Sick of having to create a new Bitcoin address each time someone wants to send you some funds? Want a single, forever reusable Bitcoin address that doesn’t destroy your privacy? That’s what Silent Payments are here to fix with a potential new upgrade in the works that could be the ultimate stealth mode for your Bitcoin wallet.
Contents
What Are Silent Payments?
Silent payments are a way for users to have a static receive address for others to pay them with, whilst at the same time preserving their privacy. These types of addresses are also referred to as “reusable payment codes” or “stealth addresses” and look like this:
sp1qqttuwe3e5mqqw0lpftpewrrtq4cq6lmjn0wgfqvnee9p7g0cjjs9cq6d824qqw37pzflk6c26k84ry96mlhh85s907al62gm6fl0xf8fusvktrxj
This is in contrast to a regular Bitcoin Address that might look like this:
bc1pfdndvt75jg6037t60782vx56jv03xlrchxr70435cr80cy66rkgshjkda3
Silent Payments (BIP-0352) was originally proposed by Ruben Somsen back in March 2022 and since then has received a number of rounds of review by the community. Reusable addresses (or codes) have been suggested for a while now (since 2015), but have recently gained new attention due to this new proposal as it offers an efficient, scalable and extremely private solution.
Why Are They Needed?
To receive bitcoin you need a bitcoin address. It’s quick, easy and free for your wallet to generate new addresses for you, but if you need to receive multiple payments from the same or different people things start to get a bit tricky.
Address Reuse & Privacy
It’s possible to just use the same address over and over again, but as noted in our Beginners Guide To Bitcoin Privacy, reusing addresses is incredibly bad for your privacy as well as the senders. This is because it makes it easy for Chain Analysis firms or other outside observers to track all the payments and link them together, often with bad consequences for everyone involved.
For example, if you’re a business owner and have everyone who buys goods from your shop pay you to the same bitcoin address, everyone can see exactly how much bitcoin you have simply by looking it up on a public block explorer. Maybe one of your customers sees you have 10 BTC sitting there and decides to introduce you to their $5 wrench. Not great!
Instead, each time you receive funds it should go into a brand new address. Once the funds in that new address are spent it should never be used again. This way outside observers can only see the details and amounts of the address they used, nothing else.
Pseudo Anonymous Protection
Having outside observers see how much bitcoin you own isn’t the only reason to use a new address for incoming payments. If you use the same address over and over for multiple payments, it’s quite likely that at least one of those transactions will be linked to your real world identity at some point.
Maybe you have a whole bunch of non-KYC bitcoin, but then use that same address to buy something from a shop you give your real details to. Or maybe you buy bitcoin from a KYC exchange and send it to the same address. Now all the other non-KYC bitcoin are compromised as it’s clear the same owner controls all the funds in that one address.
Malware & Cybersecurity Risks
Generating a new address each time to protect your security and privacy can either be a manual or automated process. You can do it manually each time someone wants to pay you, but this obviously takes time and is annoying. It also means you have to communicate the address to the sender each and every time.
This communication itself introduces a number of potential security risks such as man in the middle attacks, copy/paste malware attacks or just plain old human error mistakes. Each time you send the new address, it can be intercepted and changed by an attacker resulting in a loss of funds.
Generating the new address automatically is better as it saves time and effort, but requires back end systems like BTCPay Server. For many people setting up this software and hardware is too technical, time consuming or expensive. Even if it’s not, it requires ongoing maintenance and an “always on” internet connection to work which isn’t very user friendly.
Security & Privacy By Default
Receiving a payment in bitcoin should be secure, private, simple and free by default. Unfortunately this isn’t the case right now due to the issues described above, but Silent Payments is a solution that gets us much closer to this ideal scenario.
Benefits Of Silent Payments
Besides the obvious benefits of having a permanent, never changing receive address just being a simpler, quicker and more secure way to receive Bitcoin, silent payments have a number of other fantastic benefits. To start with, it’s bitcoin address type agnostic and it doesn’t increase the transaction size at all, which means there’s also no increase in the fee costs.
Silent payment transactions are also indistinguishable from other non silent payment transactions which means they blend in seamlessly and can’t be linked to a silent payment address by outside observers. Even if a sender makes multiple payments to the same sender it can’t be linked back. This makes them not only efficient, but the most private option of all the solutions proposed so far.
Each silent payment goes to a unique address ensuring maximum privacy and no address reuse. Finally, there’s no interaction between the sender and receiver required for the transaction to take place. This is fantastic for those that don’t want to run and maintain server infrastructure just to get better privacy.
What Wallets Support Silent Payments?
Currently silent payments is a feature that’s still under active development by the Bitcoin Core community and as such, most major wallets don’t support it. There are a few wallets that are developing it though and some even have it working in live beta releases:
- Silentium (GitHub)
- Cake Wallet (beta)
- SeedSigner (experimental)
How Do Silent Payments Work?
Normally when you want to receive bitcoin you’d have your wallet software generate a new bitcoin address and then send that information to the other person. If they want to send you more bitcoin or a different person wants to send you bitcoin then you’d generate a second or third address.
With silent payments you instead simply generate one, permanent silent payment address like what’s shown below. This address is a bit bigger than a regular bitcoin address, but you can give it to as many people as you want and they can all send you as many payments as they want.
sp1qqttuwe3e5mqqw0lpftpewrrtq4cq6lmjn0wgfqvnee9p7g0cjjs9cq6d848qqw37pzflk6c26k84ry96mlhh85s907al62gm6fl0xf8fusvktrxj
Each time they do, it’ll automatically generate a new (regular) bitcoin address for that specific transaction which will protect your privacy and theirs. Your silent payment address can also be encoded into a QR code just like normal bitcoin addresses and you could even print it out or post it on a website if you ran a business.
More In Depth Details
Getting a bit more technical, silent payment addresses work by combining the public keys of both the sender and receiver, as well as a shared secret key, to automatically create the new receive address that only the receiver has the authority to spend.
The creation of the receive address is done entirely by the sender and doesn’t require the receiver to be online at all. All the sender needs is their original silent payment address and they then use three keys to create the receive address:
- The public key of the output the sender is sending to the intended recipient
- The public key in the recipients reusable payment code
- A shared secret key (generated using ECDH) that the sender and recipient know
Once the sender has generated this new receive address, they send their funds to it. From here the receiver is the only one that can spend the funds in it. But given the receiver isn’t involved in this process at all, how do they know when they’ve been paid? More importantly, how do they know what address the payment has been made to?
History Of Stealth Addresses
Users of bitcoin have wanted private payments for years now, so it’s not surprising that there have been other, much older, proposals. These older solutions had their own problems, which also revolved around how the receiving party would learn about their new payment.
An original proposal, called PayNyms (BIP-0047), required notification transactions to be done on chain in order for the sent funds to be easily recovered. This was considered to be unacceptable by a number of developers as it not only wasn’t great for privacy – as the transactions stuck out like a sore thumb on the blockchain – but also because it required extra transactions.
This was not just inefficient, but costly too as those extra transactions would of course require Transaction Fees to have them processed. While silent payments do away with this notification transaction requirement, they do introduce another slight drawback.
Drawbacks Of A Silent Payment Address
This question of how a receiver knows that they’ve been paid brings us to pretty much the only drawback of silent payments.
If the wallet that’s receiving the funds wants to check to see if they have any new payments, they need to scan through each and every transaction and check all the inputs. This scanning process uses the receivers private keys, is moderately CPU intensive and obviously requires the wallet to have access to the raw transaction data.
In general there’s two types of wallets, ones that are connected to and backed up by a full Bitcoin Node – that is, a node that has a full copy of the entire blockchain including all blocks and all data inside those blocks – and ones that are connected to a Light Node (also called a Pruned Node).
Light Nodes only store block headers instead of full blocks. This allows them to interact with the Bitcoin Network and not have to download and store the entire Bitcoin Blockchain, but at the same time means they can’t fully validate the entire network. They use the least amount of disk space
Wallets that are connected to Light Nodes are called Light Clients. As these light client wallets do not process blocks and don’t have a direct connection to a node which does process blocks, getting the transaction data to do the scanning requires a bit more work.
Currently Silent Payments do work on light clients, but they must reach out and request specific information from the node they’re connected to in order to perform the scanning process. These requests consume data and take time, so they need to be minimized as much as possible both for a good user experience and to reduce bandwidth costs for the user and provider.
Fortunately there’s a lot of pretty simple ways this scanning process can be sped up by requesting what’s called “Tweak Data”. Current suggested ways to narrow in and reduce the amount of data that’s transferred include:
- Only requesting transactions that were sent past a certain point in time, such as when the wallet last checked in to get transaction data
- Only requesting transactions that haven’t already been spent
- Only requesting transactions that have at least one Taproot output in them
- Only requesting transactions that have outputs over a certain dust size (say 1,000 sats)
These qualifiers drastically reduce the amount of tweak data that’s needed to be transferred, but there’s also another great way to hugely reduce this burden, request it less often.
If a transaction has an output that has already been spent, then obviously it’s not relevant to the receiver as it’s clearly not a payment meant for them. The thing is, the longer the wallet waits to get updates on all the possible transactions, the higher the probability that more and more transaction outputs will have been spent. This means there’s less and less valid transactions that need to be checked!
Obviously everyone likes to know that they’ve been paid immediately, but if the wallet simply waits a day, three days, a week or even a month, the amount of data that’s valid and thus needs to be transferred reduces drastically.
By checking once every three days, it reduces data use by 70%. If the wallet only checks once every month it reduces data use by 95%. It seems clear that even with these very simplistic rules a light client wallet could receive Silent Payments easily and efficiently.
Hopefully even this slight downside can be mitigated even further in the future as it would pretty much make Silent Payments a perfect solution to a very long term pain point. Even if it’s never solved beyond this current limited implementation, the data bandwidth requirements seem quite reasonable in today’s bandwidth hungry world.
For example, a light client wallet that checks once every 3 days would use at most 15 MB of data per month. Hardly a blip in a world where social media regularly chews down GB’s of data (per person) daily!
The Future Of Silent Payments
Although silent payments was first proposed way back in 2022, that’s not a huge amount of time when it comes to Bitcoin Core development. Improvements to Bitcoin are thoroughly discussed and argued over by hundreds of people all over the world before they’re even considered for inclusion in a new version.
So these are still early days for the proposal, but the future looks bright indeed. This is the most private, most efficient and best proposal yet. Yes, it does have its one slight drawback of requiring some CPU intensive scanning of the blockchain, but with further development it’s highly likely that this can be made a lot more efficient.
There’s even been proposals of linking a silent payment address to a DNS based, human readable format. This would mean that instead of a QR code or some huge string of random numbers, all you’d need to receive unlimited, totally private and secure payments forever is something like “dude@company.com”.
It’s possible that in a decade we’ll look back on the “normal” bitcoin addresses we all use now as being as archaic as having to remember everyone’s mobile number.
Note: Big thanks to Seth For Privacy for their excellent technical articles that were used.