Recently, there was a debate on Twitter regarding BIP 47. Some developers believe its bad for privacy because of address reuse in notification transactions. In this post I will share my thoughts and an experiment using BIP 47 payment code.
What is BIP 47 and how does reusable payment code help?
Problem: Bob wants to accept payments without interacting with each sender to share a new address privately.
Solution: BIP 47 payment code that can be shared publicly. Every sender gets a new address to pay Bob. Requires no server or scanning.
BIP 47 was written by Justus Ranvier. Recent version (v3 and v4) is maintained in a different repository.
What is a notification transaction?
Before Alice sends any bitcoin to Bob, she must share her payment code with him. She creates a transaction that sends a small amount of bitcoin to Bob’s notification address. Alice adds an OP_RETURN output to her transaction which consists of payment code only readable by Bob.
Inputs selected for this transaction and change output should be coinjoined to avoid any privacy issues. Outputs received to notification addresses must not be used as inputs for any transaction.
Alternate Notification Methods:
kdmukai opened a pull request last week that could use nostr for BIP 47 notifications.
Experiment using BIP 47
- Create a testnet wallet w1 in Sparrow and send some coins from a faucet.
- Do coinjoin for one of the UTXO.
-
Create a testnet wallet in Samourai app and get the BIP 47 payment code from it.
PM8TJfnE5NSzgbCNZ8nqHAq2isSmgtsQGqBenKJeMmhPMvqS4CJ2nhtdnYiqfSvgHT3CvqYonwg3MVLaYCehNR8tyHACtRKZEyYFSWbnaCMt1GHcpbNh
-
Try to pay the BIP 47 payment code and this will initiate notification transaction. Use the coinjoined UTXO for this transaction.
Notification Tx:
41c5d62a2359341fe9563f17e2f5564cf6bb9bdf6dce34ff6fd245ef3b80ea3c
-
Create another wallet w2 in Sparrow and repeat the same process without doing coinjoin.
Notification Tx:
70ffa9eec8fb69e5539685e8b9356e09263404d7246e67e5d2d297060bb097b5
-
Send some bitcoin to the payment code using wallet w1 and use UTXO from ‘deposit’ section. Change from the notification transaction is separate and present in ‘post-mix’ section with appropriate label.
Transaction:
d56ad10e4c13fc6528c0119da787a2d377e192da0e5f2603fdb18a7d47eafcf2
Since both notification transactions are sent to the same address mpQ6Hm1LV7HhKaP4YAFzwVE6pArhqFvDpd
,
chain analysis would reveal that someone is using this address for BIP 47. However, they won’t know the
sender, receiver involved in the payment transaction in step 6 and payment code added in OP_RETURN.
Acknowledgements
- Justus Ranvier