Silent Payments notifications via Nostr

The discussion highlights several critical aspects of handling cryptocurrency transactions with a focus on the practicality and security of using taproot outputs for transaction identification rather than traditional transaction IDs (txids). The idea presented suggests that by scanning regular block filters for taproot outputs, one can potentially streamline the process for receivers, like Bob, to verify transactions. However, this method is not devoid of challenges, particularly concerning the efficiency and practicality of searching through all block filters to find a specific output. A proposed heuristic involves working backwards from the chain's tip, which, while somewhat reducing the search scope, still might not offer a practical solution without additional hints such as timestamps to narrow down the search range.

The conversation delves into the necessity of trust between parties involved in a transaction. There's an acknowledgment that entirely bypassing data fetching from external sources based on sender trust could simplify the process since the sender could provide all necessary information for spending the output. This method raises questions about the balance between convenience and security, suggesting a fundamental requirement for some level of validation to ensure the integrity and spendability of the output. The discourse emphasizes that wallets should not blindly trust notifications about outputs but instead verify their existence and uniqueness to prevent issues like duplicate notifications leading to user experience (UX) problems, especially in scenarios where transaction inputs might change due to Replace-By-Fee (RBF) mechanisms.

Furthermore, the conversation touches upon the design considerations for developing a robust protocol that effectively balances denial-of-service (DoS) resistance with the need for message validation. It suggests that a clear understanding of potential client designs and trust assumptions is crucial in forming a solid foundation for the protocol. The inclusion of standard information, like tweaks, in the transaction process is seen as generally unproblematic, highlighting the importance of distinguishing between standard and edge-case data for maintaining security without compromising UX.

Lastly, the dialogue briefly explores the reliance on Web of Trust (WoT) systems for enhancing transaction security. While recognizing the value of having a reliable WoT, the current state of such systems is viewed with skepticism. The distinction between receiving transaction notifications through trusted channels like email or Signal versus open and unverified sources underscores the varying degrees of risk and the need for protective measures accordingly.