From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 04 Feb 2026 09:21:15 -0800 Received: from mail-ot1-f63.google.com ([209.85.210.63]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1vngZ1-00006K-6v for bitcoindev@gnusha.org; Wed, 04 Feb 2026 09:21:15 -0800 Received: by mail-ot1-f63.google.com with SMTP id 46e09a7af769-7d19c1317ccsf170461a34.0 for ; Wed, 04 Feb 2026 09:21:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1770225669; x=1770830469; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:sender:from:to:cc:subject:date :message-id:reply-to; bh=MJRTHFFYKFueyhKa4U3Gt34M1to3vpZmLQWOcOJEkjs=; b=qgwH9ifdNxePIV4o/MKX6OTFEbvEWuA4FE8UEYwXvr1X6GUrujcPH6dcRs6jiLQOh9 UjI6O5IuvQjIbu+WT9z+wyrAZGq3LEehmb8B2LmcK3rHKkiueNyVGUUQT+lx27ALc5/b /BtR6k7gATdF6n4dPPSEBm18akQa55yOCboORdjbnsvDT2eO33Ebhci9dQmm9gSgHH43 Zo7pwWwUOr9wISMCGhSbSKzQ9jFfnBx0lnsctoTIEC4dul5HgkJMqxHlLjwKbJ7XN7d9 GeQAm9kyKcLbnOLPaUcWKn/llHZCRv/Sg6MwytQBaI5CmfL05gM1yLEeRtuWsW9Z4Slc Lwxg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770225669; x=1770830469; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:from:to:cc:subject:date:message-id :reply-to; bh=MJRTHFFYKFueyhKa4U3Gt34M1to3vpZmLQWOcOJEkjs=; b=SC8R+ycBmnhBizzdQ9gJq+WRmhkmfD12DW45Qxp+Hwaa9cbVixVcc8OWAQPo/eoyPQ fL/tHso07zW8Fhu5ptn3VMvG/AzdLpywGbMozJKVxd2qh8+uyO/qwnFuIEiuFjbHrhac QSUlokww31V97OmFXrNCesp2yDgzQVk5YJMxnu5q/NSEIkeJePA+pK/KIBFarldyS4mT cLhsGe5hsPyuLJ+YJfeMtzq6IBpQgoj4oP+CoigDC4cn8Xio0UbIU4rUjSII5YWCHBeU CcMeys+Q3SQtPGzucLduX4PCjhJMcy9VTEnGv6R2vW4Ion+rb/tHosLRspyp2OajaeJR xS4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770225669; x=1770830469; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=MJRTHFFYKFueyhKa4U3Gt34M1to3vpZmLQWOcOJEkjs=; b=CwcmzStpE28RkmbB0XxEl+2EzGAMzkL8rSEh+9tl03hX9F7ePHiHyZy/e+8Uyhwln4 AG0woWmhYFm4m8GSO+AsJZmLYv5Gx28gNNIGY+3f+S18BGva1ZI9MVL/sYqAXuqJawQZ hJbQzNYEVGFclQ6YIKM5Y/VnLXka1fR3GZa7YkmQocTaSIjqeufr4YMWyREJhtBeeKf+ JI7+DVbWVv2JCxXqHk05K12nwTIgfhx948Fd6ONtljVjp8Ps7YhQcSl+sls/0/g7ELBG jvq5GqCHiyGOHxJBBHzbb49IGwsXoRd6T5D9xrwMKUuiJKE7nTuO1bYdqSaqVohL0Oil JoFA== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCXRh58jOPiff17t3533gypdx9wE5ORppkWSgE3ar/ykg4Cu+iV9mkZIYdO1pk284++eMuPcvPNYxH2l@gnusha.org X-Gm-Message-State: AOJu0YwyrCdzekEH/M8tdAipgA/4z094I22RTzeLzVUn2+TGzLsvMAr7 mpDvynwozGKCHpBJ2w+y7nM6/otD+gD+TOmk2cvbZiQM+xwjZCg4CxWk X-Received: by 2002:a4a:e844:0:b0:662:f91f:4a91 with SMTP id 006d021491bc7-66a20883d0emr1626919eaf.24.1770225668884; Wed, 04 Feb 2026 09:21:08 -0800 (PST) X-BeenThere: bitcoindev@googlegroups.com; h="AV1CL+FyD3A1dzc5p8dnQxSNnw3irrOIgzdd971RuFEBURjUHw==" Received: by 2002:a05:6871:5823:b0:409:6328:a767 with SMTP id 586e51a60fabf-40a74c2a29els32792fac.1.-pod-prod-04-us; Wed, 04 Feb 2026 09:20:57 -0800 (PST) X-Received: by 2002:a05:6808:309b:b0:45e:99cd:8cde with SMTP id 5614622812f47-462d5a68251mr1367866b6e.50.1770225657732; Wed, 04 Feb 2026 09:20:57 -0800 (PST) Received: by 2002:a05:690c:4a04:b0:794:c577:7579 with SMTP id 00721157ae682-794fea65dd7ms7b3; Wed, 4 Feb 2026 09:20:25 -0800 (PST) X-Received: by 2002:a05:690c:6c91:b0:795:10f0:3342 with SMTP id 00721157ae682-79510f050a1mr6850997b3.61.1770225624134; Wed, 04 Feb 2026 09:20:24 -0800 (PST) Date: Wed, 4 Feb 2026 09:20:23 -0800 (PST) From: Sebastian Falbesoner To: Bitcoin Development Mailing List Message-Id: Subject: [bitcoindev] BIP-352: Limiting the number of per-group recipients (K_max) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_212128_1603063170.1770225623722" X-Original-Sender: sebastian.falbesoner@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: 2.6 (++) ------=_Part_212128_1603063170.1770225623722 Content-Type: multipart/alternative; boundary="----=_Part_212129_1651835846.1770225623722" ------=_Part_212129_1651835846.1770225623722 Content-Type: text/plain; charset="UTF-8" Hi list, In the course of working on a Silent Payments module for libsecp256k1 [1], we discovered that the scanning approach suggested in BIP-352 [2] suffers from very poor performance for adversarial transactions [3]. One more recent proposal to mitigate this issue is by introducing a "K_max" protocol limit. This effectively limits the number of per-group recipients within a single transaction, i.e. the number of recipients sharing the same scan public key. In theory this is a backwards incompatible protocol change, in practice we believe that none of the existing SP wallets would be affected, for a reasonably high K_max (the example value used is K_max=1000, but this can be seen as a placeholder). See the following BIP change draft for more details and motivation: https://github.com/theStack/bips/commit/961d1442139ceecd6c0cc5775ef911d69aabed4c The discussion is on-going at the following issue: https://github.com/bitcoin-core/secp256k1/issues/1799 [4] If you have any concerns or feedback for this change, either for currently existing wallets or potential future use-cases that you could think of, please comment there. Most SP wallet developers that we are aware of have already been pinged on the issue. We are posting this here to reach a wider audience and to provide an alternative opportunity to comment, in case anyone doesn't want to use GitHub. Best, Sebastian [1] https://github.com/bitcoin-core/secp256k1/pull/1765 [2] https://github.com/bitcoin/bips/blob/5d0f70a5cf4cfc429267cd6cc246ba3bcb949cb3/bip-0352.mediawiki?plain=1#L330 [3] https://github.com/bitcoin-core/secp256k1/pull/1698#pullrequestreview-3341766084 [4] https://github.com/bitcoin-core/secp256k1/issues/1799#issuecomment-3842046237 ff. in particular -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/b8edb433-c7b8-4d79-b710-e89a578eb42cn%40googlegroups.com. ------=_Part_212129_1651835846.1770225623722 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi list, =20
=20
In the course of working on a Silent Payments module = for libsecp256k1 [1], we =20
discovered that the scanning approach suggested in BI= P-352 [2] suffers from =20
very poor performance for adversarial transactions [3= ]. =20
=20
One more recent proposal to mitigate this issue is by= introducing a "K_max" =20
protocol limit. This effectively limits the number of= per-group recipients =20
within a single transaction, i.e. the number of recip= ients sharing the same =20
scan public key. In theory this is a backwards incomp= atible protocol change, =20
in practice we believe that none of the existing SP w= allets would be affected, =20
for a reasonably high K_max (the example value used i= s K_max=3D1000, but this =20
can be seen as a placeholder). =20
=20
See the following BIP change draft for more details a= nd motivation: =20
https://github.com/theStack/bips/commit/961d1442139ce= ecd6c0cc5775ef911d69aabed4c =20
=20
The discussion is on-going at the following issue: =20
https://github.com/bitcoin-core/secp256k1/issues/1799= [4] =20
=20
If you have any concerns or feedback for this change,= either for currently =20
existing wallets or potential future use-cases that y= ou could think of, please =20
comment there. Most SP wallet developers that we are = aware of have already been =20
pinged on the issue. We are posting this here to reac= h a wider audience and to =20
provide an alternative opportunity to comment, in cas= e anyone doesn't want to =20
use GitHub. =20
=20
Best,
Seb= astian

[1] h= ttps://github.com/bitcoin-core/secp256k1/pull/1765 =20
[2] https://github.com/bitcoin/bips/blob/5d0f70a5cf4c= fc429267cd6cc246ba3bcb949cb3/bip-0352.mediawiki?plain=3D1#L330 =20
[3] https://github.com/bitcoin-core/secp256k1/pull/16= 98#pullrequestreview-3341766084 =20
[4] https://github.com/bitcoin-core/secp256k1/issues/= 1799#issuecomment-3842046237 ff. in particular

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoind= ev/b8edb433-c7b8-4d79-b710-e89a578eb42cn%40googlegroups.com.
------=_Part_212129_1651835846.1770225623722-- ------=_Part_212128_1603063170.1770225623722--