[Bounty] Implement sending to Silent Payment addresses - 0.01 BTC

[sethforprivacy]

A bounty has been opened on silentpayments.xyz from a trusted, anonymous source to implement sending support in BitBox firmware to Silent Payment addresses.

I wanted to open an issue here to raise awareness and ensure that prospective contributors are aware of open bounties for BitBox from outside sources.

You can learn more about the bounty at https://silentpayments.xyz/docs/bounties/ and find more development resources focused on Silent Payments at https://silentpayments.xyz/docs/developers/.

[benma]

Can I call dibs? :grin:

https://github.com/BitBoxSwiss/bitbox02-firmware/pull/1220

The PR basically adds support, but I have a remaining worry about bit-flips that could corrupt the generated output. I posted about this problem here:

https://x.com/_benma_/status/1800910808505000435

DLEQ proofs would solve this, but I could not find a suitable implementation of DLEQ for secp256k1, so that solution could be quite a while out (cc @josibake, please correct me if I am wrong).

I might work on some other mitigations to this problem in the meantime.

[josibake]

DLEQ proofs would solve this, but I could not find a suitable implementation of DLEQ for secp256k1, so that solution could be quite a while out (cc @josibake, please correct me if I am wrong).

I also haven't found a good implementation for secp256k1, but if it helps there is a draft proposal here which fully specifies the algorithm: https://gist.github.com/andrewtoth/df97c3260cc8d12f09d3855ee61322ea

[benma]

@josibake the thread you linked points to an implementation in secp256k1-zpk: :exploding_head:

https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/src/modules/ecdsa_adaptor/dleq_impl.h

[josibake]

ah nice! i hadn’t seen that comment