I am looking to understand the BIP 47 ( Reusable Payment Addresses ) use case.

[Volition]

It seems like most people are using them with an anonymous identity ( ex: paynym )... But one of the great value propositions seems to be associating it with your real identity.

Let's say you're a content creator that accepts donations. Is that a legitimate use case or am I misunderstanding the point of them?

https://samouraiwallet.com/paynym

[MusaMohamed]

BIP 47
Implementing reusable payment codes in Bitcoin wallets to improve user privacy
BIP47: Reusable Payment Codes for Hierarchical Deterministic Wallets

It is usable for HD wallets that have bloom filtering and so far Samourai walelt is the only wallet supports BIP47.

[crwth]

It is a use case for sure. It would be easy to share your Paynym and it wouldn't reveal privacy problems that can occur once you have publicized a Bitcoin address or something. You can't be pointed by firms that study the blockchain etc.

[franky1]

dumbing things down

alice and bob need a shared secret to start with.

thus they are later able to agree on a nonce/salt to an agreed address which is funded. thus it looks to the public like funds are moving to random people even though alice and bob are sending funds to each other via known HDwallet(multiple addresses) between them

EG
if they both have the same secret. they can derive the same address lists..  they can then agree "today is salt 28" and so bob knows he will receive coins on HD wallet address number 28 of the secret. and alice knows to pay bob on that derived address because she has the secret and the salt to know where to send funds to ensure it goes to bob


flaws:
seems easy upfront to pay someone via different addresses by pre-agreeing a secret to share.

however. if alice send say 1000sats each day to 100 addresses of the secret.. .. eventually bob may want to then spend 100,000sats after a few months. and suddenly all them separate outputs are seen as being spent in the same transaction because its bobs wallet spending his combined balance. thus undoing any initial perceived "privacy"

the only way bob can avoid this is by spending each 1000sat output individually to avoid associations

[Volition]

It is a use case for sure. It would be easy to share your Paynym and it wouldn't reveal privacy problems that can occur once you have publicized a Bitcoin address or something. You can't be pointed by firms that study the blockchain etc.

Sorry, I was not clear, let's say you're a content creator that uses their real name and identity and you want to post a donation address on the screen during one of your live streams. Still cool to use the same payment address over and over again?

flaws:
seems easy upfront to pay someone via different addresses by pre-agreeing a secret to share.

however. if alice send say 1000sats each day to 100 addresses of the secret.. .. eventually bob may want to then spend 100,000sats after a few months. and suddenly all them separate outputs are seen as being spent in the same transaction because its bobs wallet spending his combined balance. thus undoing any initial perceived "privacy"

the only way bob can avoid this is by spending each 1000sat output individually to avoid associations

Ahhh, yes, that makes sense! If one can see all of these UTXOs head out all at once, you can start making more and more accurate inferences. Don't matter if you HODL though.

Though, if you consolidate or spend small amounts at a time it makes it much easier to maintain that privacy.

Okay, so they are deriving these shared secrets via derivation paths I assume. So a wallet needs to be ready to scan them... I assume it's been implemented in such a way that the wallet knows to keep scanning till it hits a zero.

TY!!!

[crwth]

It is a use case for sure. It would be easy to share your Paynym and it wouldn't reveal privacy problems that can occur once you have publicized a Bitcoin address or something. You can't be pointed by firms that study the blockchain etc.

Sorry, I was not clear, let's say you're a content creator that uses their real name and identity and you want to post a donation address on the screen during one of your live streams. Still cool to use the same payment address over and over again?

Hmm if I was a content creator and I don't mind being d0xed, I shouldn't have any problem reusing a BTC address or something. Maybe you can even generate a vanity address for that so they would know it's you.

[franky1]

the whole payment code is simple

when you want someone to pay you, you usually press a 'generate address' button which derived from your key. adds another address tro your wallet for it to monitor incoming payment after ou pass around that address.. thus you +1 the nonce/salt of a new address..

however this scheme is where the other person that knows your secret can generate a new address to you to send you funds without you having to give them a new address.. and they notify you that they are sending funds to a new nonce of the key thus allows your wallet to also move your nonce to the also add the same address to your wallet to then see the payment

EG if old wallets only scan/look for address 1,2,3,4,5  its not yet looking for 6,7,8,9 because you have not pressed the generate address to trigger 6,7,8,9

these payment codes notify your wallet that someone has sent funds to 6,7,8,9 so that your wallet would too generate them same addresses to start watching for incoming transactions on 6,7,8,9 even if you did not manually trigger the generation of 6,7,8,9

the issue still remains.. the need of sharing the secret upfront. meaning you have to choose who you get into this relationship with

the silly part is you need to secretly communicate before setting up this relationship to secretly share a secret..
however you might aswell not tell them a secret which they can abuse.. and instead during the private communication. just send them a list of 100 public addresses for them to use. and just give them an upfront list of public addresses as they are used.. thus no need of a shared secret