-01-13\nš Original message:\u003e Uh while I'm responding again, what I'd discussed with Peter Todd in\n\u003e IRC used two EC points in the stealth address. One for the payment and\n\u003e one for the ECDH. The reason to use two is that it makes delegating\n\u003e detection possible and so you don't have to have you spending keys\n\u003e online to even detect these payments. Why'd that get dropped?\n\nI think this is exactly what I've implemented.\n\nI decided to put both pubKeys in a 2-of-2 multisig, instead of keeping one of the pubKeys in the OP-RETURN, to prevent a malicious sender from triggering false positives on your online detection key when the funds are actually still fully controlled by the payer.\n\nYou can still have a false positive (only 1 of 2 keys actually yours) but the funds would be trapped so it's unlikely anyone would do it. \n\nCan you take a look at the Gist and TXs on TestNet I sent out, and see if that's in line with what you expected?\n\nI would also greatly appreciate if you could review the discussion around doing two ECDH operations with a single ephemeral key.\n\nThanks!\n--Jeremy",
"sig": "6deb63060dec587e8e0b62a0ca4b7f057e04dabcacafb880995e162b61ed8c4f2e02318bb96da80c8f0b673804d4a66ac19c34f058202ea2ee729433c2032864"
}