delvingbitcoin

Unspendable keys in descriptors

Unspendable keys in descriptors

Posted on: December 19, 2023 14:52 UTC

The discussion revolves around the desirability of a standard public Nothing-Up-My-Sleeve number (NUMS) in cryptographic protocols, particularly within the context of Bitcoin Improvement Proposal 352 (BIP352), which pertains to silent payments.

Silent payments involve the use of provably unspendable keypaths to enhance privacy by not revealing transaction details unnecessarily. The email raises the question of whether there are circumstances where employing a standard NUMS would be detrimental.

The primary concern highlighted is the potential loss of privacy that could occur when a script-only taproot output is spent. In such cases, revealing an internal key as part of the spending process would make it immediately apparent that the output was script-based, as opposed to a regular output. This revelation could potentially leak information about the transaction that users might prefer to keep private.

The sender of the email is soliciting opinions on the matter and appears open to learning about any scenarios where standardizing a public NUMS might be unfavorable. They are particularly interested in counter-examples that could help inform a balanced perspective on the adoption of standard NUMS within cryptographic protocols like those used in Bitcoin's taproot outputs.