BIP-352: limit number of recipients to 2^32-1 #2055

pull theStack wants to merge 1 commits into bitcoin:master from theStack:bip352_limit_recipients changing 1 files +2 −1
  1. theStack commented at 6:03 pm on December 12, 2025: contributor
    Explicitly specifying a limit on the number of SP recipients / taproot outputs to scan for was suggested in the course of reviewing the BIP-352 module implementation in libsecp256k1, see https://github.com/bitcoin-core/secp256k1/pull/1765#discussion_r2609620541 (related earlier discussion on take 3: https://github.com/bitcoin-core/secp256k1/pull/1698#discussion_r2381448515 ff.).
  2. BIP-352: limit number of recipients to 2^32-1 3795b711cb
  3. murchandamus commented at 6:09 pm on December 12, 2025: contributor
    cc: @RubenSomsen, @josibake
  4. murchandamus added the label Proposed BIP modification on Dec 12, 2025
  5. murchandamus added the label Pending acceptance on Dec 12, 2025
  6. in bip-0352.mediawiki:191 in 3795b711cb 
    187@@ -188,6 +188,7 @@ Future silent payments versions will use the following scheme:
188 For silent payments v0 a transaction MUST be scanned if and only if all of the following are true:
189 
190 * The transaction contains at least one BIP341 taproot output (note: spent transactions optionally can be skipped by only considering transactions with at least one unspent taproot output)
191+* The transaction does not contain more than 4294967295 (2<sup>32</sup>-1) taproot outputs<ref name="maximum_recipients">'''Why specify a limit of recipients, if the maximum number of possible transaction outputs is practically constrained by Bitcoin's consensus rules (block weight limit) anyway?''' Specifying an explicit limit improves clarity and ensures that implementations can safely choose compatible data types without the risk of becoming non-compliant. The limit matches the maximum possible value for ''k'' in the course of the shared secret scalar calculation ''t<sub>k</sub>'', where ''k'' is serialized as a 4-bytes sequence.</ref>
    furszy commented at 7:21 pm on December 12, 2025:
    nit: I think it would be clearer and harder to misinterpret to state directly that both k and the number of recipients are unsigned 32-bit integers.
  7. furszy commented at 7:21 pm on December 12, 2025: member
    ACK 3795b711cb614d288e80fd41adf5e4e76e6c87b9


theStack murchandamus furszy

Labels
Proposed BIP modification Pending acceptance

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-12-14 08:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me