Advertisement
Guest User

Stealth Payment IDs 0.8.5

a guest
Aug 4th, 2015
2,108
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*Stealth Short Payment IDs - proposal for shortening both "user" and "blockchain" payment IDs to 64 bit, incorporating a stealth feature to improve anonymity, and adding a new shorter v2 integrated address
  2.  
  3. We are basically discussing three different aspects here, which aren't strictly related:
  4. 1. Stealth IDs, which change every TX, just like (or rather, similar to) addresses
  5.  
  6. 2. Shortened IDs, less characters to display, copy, store, etc. The current space 2^256 is absurdly large and unnecessary; this proposal reduces size on chain to 1/4th.
  7. Example Addresses:
  8. Standard (95):
  9. 45BEPXEXAN6YrvHgP3owF8GCzBZ2vCZNb9sMxZG6D7iuSvjVret5ciY2GfqVMHZiPoTEEcmSmVhcyaReTjJafrSqV26ZoYE
  10. 64-bit ID integrated (106):
  11. 4TZ76dT4mbsizsTtJzy7kYBo9f8xduc8wTsWb86pCmx5Cmh43CDxNS1FRcMrE3CNQ2ZT17vzCudc5TbNYBzizwqZFah5K1Js7VpL88qPSi
  12. Full 256-bit ID integrated (139):
  13. 4LRv6jJYxh5Ba1Z4UfCZYmTzP7g1mP5uUC32KgWcMtBi2QV6xGjHpqs5ZeEnpAwaWVNgF7b7xtumQGoL9posmQMfRvFupJBXkZyWGdcDizfMUAiEgrG7cA98yf6vcqJzZT1EPg8A69e
  14.  
  15. 3. New (v2) integrated addresses to replace/deprecate v1, which isn't in use yet.
  16.  
  17. We want to get the payment ID scheme to a point where it is ready for years of use with no further changes. To maintain compatibility with the current payment ID scheme during the transition, stealth payment IDs will only be generated by default through the use of integrated addresses. Thus, when recipients are ready to accept the new stealth version, they'd hand out integrated addresses.
  18.  
  19. This new 64 bit ID will be given a new tx_extra nonce tag: 0x01 (current payment ID is 0x00).
  20.  
  21. With 64 IDs, there's a non-negligible chance for collision if randomly generating. So recipients generating them randomly are advised to sanity check them for uniqueness.
  22. Example: 1 million IDs at 64-bit (simplified): 1,000,000^2 / (2^64 * 2) = ~1/36,893,488
  23. 50% chance happens around 5.06 billion IDs generated.
  24.  
  25. For reference to those unfamiliar with the integrated address in current head, it looks like:
  26. "netbyte (0x13 [standard Monero is 0x12])" + "32 byte public spend key" + "32 byte public view key" + "32 byte payment ID (8 byte proposed for v2)" + "4 byte checksum of all previous data"
  27. */
  28.  
  29. /*
  30. For our stealth key, we will use a derivation of the shared secret used for public key generation. The varint encoding used by output indices gives us 128 1-byte options to use as part of our key:
  31. 0x80 - 0xFF
  32.  
  33. I've not come up with any not-completely-arbitrary choice, so here's an arbitrary one: charcode(I) + charcode(D) = 0x49 + 0x44 = 0x8d
  34.  
  35. encryption key = H(sharedSecret + 0x8d) // "+" is append
  36. */
  37.  
  38. //apologies for using javascript, it's the easiest way for me to express the implementation proposal
  39. //using cnUtil.js from mymonero.com for functions
  40.  
  41. //---------------------------------------------------------
  42. //proposal 1.5 (older ideas discarded as subpar and/or unscalable)
  43. //xor payment ID with one-time key
  44. var receiverKeys = create_address(rand_32()); //for example only
  45. var payId = "0123456789abcdef"; //64-bit example
  46. var txkey = random_keypair();
  47. var der = generate_key_derivation(receiverKeys.view.pub, txkey.sec);
  48. var stealthKey = cn_fast_hash(der + "8d").slice(0,16);
  49. var encPayId = hexXor(stealthKey, PayId); //JS can only xor numbers, made up function to xor hex strings
  50.  
  51. //receiver would:
  52. var der = generate_key_derivation(txkey.pub, receiverKeys.view.sec); //txkey.pub from tx_extra
  53. var stealthKey = cn_fast_hash(der + "8d").slice(0,16);
  54. var payId = hexXor(stealthKey, encPayId); //encPayId from tx_extra
  55. //*compare payID with known set*
  56. //---------------------------------------------------------
  57.  
  58.  
  59. //Feedback welcome,
  60. //luigi1111
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement