Gregory Maxwell [ARCHIVE] on Nostr: 📅 Original date posted:2017-09-27 📝 Original message:On Wed, Sep 27, 2017 at ...
📅 Original date posted:2017-09-27
📝 Original message:On Wed, Sep 27, 2017 at 4:06 PM, Peter Todd via bitcoin-dev
<bitcoin-dev at lists.linuxfoundation.org> wrote:
> Re-use of old addresses is a major problem, not only for privacy, but also
> operationally: services like exchanges frequently have problems with users
> sending funds to addresses whose private keys have been lost or stolen; there
When Pieter and I were working on Bech32 we specifically designed for
error correcting codes that had good performance for longer lengths
than we technically needed specifically to incorporate things like
dates and explicit amounts.
(explicit amounts so that typos and bit flips in amounts displayed or
in memory couldn't result in sending the wrong amount)
But we also thought that also adding those features at the same time
would retard adoption-- both due to debating over the encodings and
because handling would result in different software requirements and
layering, so you couldn't just drop them in.
Doubly unfortunately, people have even deployed BIP173 already (prior
to it even having much peer review or being adopted by its own
authors), so I think a rethink now wouldn't be timely (I mean as a
replacement to BIP173 rather than an additional format). :(
But I do support the idea.
One thing to keep in mind is that address format linked fields are
most efficient if they're multiples of 5 bits. Perhaps use 1 bit to
indicate an embedded amount and 19 bits of 1 day precision, resulting
in a 1435 year span.
Keep in mind that high precision of the expiration times is asking the
sender to have a higher precision of idea of the time, date only is
kinda nice. I think shorter expiration times are unlikely to be
useful due to clock skew-- you can't assume a signer has any access to
the Bitcoin network at all.
Published at
2023-06-07 18:06:23Event JSON
{
"id": "67a234b5c0f470532771063527772dbb5efe9361e82d3c7a8ddee2204d511cd9",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686161183,
"kind": 1,
"tags": [
[
"e",
"02d8c76b933e43bf4fbef62deb34ae55389c59e653682f6f8847f8910b9dcb32",
"",
"root"
],
[
"e",
"7ceadb183ba1a107ab74a0099df65fec146e4bbc0adc13b9582094fee789d23b",
"",
"reply"
],
[
"p",
"daa2fc676a25e3b5b45644540bcbd1e1168b111427cd0e3cf19c56194fb231aa"
]
],
"content": "📅 Original date posted:2017-09-27\n📝 Original message:On Wed, Sep 27, 2017 at 4:06 PM, Peter Todd via bitcoin-dev\n\u003cbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\u003e Re-use of old addresses is a major problem, not only for privacy, but also\n\u003e operationally: services like exchanges frequently have problems with users\n\u003e sending funds to addresses whose private keys have been lost or stolen; there\n\nWhen Pieter and I were working on Bech32 we specifically designed for\nerror correcting codes that had good performance for longer lengths\nthan we technically needed specifically to incorporate things like\ndates and explicit amounts.\n\n(explicit amounts so that typos and bit flips in amounts displayed or\nin memory couldn't result in sending the wrong amount)\n\nBut we also thought that also adding those features at the same time\nwould retard adoption-- both due to debating over the encodings and\nbecause handling would result in different software requirements and\nlayering, so you couldn't just drop them in.\n\nDoubly unfortunately, people have even deployed BIP173 already (prior\nto it even having much peer review or being adopted by its own\nauthors), so I think a rethink now wouldn't be timely (I mean as a\nreplacement to BIP173 rather than an additional format). :(\n\nBut I do support the idea.\n\nOne thing to keep in mind is that address format linked fields are\nmost efficient if they're multiples of 5 bits. Perhaps use 1 bit to\nindicate an embedded amount and 19 bits of 1 day precision, resulting\nin a 1435 year span.\n\nKeep in mind that high precision of the expiration times is asking the\nsender to have a higher precision of idea of the time, date only is\nkinda nice. I think shorter expiration times are unlikely to be\nuseful due to clock skew-- you can't assume a signer has any access to\nthe Bitcoin network at all.",
"sig": "12ddb2f9b4a9912c14700873b1c29d0c95f64d142a89e13b6f620e05f0e307f2254828061297beb2ce808e1572efd25cbd6d8c07bf1feb659202caf4460c5900"
}