Silent Payments: sending #28201
Draft
Silent Payments: sending #28201
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code Coverage & BenchmarksFor details see: https://corecheck.dev/bitcoin/bitcoin/pulls/28201. ReviewsSee the guideline for information on the review process. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
3 tasks
This was referenced Aug 2, 2023
abd8210 to
ec1c579
Compare
ec1c579 to
37724f8
Compare
This was referenced Aug 3, 2023
37724f8 to
e6f7458
Compare
This was referenced Aug 3, 2023
josibake
commented
Aug 8, 2023
| ) | ||
| assert txid | ||
|
|
||
| def test_deterministic_send(self): |
There was a problem hiding this comment.
Incorporating logs within the test is crucial for offering transparent insight into the test's progression, simplifying the identification of problems, and enhancing comprehension of the test's overall behavior.
| else: | ||
| assert False | ||
|
|
||
| def test_address_reuse(self): |
There was a problem hiding this comment.
Also consider adding logs to this test as the ones above
180ec5c to
f1b9107
Compare
This was referenced Aug 4, 2025
2b57d2ad89 docs: update README 5d2d4adabd ci: enable silentpayments module d6788a888c tests: add constant time tests 4c32ba9613 tests: add BIP-352 test vectors 183e5414f7 silentpayments: add benchmarks for scanning 288390446a silentpayments: add examples/silentpayments.c 250beff5d2 silentpayments: receiving f90d7a76b0 silentpayments: recipient label support 1a5f53f2cf silentpayments: sending ca2538a878 build: add skeleton for new silentpayments (BIP352) module git-subtree-dir: src/secp256k1 git-subtree-split: 2b57d2ad8964e536508fae0b6ab1331396fe0308
f1b9107 to
a96aa7c
Compare
Add a method for passing a KeyPair object to secp256k1 functions expecting a secp256k1_keypair. This allows for passing a KeyPair directly to a secp256k1 function without needing to create a temporary secp256k1_keypair object.
a96aa7c to
9be4755
Compare
Wrap the silentpayments module from libsecp256k1. This is placed in common as it is intended to be used by: * RPCs: for parsing addresses * Wallet: for sending, receiving, spending silent payment outputs * Node: for creating silent payment indexes for light clients
Have `IsValidDestination` return false for silent payment destinations and set an error string when decoding a silent payment address. This prevents anyone from sending to a silent payment address before sending is implemented in the wallet, but also allows the functions to be used in the unit testing famework.
Use the test vectors to test sending and receiving. A few cases are not covered here, namely anything that requires testing specific to the wallet. For example: * Taproot script path spending is not tested, as that is better tested in a wallets coin selection / signing logic * Re-computing outputs during RBF is not tested, as that is better tested in a wallets RBF logic The unit tests are written in such a way that adding new test cases is as easy as updating the JSON file
BIP352 v0 specifies that a silent payment output is a taproot output. Taproot scriptPubKeys are a fixed size, so when calculating the serialized size for a CRecipient with a V0SilentPayments destination, use WitnessV1Taproot for the serialized txout size.
Add a method for retreiving a private key for a given scriptPubKey. If the scriptPubKey is a taproot output, tweak the private key with the merkle root or hash of the public key, if applicable.
Add a flag to the `CoinControl` object if silent payment destinations are provided. Before adding the flag, call a function which checks if: * The wallet has private keys * The wallet is unlocked Without both of the above being true, we cannot send to a silent payment address. During coin selection, if this flag is set, skip taproot inputs when script spend data is available. This is based on the assumption that if a user provides script spend data, they don't have access to the key path spend. As future improvement, we could instead check to see if we have access to the key path spend, and only exclude the output when we don't regardless of whether or not the user provides script spend data. Also skip UTXOs of type `WITNESS_UNKNOWN`, although it is very unlikely our wallet would ever try to spend a witness unknown output.
`CreateSilentPaymentsOutputs` gets the correct private keys, adds them together, groups the silent payment destinations and then generates the taproot script pubkeys. These are then passed back to CreateTransactionInternal, which uses these scriptPubKeys to update vecSend before adding them to the transaction outputs.
If sending to a silent payment destination, the change type should be taproot
Treat silent payment addresses as valid destination. Also disable using silent payment addresses with the `addr()` descriptor, as this descriptor expects an encoding of a scriptPubKey, whereas a silent payment address consists of instructions on how to generate a scriptPubKey for the recipient. Co-authored-by: Oghenovo Usiwoma <37949128+eunovo@users.noreply.github.com>
9be4755 to
6986e50
Compare
Eunovo
reviewed
Aug 18, 2025
| } | ||
| const auto* spk_manager = *spk_managers.begin(); | ||
| const auto& key = spk_manager->GetPrivKeyForSilentPayment(input->txout.scriptPubKey); | ||
| if (std::holds_alternative<KeyPair>(key)) { |
There was a problem hiding this comment.
7c1093b: We get a segfault later if the keys are not valid. We should check that keys are valid before adding them to taproot_keys or plain_keys
There was a problem hiding this comment.
GetPrivKeyForSilentPayment returns {} which is a default initialized object if the coin's keys are not available. std::holds_alternative<CKey> will pass for the retuen object and add the default intialized CKey to the plain_keys array.
|
🐙 This pull request conflicts with the target branch and needs rebase. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is part of integrating silent payments into Bitcoin Core. Status and tracking for the project is managed in #28536
This PR depends on #28122 and is marked as a draft until it is merged. If interested in those commits, please review on #28122
Sending
Silent Payments logic
The main focus of this PR is:
scriptPubKeyCRecipientsThe functions are then used together to create silent payment outputs during
CreateTransactionInternal.Final steps
The last commits ensure that: