delvingbitcoin

BIP352: PSBT support

BIP352: PSBT support

Original Postby andrewtoth

Posted on: June 21, 2024 13:41 UTC

In the realm of cryptocurrency transactions, particularly those involving silent payments, there is a nuanced discussion around the implementation and verification processes by signers.

Silent payment aware signers are tasked with ensuring the absence of AnyPrevout (ACP) on any inputs they are designated to sign. This precaution stems from the necessity to maintain transaction integrity, especially since the presence of ACP or any sighash flag other than ALL accompanying silent payment outputs should prompt a failure response from the signer. The rationale behind this strict verification process is rooted in adherence to the Bitcoin Improvement Proposal (BIP) specifications, which implicitly discourage the signing of inputs with ACP for transactions involving silent payments.

The conversation further delves into the technicalities of managing shares and proofs within Payment Service Buses (PSBTs). A proposed solution to streamline this aspect involves incorporating shares and proofs as global entities within the transaction structure. Specifically, the suggestion entails using the scan key followed by the set of input outpoints as key data, as opposed to relying on input indexes. This approach not only facilitates flexibility in changing input order but also prevents the redundancy of shares and proofs across multiple inputs. When considering the storage implications of these configurations, the efficiency varies depending on the scenario. For instance, encompassing n inputs under a singular proof could lead to a more space-efficient representation compared to individual allocations per input, though this might not always be the case.

A notable recommendation aimed at simplifying this system suggests that if a signer is capable of endorsing all inputs, a global share and proof could be appended, keyed by the scan key. This method would optimize transactions managed by single-signer wallets, particularly those operated through hardware signing devices. Conversely, in situations where a signer is restricted to specific inputs, the application of a per-input share and proof becomes necessary. This dichotomy underscores the importance of flexibility in transaction structuring to accommodate various signer capabilities and preferences, ultimately contributing to the robustness and security of silent payment transactions.