When you become your own bank by taking self-custody of your funds, you are not only responsible for the safeguarding of your assets but also the data you leak and how you intend to preserve your financial privacy. A task that becomes more dubious as the Bitcoin network has many prying eyes, and chain analysis firms are always trying to peek over your shoulders.
While Bitcoin has been celebrated for its potential to enable pseudo-anonymous, peer-to-peer transactions, it is not inherently private. In fact, the level of privacy afforded to users largely depends on how they use the Bitcoin protocol. One of the critical aspects of maintaining privacy in Bitcoin transactions involves the handling of Bitcoin addresses.
A common misconception is that Bitcoin addresses should be re-used just like email addresses, phone numbers or bank account routing numbers. While the blockchain and protocol do allow you to do so, this practice, however, leads to a significant erosion of privacy.
By re-using addresses, users inadvertently create a public record of their transactions on the blockchain, which can potentially be traced back to them and reduce forward privacy when spending coins from that address. This can open the door to unwanted scrutiny, revealing more information about one’s financial life than intended. As such, understanding and avoiding address re-use is a critical part of maintaining financial privacy in the world of Bitcoin, but if you don’t develop the habit early on, you leave yourself with a lot of work in future-proofing your funds.
Adding to the user’s burden to maintain their privacy is a non-starter for most, and as we expand Bitcoin ownership to a less tech-savvy audience, wallets will need to do more of the heavy lifting. Additions like Paynym and Steal Addresses are available to help reduce the re-use of addresses but have not received widespread adoption among Bitcoin wallets, and both implementations have shortcomings.
Why is static address use a problem?
Static address re-use refers to the practice of using the same Bitcoin address for multiple transactions. This is problematic for several reasons:
1. Privacy Risks:
Bitcoin transactions are recorded on a public ledger called the blockchain. If you use the same Bitcoin address repeatedly, anyone can track your transaction history simply by looking at the blockchain. They may not know your identity, but they will see that the same address is used frequently and could potentially track patterns in your transactions. This loss of privacy can make you a target for malicious actors.
2. Security Risks:
Bitcoin uses a digital signature to verify the ownership of the coins. If you re-use addresses, you expose more information about your private key with each transaction, which, in theory, could increase the risk of your private key being discovered.
3. Reduced Anonymity:
With address re-use, every transaction is linked to the past ones because they all share the same address. This means that if your identity is ever linked to your address, either through a purchase where you’ve disclosed personal information or a slip in operational security, all transactions linked to that address could potentially be traced back to you.
4. Future cost to you:
Repeated address use can potentially bloat your personal UTXO set on the Bitcoin Network. This is because when you spend coins from an address, you must reference all of the transactions that have ever sent coins to this address. The more transactions you’ve made, the more data must be included in the new transaction and end up costing you more to move, which is a pain if the UTXOs are made up of a bunch of smaller transactions.
Now you could adopt coin control in this intense to be more efficient with using those UTXOs, but really asking the average person to do this is like asking them to perform UTXO open-heart surgery.
5. Accounting headaches:
If you are conducting commerce that requires matching payments with the release of goods, services, tickets, event access or any other deliverable, you’re also encouraged to use a new address. Sure, you could match the transfer of the UTXO with its TX_ID, but this only adds to your work in matching payments, which is easier when you use a different address. In addition, you don’t want every client to see how much funds are flowing ad into your account.
For these reasons, it is advisable to use a new address for every transaction to maintain privacy, security, and efficient use of the Bitcoin network.
What are my options today when receiving Bitcoin?
If you are receiving Bitcoin for your business, organisation or for personal donations, and you are using a static address, consider this a burner address and any funds you sweep from it should be swept into a CoinJoin if you wish to preserve forward privacy so you can avoid having peeping toms watch your sats long after you receive them.
Generating addresses on the fly.
Your next option would be to spin up an x-pub that will give you multiple addresses, but you still have no way of serving them to users dynamically. If you have a list of x-pubs created, you’re better off using something like BTCPay Server to manage this for you by providing an address when a user prompts a payment. This, of course, requires you to run a node and might be out of the reach of some users.
Barries to PayNym
Another option would be to create a PayNym using a wallet like Samouri or Sparrow. Once you have a PayNym, you can share the human-readable handle you created, your associated Paynym address or QR code anywhere you like to receive payments. The issue here is that not every Bitcoin wallet, exchange wallet or Lightning wallet/submarine swap to on-chain will understand this address format, so you’re limiting your reach.
Additionally, BIP 47 does have the major drawback of manual intervention to sweep funds by requiring a notification transaction for funds to be easily recovered, which is another pain for users.
What is a Silent Payment?
In March of 2022, Ruben Somsen proposed “Silent Payments,” a new approach to reusable payment codes that would be an alternative to PayNym and Stealth Payments but draw inspiration from both options.
Silent payments remove the need for a notification transaction entirely by leveraging the outputs in a transaction to signal to the recipient when funds are intended for them. Silent Payments leverages advance in Bitcoin signature creation and scanning to remove the need for a notification transaction and should be a far more scalable solution for privacy advocates.
The characteristics of silent payment include:
- No increase in the size or cost of transactions.
- The resulting transactions blend in with other Bitcoin transactions and can’t be distinguished.
- Transactions can’t be linked to a silent payment address by an outside observer.
- No sender-receiver interaction is required.
- No linking of multiple payments to the same sender.
- Each silent payment goes to a unique address, avoiding accidental address reuse.
- Supports payment labelling.
- Uses existing seed phrase or descriptor methods for backup and recovery.
- Separates scanning and spending responsibilities.
- Compatible with other spending protocols, such as CoinJoin – Light client/SPV wallet support.
- The protocol is upgradeable.
How does a Silent Payment work?
When Alice goes to send funds to Bob, she takes three keys and creates a unique one-time address that only Bob controls the keys to.
These three keys are the
- Public key of the output(s) Sender wants to send to Reciever.
- The recievers public key in his reusable payment code.
- A shared secret (generated using the same cryptography as stealth addresses and BIP 47, “ECDH“) that only the sender and receiver know.
These three keys combine into a unique one-time address that the receiver can then validate and spend from later. This payment appears exactly like any other payment using the same script type (i.e. Taproot), thereby preventing an outside observer from even knowing that this transaction is a Silent Payments.
When the sender combines these three keys, they generate a new public key (or address) and send the intended funds to this new address that only the recipient controls.
The limitation of Silent Payments
Since a Silent Payment user must scan all transactions on the blockchain from the point that he generated the payment code, it brings in significant overhead to manage these payments. When you receive a Silent Payment you have to go through every transaction, compute the shared secret for each input and compare to the outputs until you find the right match.
Scanning is relatively costly and can only be performed with a Bitcoin full node; limiting their use in theory if full node usage doesn’t continue to grow.
If you don’t wish to give your recipient so much work to try and secure a payment, there are ways of making it easier for them to reduce their need to scan every transaction, namely:
- Create a “generation” date when you create a Silent Payment address and save it so that when you need to restore, you can start scanning only from that block forward on chain, instead of from the Genesis block.
- Only check Taproot outputs, as very few outputs are currently Pay-to-Taproot; this will eliminate a large percentage of transactions but becomes less effective as Taproot transactions become the norm.
- Only check the UTXO set instead of scanning every historical transaction, as you are only concerned with new, incoming, and unspent outputs.
Do your own research.
If you want to learn more about silent payments, use this article as a jumping-off point and don’t trust what we say as the final say. Take the time to research, check out their official resources below or review other articles and videos tackling the topic.
Are you a Bitcoin and privacy fan?
Have you been using Bitcoin privately to mask your on-chain footprint? What is your preferred method of masking your transactions? Which app is your favourite? Have you tried all the forms of privacy payments? Which one do you prefer? Do you have any tips for keeping chain analysis in the dark?
Let us know in the comments down below.
