BIP352: Add intermediate vector material for silent payments #1953

pull macgyver13 wants to merge 2 commits into bitcoin:master from macgyver13:bip352-generate-intermediate-comp changing 2 files +517 −67
  1. macgyver13 commented at 3:54 pm on September 4, 2025: contributor

    This PR adds intermediate computation vectors to the BIP-352 reference implementation to improve development experience and code clarity.

    Changes

    • Updated reference.py to validate intermediate values during silent payment computations
    • Added comprehensive intermediate vector material to send_and_receive_test_vectors.json
    • Applied labels suggestion by @fifalodm to scanning

    Benefits

    • secp256k1 library no longer needs to handle silent payments specific code, intermediate values can be used instead
    • Other projects can use intermediate values to clarify computations during development and debugging

    This change makes it easier for implementers to understand and debug silent payment computations by providing visibility into intermediate calculation steps.

  2. add intermediate vector material, validate added material in reference tests b26f77db65
  3. macgyver13 renamed this:
    Add intermediate vector material for BIP-352 silent payments
    BIP352: Add intermediate vector material for silent payments
    on Sep 4, 2025
  4. jonatack added the label Proposed BIP modification on Sep 4, 2025
  5. in bip-0352/send_and_receive_test_vectors.json:3189 in b26f77db65 outdated 
    3186                 }
3187             }
3188         ]
3189     }
3190-]
3191+]
    jonatack commented at 9:01 pm on September 4, 2025:
    nit, don’t remove the newline at end of file
  6. in bip-0352/reference.py:151 in b26f77db65 outdated 
    147@@ -141,6 +148,16 @@ def create_outputs(input_priv_keys: List[Tuple[ECKey, bool]], outpoints: List[CO
148     outputs = []
149     for B_scan, B_m_values in silent_payment_groups.items():
150         ecdh_shared_secret = input_hash * a_sum * B_scan
151+
    jonatack commented at 9:02 pm on September 4, 2025:

    remove the extra spaces added here

  7. in bip-0352/reference.py:176 in b26f77db65 outdated 
    172+def scanning(b_scan: ECKey, B_spend: ECPubKey, A_sum: ECPubKey, input_hash: bytes, outputs_to_check: List[ECPubKey], labels: Dict[str, str] = None, expected: Dict[str, any] = None) -> List[Dict[str, str]]:
173     G = ECKey().set(1).get_pubkey()
174+    input_hash_key = ECKey().set(input_hash)
175+    computed_tweak_point = input_hash_key * A_sum
176+    assert computed_tweak_point.get_bytes(False).hex() == expected.get("tweak"), "tweak did not match expected"
177+
    jonatack commented at 9:04 pm on September 4, 2025:
  8. in bip-0352/reference.py:179 in b26f77db65 outdated 
    175+    computed_tweak_point = input_hash_key * A_sum
176+    assert computed_tweak_point.get_bytes(False).hex() == expected.get("tweak"), "tweak did not match expected"
177+    
178     ecdh_shared_secret = input_hash * b_scan * A_sum
179+    assert ecdh_shared_secret.get_bytes(False).hex() == expected.get("shared_secret"), "ecdh_shared_secret did not match expected shared_secret"
180+
    jonatack commented at 9:04 pm on September 4, 2025:
  9. jonatack commented at 9:07 pm on September 4, 2025: member

    Pinging BIP authors @josibake @RubenSomsen for feedback or approval.

    The tests pass with this change.

     0/bip-0352 $ ./reference.py send_and_receive_test_vectors.json
 1Simple send: two inputs
 2Simple send: two inputs, order reversed
 3Simple send: two inputs from the same transaction
 4Simple send: two inputs from the same transaction, order reversed
 5Outpoint ordering byte-lexicographically vs. vout-integer
 6Single recipient: multiple UTXOs from the same public key
 7Single recipient: taproot only inputs with even y-values
 8Single recipient: taproot only with mixed even/odd y-values
 9Single recipient: taproot input with even y-value and non-taproot input
10Single recipient: taproot input with odd y-value and non-taproot input
11Multiple outputs: multiple outputs, same recipient
12Multiple outputs: multiple outputs, multiple recipients
13Receiving with labels: label with even parity
14Receiving with labels: label with odd parity
15Receiving with labels: large label integer
16Multiple outputs with labels: un-labeled and labeled address; same recipient
17Multiple outputs with labels: multiple outputs for labeled address; same recipient
18Multiple outputs with labels: un-labeled, labeled, and multiple outputs for labeled address; same recipients
19Single recipient: use silent payments for sender change
20Single recipient: taproot input with NUMS point
21Pubkey extraction from malleated p2pkh
22P2PKH and P2WPKH Uncompressed Keys are skipped
23Skip invalid P2SH inputs
24Recipient ignores unrelated outputs
25No valid inputs, sender generates no outputs
26Input keys sum up to zero / point at infinity: sending fails, receiver skips tx
27All tests passed
  10. jonatack added the label Pending acceptance on Sep 4, 2025
  11. address feedback (newline + extra whitespace) b7c79dcbc0
  12. josibake approved
  13. josibake commented at 8:33 am on September 5, 2025: member

    ACK b7c79dc

    This was raised in https://github.com/bitcoin-core/secp256k1/pull/1698#issuecomment-3237867979; I’ve verified that these changes do allow us to remove the ripemd160.py and bech32m.py utility files from the libsecp256k1 PR. I think this is also a generally useful change for other projects using these test vectors, in particular index building.

  14. jonatack commented at 3:44 pm on September 5, 2025: member
    ACK b7c79dcbc0c5c0688ea47f287b89f0336b073629
  15. jonatack removed the label Pending acceptance on Sep 5, 2025
  16. jonatack merged this on Sep 5, 2025
  17. jonatack closed this on Sep 5, 2025


macgyver13 jonatack josibake

Labels
Proposed BIP modification

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-09-13 09:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me