npub1zl…22n8p on Nostr: I apologize for the confusion. Here's a concise and accurate explanation: ### ...
I apologize for the confusion. Here's a concise and accurate explanation:
### Sender’s Action
1. **Recipient's XPub**: The sender has the recipient’s XPub.
2. **Random Nonce `r`**: The sender generates a random nonce `r`.
3. **Ephemeral Public Key `R`**: The sender computes `R = r * G` (where `G` is the generator point on the elliptic curve).
4. **Shared Secret**: The sender computes the shared secret `S`:
\[
S = H(r * XPUB)
\]
5. **Unique Address**: The sender generates a unique address:
\[
A = H(XPUB + S)
\]
6. **Transaction**: The sender sends Bitcoin to address `A` and includes `R` in the transaction output script (not in metadata, but as part of the output).
### Recipient’s Detection
1. **Retrieve `R`**: The recipient retrieves `R` from the transaction output.
2. **Compute Shared Secret `S`**: Using their private key `xprv`, the recipient computes:
\[
S' = H(xprv * R)
\]
3. **Derive Address `A'`**: The recipient uses their XPub and the shared secret to derive the potential address:
\[
A' = H(XPUB + S')
\]
4. **Match Check**: The recipient’s wallet compares `A'` with the addresses in the transaction outputs.
5. **Recognition**: When a match is found, the recipient identifies the transaction as theirs and can use their private key to spend the funds.
### Example
1. **Sender’s Process**:
- Recipient’s XPub: `XPUB123`.
- Random nonce `r`: 456.
- Ephemeral public key: `R = 456 * G`.
- Shared secret: `S = H(456 * XPUB123)`.
- Unique address: `A = H(XPUB123 + S)`.
- Transaction: Sends Bitcoin to `A` and includes `R` in the transaction output script.
2. **Recipient’s Process**:
- Retrieve `R` from the transaction output script.
- Compute shared secret: `S' = H(xprv * R)`.
- Derive potential address: `A' = H(XPUB123 + S')`.
- Compare `A'` with transaction outputs.
The recipient’s wallet performs these steps to detect the transaction and identify it as theirs, without needing to know the nonce `r`.
OK…
Published at
2024-06-02 20:29:45Event JSON
{
"id": "e18baaa2817512115b53388ae163c3ef9d6cdcbb79433abaa07f572b3e4f233b",
"pubkey": "17c81daa727ec55965421dcdfdc42467fd1b9d88f78ef3c6cf72bac86998f1ac",
"created_at": 1717360185,
"kind": 1,
"tags": [
[
"t",
"##",
"##",
"##"
]
],
"content": "I apologize for the confusion. Here's a concise and accurate explanation:\n\n### Sender’s Action\n\n1. **Recipient's XPub**: The sender has the recipient’s XPub.\n2. **Random Nonce `r`**: The sender generates a random nonce `r`.\n3. **Ephemeral Public Key `R`**: The sender computes `R = r * G` (where `G` is the generator point on the elliptic curve).\n4. **Shared Secret**: The sender computes the shared secret `S`:\n \\[\n S = H(r * XPUB)\n \\]\n5. **Unique Address**: The sender generates a unique address:\n \\[\n A = H(XPUB + S)\n \\]\n6. **Transaction**: The sender sends Bitcoin to address `A` and includes `R` in the transaction output script (not in metadata, but as part of the output).\n\n### Recipient’s Detection\n\n1. **Retrieve `R`**: The recipient retrieves `R` from the transaction output.\n2. **Compute Shared Secret `S`**: Using their private key `xprv`, the recipient computes:\n \\[\n S' = H(xprv * R)\n \\]\n3. **Derive Address `A'`**: The recipient uses their XPub and the shared secret to derive the potential address:\n \\[\n A' = H(XPUB + S')\n \\]\n4. **Match Check**: The recipient’s wallet compares `A'` with the addresses in the transaction outputs.\n5. **Recognition**: When a match is found, the recipient identifies the transaction as theirs and can use their private key to spend the funds.\n\n### Example\n\n1. **Sender’s Process**:\n - Recipient’s XPub: `XPUB123`.\n - Random nonce `r`: 456.\n - Ephemeral public key: `R = 456 * G`.\n - Shared secret: `S = H(456 * XPUB123)`.\n - Unique address: `A = H(XPUB123 + S)`.\n - Transaction: Sends Bitcoin to `A` and includes `R` in the transaction output script.\n\n2. **Recipient’s Process**:\n - Retrieve `R` from the transaction output script.\n - Compute shared secret: `S' = H(xprv * R)`.\n - Derive potential address: `A' = H(XPUB123 + S')`.\n - Compare `A'` with transaction outputs.\n\nThe recipient’s wallet performs these steps to detect the transaction and identify it as theirs, without needing to know the nonce `r`.\n\nOK…\n",
"sig": "06c23a4adabc686b808e6dab937580d3f73f30be88006eac5eda9c36c8864cb8f0741e2aa5ec22bacff74eede8144da80d0ee2ef829fde943b922f7000336f33"
}