BIP352: Add intermediate vector material for silent payments #1953

pull macgyver13 wants to merge 2 commits into bitcoin:master from macgyver13:bip352-generate-intermediate-comp changing 2 files +517 −67
  1. macgyver13 commented at 3:54 PM on September 4, 2025: contributor

    This PR adds intermediate computation vectors to the BIP-352 reference implementation to improve development experience and code clarity.

    Changes

    • Updated reference.py to validate intermediate values during silent payment computations
    • Added comprehensive intermediate vector material to send_and_receive_test_vectors.json
    • Applied labels suggestion by @fifalodm to scanning

    Benefits

    • secp256k1 library no longer needs to handle silent payments specific code, intermediate values can be used instead
    • Other projects can use intermediate values to clarify computations during development and debugging

    This change makes it easier for implementers to understand and debug silent payment computations by providing visibility into intermediate calculation steps.

  2. add intermediate vector material, validate added material in reference tests b26f77db65
  3. macgyver13 renamed this:
    Add intermediate vector material for BIP-352 silent payments
    BIP352: Add intermediate vector material for silent payments
    on Sep 4, 2025
  4. jonatack added the label Proposed BIP modification on Sep 4, 2025
  5. in bip-0352/send_and_receive_test_vectors.json:3189 in b26f77db65 outdated 
    3186 |                  }
3187 |              }
3188 |          ]
3189 |      }
3190 | -]
3191 | +]
    jonatack commented at 9:01 PM on September 4, 2025:

    nit, don't remove the newline at end of file

  6. in bip-0352/reference.py:151 in b26f77db65 outdated 
     147 | @@ -141,6 +148,16 @@ def create_outputs(input_priv_keys: List[Tuple[ECKey, bool]], outpoints: List[CO
 148 |      outputs = []
 149 |      for B_scan, B_m_values in silent_payment_groups.items():
 150 |          ecdh_shared_secret = input_hash * a_sum * B_scan
 151 | +
    jonatack commented at 9:02 PM on September 4, 2025:

    remove the extra spaces added here
  7. in bip-0352/reference.py:176 in b26f77db65 outdated 
     172 | +def scanning(b_scan: ECKey, B_spend: ECPubKey, A_sum: ECPubKey, input_hash: bytes, outputs_to_check: List[ECPubKey], labels: Dict[str, str] = None, expected: Dict[str, any] = None) -> List[Dict[str, str]]:
 173 |      G = ECKey().set(1).get_pubkey()
 174 | +    input_hash_key = ECKey().set(input_hash)
 175 | +    computed_tweak_point = input_hash_key * A_sum
 176 | +    assert computed_tweak_point.get_bytes(False).hex() == expected.get("tweak"), "tweak did not match expected"
 177 | +
    jonatack commented at 9:04 PM on September 4, 2025:
  8. in bip-0352/reference.py:179 in b26f77db65 outdated 
     175 | +    computed_tweak_point = input_hash_key * A_sum
 176 | +    assert computed_tweak_point.get_bytes(False).hex() == expected.get("tweak"), "tweak did not match expected"
 177 | +    
 178 |      ecdh_shared_secret = input_hash * b_scan * A_sum
 179 | +    assert ecdh_shared_secret.get_bytes(False).hex() == expected.get("shared_secret"), "ecdh_shared_secret did not match expected shared_secret"
 180 | +
    jonatack commented at 9:04 PM on September 4, 2025:
  9. jonatack commented at 9:07 PM on September 4, 2025: member

    Pinging BIP authors @josibake @RubenSomsen for feedback or approval.

    The tests pass with this change.

    /bip-0352 $ ./reference.py send_and_receive_test_vectors.json
Simple send: two inputs
Simple send: two inputs, order reversed
Simple send: two inputs from the same transaction
Simple send: two inputs from the same transaction, order reversed
Outpoint ordering byte-lexicographically vs. vout-integer
Single recipient: multiple UTXOs from the same public key
Single recipient: taproot only inputs with even y-values
Single recipient: taproot only with mixed even/odd y-values
Single recipient: taproot input with even y-value and non-taproot input
Single recipient: taproot input with odd y-value and non-taproot input
Multiple outputs: multiple outputs, same recipient
Multiple outputs: multiple outputs, multiple recipients
Receiving with labels: label with even parity
Receiving with labels: label with odd parity
Receiving with labels: large label integer
Multiple outputs with labels: un-labeled and labeled address; same recipient
Multiple outputs with labels: multiple outputs for labeled address; same recipient
Multiple outputs with labels: un-labeled, labeled, and multiple outputs for labeled address; same recipients
Single recipient: use silent payments for sender change
Single recipient: taproot input with NUMS point
Pubkey extraction from malleated p2pkh
P2PKH and P2WPKH Uncompressed Keys are skipped
Skip invalid P2SH inputs
Recipient ignores unrelated outputs
No valid inputs, sender generates no outputs
Input keys sum up to zero / point at infinity: sending fails, receiver skips tx
All tests passed
  10. jonatack added the label Pending acceptance on Sep 4, 2025
  11. address feedback (newline + extra whitespace) b7c79dcbc0
  12. josibake approved
  13. josibake commented at 8:33 AM on September 5, 2025: member

    ACK b7c79dc

    This was raised in https://github.com/bitcoin-core/secp256k1/pull/1698#issuecomment-3237867979; I've verified that these changes do allow us to remove the ripemd160.py and bech32m.py utility files from the libsecp256k1 PR. I think this is also a generally useful change for other projects using these test vectors, in particular index building.

  14. jonatack commented at 3:44 PM on September 5, 2025: member

    ACK b7c79dcbc0c5c0688ea47f287b89f0336b073629

  15. jonatack removed the label Pending acceptance on Sep 5, 2025
  16. jonatack merged this on Sep 5, 2025
  17. jonatack closed this on Sep 5, 2025
Contributors
macgyver13jonatackjosibake
Labels
Proposed BIP modification
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 11:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me