Whisper Addresses: Privacy preserving automatic bitcoin address generation in vanilla javascript \ stacker news ~bitcoin

Whisper Addresses: Privacy preserving automatic bitcoin address generation in vanilla javascript

2585 sats \ 1000 boost \ 18 comments \ @supertestnet 25 Mar 2022 bitcoin

By popular request, here is an explanation, video demo, and proof of concept website where I demonstrate my first privacy tech for bitcoin: #WhisperAddresses. https://github.com/supertestnet/whisper-addresses

Try it out on bitcoin's testnet. Or mainnet, if you like. In addition to helping with censorship resistance, it's also a way to generate fresh donation addresses on a blog without btcpay -- just copy/paste some javascript.

view all related items

12 sats \ 3 replies \ @Majjin 25 Mar 2022

This reminds me a lot of BIP47 PayNyms with a few tradeoffs. Let me know if I get any of these wrong!

Whisper Addresses:

Protocol seems more lightweight/simple
Whisper addresses require an out-of-band message for each transaction, so both parties must be online at the same time
If you lose a linking key, you lose access to the funds associated with that key

PayNyms:

More complicated protocol
A single notification transaction replaces all the out-of-band transactions and allows transactions without both parties being online at the same time
Recoverable if you do a notification transaction
Notification transactions may possibly tip onlookers on to the fact that you are doing PayNym transactions if they can link the notification address to your identity.

12 sats \ 2 replies \ @supertestnet OP 25 Mar 2022

Both parties don't need to be online at the same time, you can email the whisper key to the recipient whenever you want, including while he's offline. The money will stay in the whisper address until the recipient uses the whisper key to sweep it into his wallet or send the money to someone else. There's no time limit, he can wait as long as he wants to get and use the whisper key.

Other than that you got it right. Another wrinkle with whisper addresses is that it involves a one-way communication and that is not automated at all, at least not in the current state. If the sender of the money refreshes the page or forgets to send the email or does any of the myriad things that people do to make a mistake, he will lose his donation and the intended recipient will never receive it. (That may be easy to mitigate by making the user click a button whenever they generate a whisper address. Then I could use an automatic email or something like nostr to automatically send the newly-generated whisper key to the recipient. But it would also make it easier to spam him with whisper keys that don't hold any value.)

Other issues that people pointed out on telegram include:

it doesn't help your privacy if you dox yourself to an exchange
the police could do a sting operation by sending you some money, waiting for you to consolidate it with your other funds, and then confiscating the total the next time you send it to an exchange
(BTW noobs consolidate their funds all the time. Noob-friendly wallets actually do it automatically on the assumption that it's what a noob would want)
if the whisper keys are sent via email then email is the new point of failure. Trudeau can tell google "show us all the emails containing whisper keys" and google will probably be happy to do it. Once they do that, your whisper addresses are doxed, assuming they know your linking key (which is supposed to be public on your website)

1 sat \ 0 replies \ @pigman 25 Mar 2022

Another benefit of using nostr for transferring the whisper key is a recipient web app could be built that filters out keys without a balance and allow for easier/more precise sweeping.

0 sats \ 0 replies \ @Majjin 25 Mar 2022

The email vulnerability seems easy to avoid by using encrypted channels of communication (like nostr). The other vulnerabilities seems be present in PayNyms as well. Its probably wise to mix your funds in either case and to avoid consolidating them whenever possible.

11 sats \ 8 replies \ @pigman 25 Mar 2022 freebie

Very cool, nice work.

Using something like an encrypted nostr message to transmit the linking key instead of email would remove the sender out-of-band communication and avoid the fatal refresh issue. Just a thought.

0 sats \ 7 replies \ @pigman 25 Mar 2022

Technically the nostr message is still out-of-band, but is sent programatically and free (for now) which is what I was getting at.

1 sat \ 6 replies \ @supertestnet OP 25 Mar 2022

I'm definitely on board with sending whisper keys to the recipient via nostr. It would be a bit of spam though for any popular site because most whisper keys will never be used. But I can make a toggle when generating your linking key to "turn on nostr backup" or similar, where you put in your nostr pubkey and then your site will send an encrypted message to you every time someone generates a whisper key on your website.

0 sats \ 1 reply \ @pigman 25 Mar 2022

You could also put the sender instantiation behind a "generate" button to avoid creating a nostr message for every page load. I want to avoid spamming nostr as well but luckily the traffic will be coming from the client so relay anti-spam prevention can be applied.

0 sats \ 0 replies \ @supertestnet OP 25 Mar 2022

Putting address generation behind a generate button is a very good idea. I'll have to change the template message too. Instead of "you received money" it will have to say "maybe you received money" or similar.

0 sats \ 3 replies \ @thrown 25 Mar 2022

It would be a bit of spam though

you’re paying for it, so it’s not spam. more like a normal message delivery service. i would hope that encrypted payloads become more common on nostr tbh.

0 sats \ 2 replies \ @supertestnet OP 25 Mar 2022

Nostr payloads are not currently charged for, they are free. So you're not paying for them.

0 sats \ 1 reply \ @thrown 25 Mar 2022

Node operators don’t charge yet only because nobody implemented a good / easy UX around it. But there is at least one node they implemented a lightning invoice for access to their node.

I think the point (at least what makes it appealing to me) is that NOSTR nodes can provide transparent business models.

0 sats \ 0 replies \ @supertestnet OP 25 Mar 2022

yes I fully agree

10 sats \ 2 replies \ @thrown 25 Mar 2022

I read this and couldn’t help but think that this is just the shared secret pattern. was that the inspiration?

0 sats \ 1 reply \ @supertestnet OP 25 Mar 2022

I'm not familiar with the term "shared secret pattern." The inspiration was bip47.

0 sats \ 0 replies \ @thrown 25 Mar 2022

I only know how it works in Gun. But basically, you generate a secret based upon one of the person’s keys. Then the other person can decrypt it with one of their other keys.

But in Gun, each user has 4 keys. pub, private, epub, epriv. The epub and epriv are used in the secrets.

https://github.com/amark/gun/wiki/SEA#example---public-key

1 sat \ 0 replies \ @DarthCoin 25 Mar 2022

Nice and interesting solution. This could be used for other purposes. I think your initiative driven by "police looking to ban addresses" is flawed.

People are looking to the wrong solution with all these invasions of privacy.

IS NOT THEIR DAMN BUSINESS what are you doing with your own money.
Nobody have any authority or jurisdiction over your own money (only if you consent to give it)
Stop complying, damn it! They do what they do, because you comply as a slave. Tell them a nice FUCK OFF (as I did)
Be a sovereign man not an obedient slave! Learn how to fight the system with their own instruments.
Stop being scared and try for solutions to hide your activity. Confront the damn aggressor, be the lion not the scared rabbit. Use the affidavit, the most powerful paper in the world. They will all run to the hills when will see the affidavit.

0 sats \ 0 replies \ @kc_hodl 26 Mar 2022

This is dope af! Well done ser