josibake
commented at 4:37 pm on August 2, 2023:
member
This PR is part of integrating silent payments into Bitcoin Core. Status and tracking for the project is managed in #28536
This PR depends on #28122 and is marked as a draft until it is merged. If interested in those commits, please review on #28122
Sending
Silent Payments logic
The main focus of this PR is:
Applying the Taptweak to a taproot internal private key (this is a copy-paste of the code for applying the taptweak in the signing process)
Getting a private key from a given scriptPubKey
Creating silent payment outputs
Applying the created scriptPubKeys back to the vector of CRecipients
The functions are then used together to create silent payment outputs during CreateTransactionInternal.
Final steps
The last commits ensure that:
Coin selection is silent payments aware and knows to exclude taproot script path spends and inputs with unknown witness when funding a transaction which pays to a silent payment address
The change output type is correctly chosen when paying to a silent payment address
Functional tests
DrahtBot
commented at 4:37 pm on August 2, 2023:
contributor
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.
#29675 (wallet: Be able to receive and spend inputs involving MuSig2 aggregate keys by achow101)
#28333 (wallet: Construct ScriptPubKeyMans with all data rather than loaded progressively by achow101)
#27260 (Enhanced error messages for invalid network prefix during address parsing. by portlandhodl)
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.
DrahtBot added the label
CI failed
on Aug 2, 2023
josibake renamed this:
Silent Payments: implement sending
Silent Payments: sending
on Aug 3, 2023
josibake force-pushed
on Aug 3, 2023
josibake force-pushed
on Aug 3, 2023
josibake force-pushed
on Aug 3, 2023
DrahtBot removed the label
CI failed
on Aug 3, 2023
josibake
commented at 9:50 am on August 3, 2023:
member
Maybe add a quick summary in the description with the main implementation differences relative to #24897. It seems a big one is that this doesn’t require an index!
updated! I added the summary in #27827 and added links back to the parent PR in each of the child PRs.
Incorporating logs within the test is crucial for offering transparent insight into the test’s progression, simplifying the identification of problems, and enhancing comprehension of the test’s overall behavior.
in
test/functional/wallet_silentpayments_sending.py:160
in
e6f7458324outdated
Also consider adding logs to this test as the ones above
josibake force-pushed
on Aug 30, 2023
josibake force-pushed
on Aug 30, 2023
josibake force-pushed
on Aug 31, 2023
josibake force-pushed
on Aug 31, 2023
josibake force-pushed
on Sep 8, 2023
josibake force-pushed
on Sep 11, 2023
josibake force-pushed
on Sep 11, 2023
DrahtBot added the label
CI failed
on Sep 11, 2023
josibake force-pushed
on Sep 11, 2023
josibake force-pushed
on Sep 11, 2023
josibake force-pushed
on Sep 12, 2023
josibake force-pushed
on Sep 12, 2023
josibake force-pushed
on Sep 14, 2023
DrahtBot removed the label
CI failed
on Sep 14, 2023
DrahtBot added the label
Needs rebase
on Sep 19, 2023
josibake force-pushed
on Sep 21, 2023
josibake force-pushed
on Sep 21, 2023
DrahtBot added the label
CI failed
on Sep 21, 2023
DrahtBot removed the label
Needs rebase
on Sep 21, 2023
DrahtBot removed the label
CI failed
on Sep 21, 2023
josibake
commented at 4:30 pm on September 26, 2023:
member
Note: send does not work, but sendall, sendtoaddress does
josibake force-pushed
on Oct 2, 2023
josibake force-pushed
on Oct 2, 2023
DrahtBot added the label
CI failed
on Oct 2, 2023
josibake force-pushed
on Oct 3, 2023
josibake force-pushed
on Oct 3, 2023
DrahtBot removed the label
CI failed
on Oct 4, 2023
DrahtBot added the label
Needs rebase
on Oct 16, 2023
josibake force-pushed
on Jan 15, 2024
DrahtBot removed the label
Needs rebase
on Jan 15, 2024
DrahtBot
commented at 9:36 pm on January 17, 2024:
contributor
🚧 At least one of the CI tasks failed. Make sure to run all tests locally, according to the
documentation.
Possibly this is due to a silent merge conflict (the changes in this pull request being
incompatible with the current code in the target branch). If so, make sure to rebase on the latest
commit of the target branch.
Leave a comment here, if you need help tracking down a confusing failure.
Fixed silent merge conflict with CKey now returning std::byte*
DrahtBot removed the label
CI failed
on Jan 19, 2024
willcl-ark added the label
Wallet
on Jan 24, 2024
willcl-ark added the label
Privacy
on Jan 24, 2024
DrahtBot added the label
Needs rebase
on Jan 26, 2024
josibake force-pushed
on Jan 26, 2024
DrahtBot removed the label
Needs rebase
on Jan 26, 2024
DrahtBot added the label
CI failed
on Feb 2, 2024
DrahtBot removed the label
CI failed
on Feb 7, 2024
DrahtBot added the label
Needs rebase
on Feb 20, 2024
josibake force-pushed
on Apr 22, 2024
DrahtBot removed the label
Needs rebase
on Apr 22, 2024
DrahtBot added the label
CI failed
on Apr 22, 2024
DrahtBot
commented at 9:52 pm on April 22, 2024:
contributor
🚧 At least one of the CI tasks failed. Make sure to run all tests locally, according to the
documentation.
Possibly this is due to a silent merge conflict (the changes in this pull request being
incompatible with the current code in the target branch). If so, make sure to rebase on the latest
commit of the target branch.
Leave a comment here, if you need help tracking down a confusing failure.
Make sure to run all tests locally, according to the documentation.
The failure may happen due to a number of reasons, for example:
Possibly due to a silent merge conflict (the changes in this pull request being
incompatible with the current code in the target branch). If so, make sure to rebase on the latest
commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the
affected test.
An intermittent issue.
Leave a comment here, if you need help tracking down a confusing failure.
DrahtBot added the label
Needs rebase
on Aug 2, 2024
ryanofsky referenced this in commit
b38fb19b7e
on Aug 7, 2024
josibake force-pushed
on Apr 4, 2025
DrahtBot removed the label
Needs rebase
on Apr 4, 2025
josibake force-pushed
on Apr 4, 2025
josibake force-pushed
on Apr 4, 2025
DrahtBot removed the label
CI failed
on Apr 4, 2025
josibake force-pushed
on Apr 7, 2025
DrahtBot added the label
CI failed
on Apr 27, 2025
josibake force-pushed
on May 13, 2025
DrahtBot added the label
Needs rebase
on May 13, 2025
josibake force-pushed
on May 14, 2025
DrahtBot removed the label
Needs rebase
on May 14, 2025
DrahtBot removed the label
CI failed
on May 14, 2025
DrahtBot added the label
Needs rebase
on May 16, 2025
josibake force-pushed
on Jul 10, 2025
josibake force-pushed
on Jul 11, 2025
DrahtBot removed the label
Needs rebase
on Jul 11, 2025
josibake force-pushed
on Jul 16, 2025
josibake force-pushed
on Jul 16, 2025
DrahtBot added the label
CI failed
on Jul 16, 2025
DrahtBot
commented at 9:18 am on July 16, 2025:
contributor
Try to run the tests locally, according to the documentation. However, a CI failure may still
happen due to a number of reasons, for example:
Possibly due to a silent merge conflict (the changes in this pull request being
incompatible with the current code in the target branch). If so, make sure to rebase on the latest
commit of the target branch.
A sanitizer issue, which can only be found by compiling with the sanitizer and running the
affected test.
An intermittent issue.
Leave a comment here, if you need help tracking down a confusing failure.
josibake force-pushed
on Jul 16, 2025
josibake
commented at 9:51 am on July 16, 2025:
member
CI failure is from the test each commit job not handling a subtree pull; ignoring for now and will look into a CI fix later.
DrahtBot removed the label
CI failed
on Jul 16, 2025
Squashed 'src/secp256k1/' changes from 4187a46649..9e85256bbe
9e85256bbe docs: update README
4b1fb2c186 ci: enable silentpayments module
de508a78ac tests: add constant time tests
45427dd4d7 tests: add BIP-352 test vectors
6975614517 silentpayments: add benchmarks for scanning
a9af9ebf35 silentpayments: add examples/silentpayments.c
b06254b6c7 silentpayments: receiving
3c9362dd6a silentpayments: recipient label support
70e20b7145 silentpayments: sending
cf44324b5e build: add skeleton for new silentpayments (BIP352) module
ad60ef7ea7 Merge bitcoin-core/secp256k1#1689: ci: Convert `arm64` Cirrus tasks to GHA jobs
c498779096 Merge bitcoin-core/secp256k1#1687: cmake: support the use of launchers in ctest -S scripts
0dfe387dbe cmake: support the use of launchers in ctest -S scripts
89096c234d Merge bitcoin-core/secp256k1#1692: cmake: configure libsecp256k1.pc during install
7106dce6fd cmake: configure libsecp256k1.pc during install
29e73f4ba5 Merge bitcoin-core/secp256k1#1685: cmake: Emulate Libtool's behavior on FreeBSD
746e36b141 Merge bitcoin-core/secp256k1#1678: cmake: add a helper for linking into static libs
a28c2ffa5c Merge bitcoin-core/secp256k1#1683: README: add link to musig example
2a9d374735 Merge bitcoin-core/secp256k1#1690: ci: Bump GCC snapshot major version to 16
add146e101 ci: Bump GCC snapshot major version to 16
004f57fcd8 ci: Move Valgrind build for `arm64` from Cirrus to GHA
5fafdfc30f ci: Move `gcc-snapshot` build for `arm64` from Cirrus to GHA
e814b79a8b ci: Switch `arm64_debian` from QEMU to native `arm64` Docker image
bcf77346b9 ci: Add `arm64` architecture to `docker_cache` job
b77aae9226 ci: Rename Docker image tag to reflect architecture
145ae3e28d cmake: add a helper for linking into static libs
819210974b README: add link to musig example, generalize module enabling hint
95db29b144 Merge bitcoin-core/secp256k1#1679: cmake: Use `PUBLIC_HEADER` target property in installation logic
37dd422b5c cmake: Emulate Libtool's behavior on FreeBSD
f24b838bed Merge bitcoin-core/secp256k1#1680: doc: Promote "Building with CMake" to standard procedure
3f31ac43e0 doc: Promote "Building with CMake" to standard procedure
6f67151ee2 cmake: Use `PUBLIC_HEADER` target property
c32715b2a0 cmake, move-only: Move module option processing to `src/CMakeLists.txt`
201b2b8f06 Merge bitcoin-core/secp256k1#1675: cmake: Bump minimum required CMake version to 3.22
3af71987a8 cmake: Bump minimum required CMake version to 3.22
92394476e9 Merge bitcoin-core/secp256k1#1673: Assert field magnitude at control-flow join
3a4f448cb4 Assert field magnitude at control-flow join
9fab425256 Merge bitcoin-core/secp256k1#1668: bench_ecmult: add benchmark for ecmult_const_xonly
05445377f4 bench_ecmult: add benchmark for ecmult_const_xonly
bb597b3d39 Merge bitcoin-core/secp256k1#1670: tests: update wycheproof files
d73ed99479 tests: update wycheproof files
git-subtree-dir: src/secp256k1
git-subtree-split: 9e85256bbe527bf084222ee08dade9ea497d5c99
46f5c2f1f3
Merge commit '46f5c2f1f382922c19a070b78803fbd29cedd62b' into refresh-secp256k114224fd2f3
crypto: add read-only method to KeyPair
Add a method for passing a KeyPair object to secp256k1 functions expecting a secp256k1_keypair.
This allows for passing a KeyPair directly to a secp256k1 function without needing to create a
temporary secp256k1_keypair object.
Wrap the silentpayments module from libsecp256k1. This is placed in
common as it is intended to be used by:
* RPCs: for parsing addresses
* Wallet: for sending, receiving, spending silent payment outputs
* Node: for creating silent payment indexes for light clients
a0384589e4
wallet: disable sending to silent payment address
Have `IsValidDestination` return false for silent payment destinations
and set an error string when decoding a silent payment address.
This prevents anyone from sending to a silent payment address before
sending is implemented in the wallet, but also allows the functions to
be used in the unit testing famework.
1765c1ff3d
tests: add BIP352 test vectors as unit tests
Use the test vectors to test sending and receiving. A few cases are not
covered here, namely anything that requires testing specific to the
wallet. For example:
* Taproot script path spending is not tested, as that is better tested in
a wallets coin selection / signing logic
* Re-computing outputs during RBF is not tested, as that is better
tested in a wallets RBF logic
The unit tests are written in such a way that adding new test cases is
as easy as updating the JSON file
d820cf6c2d
wallet: get serialized size for `V0SilentPayments`
BIP352 v0 specifies that a silent payment output is a taproot output.
Taproot scriptPubKeys are a fixed size, so when calculating the
serialized size for a CRecipient with a V0SilentPayments destination,
use WitnessV1Taproot for the serialized txout size.
23182ba053
wallet: add method for retreiving a private key
Add a method for retreiving a private key for a given scriptPubKey.
If the scriptPubKey is a taproot output, tweak the private key with the
merkle root or hash of the public key, if applicable.
7a253a80e7
wallet: make coin selection silent payment aware
Add a flag to the `CoinControl` object if silent payment destinations
are provided. Before adding the flag, call a function which checks if:
* The wallet has private keys
* The wallet is unlocked
Without both of the above being true, we cannot send to a silent payment
address.
During coin selection, if this flag is set, skip taproot inputs when
script spend data is available. This is based on the assumption that if
a user provides script spend data, they don't have access to the key
path spend. As future improvement, we could instead check to see if we
have access to the key path spend, and only exclude the output when we
don't regardless of whether or not the user provides script spend data.
Also skip UTXOs of type `WITNESS_UNKNOWN`, although it is very unlikely
our wallet would ever try to spend a witness unknown output.
`CreateSilentPaymentsOutputs` gets the correct private keys, adds them
together, groups the silent payment destinations and then generates the
taproot script pubkeys. These are then passed back to
CreateTransactionInternal, which uses these scriptPubKeys to update
vecSend before adding them to the transaction outputs.
910b219900
wallet: update TransactionChangeType
If sending to a silent payment destination, the change type should be taproot
3e7812364f
wallet: enable sending to silent payment address
Treat silent payment addresses as valid destination. Also disable using
silent payment addresses with the `addr()` descriptor, as this
descriptor expects an encoding of a scriptPubKey, whereas a silent
payment address consists of instructions on how to generate a
scriptPubKey for the recipient.
Co-authored-by: Oghenovo Usiwoma <37949128+eunovo@users.noreply.github.com>
d6fb7426c7
tests: add sending functional tests4225ebc655
josibake force-pushed
on Jul 17, 2025
DrahtBot added the label
Needs rebase
on Jul 23, 2025
DrahtBot
commented at 10:47 am on July 23, 2025:
contributor
🐙 This pull request conflicts with the target branch and needs rebase.
in
src/wallet/spend.cpp:471
in
e0404435ffoutdated
465@@ -450,6 +466,18 @@ CoinsResult AvailableCoins(const CWallet& wallet,
466 type = Solver(script, script_solutions);
467 is_from_p2sh = true;
468 }
469+ // Very unlikely we'd be spending a witness unknown output, but if we are trying to pay a
470+ // silent payments v0 address, this can't be included
471+ if (silent_payment && type == TxoutType::WITNESS_UNKNOWN) continue;
This is a metadata mirror of the GitHub repository
bitcoin/bitcoin.
This site is not affiliated with GitHub.
Content is generated from a GitHub metadata backup.
generated: 2025-07-23 21:13 UTC
This site is hosted by @0xB10C More mirrored repositories can be found on mirror.b10c.me