Skip to content

BIP 77: Payjoin Version 2 — Async Payjoin #1483

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 70 commits into
base: master
Choose a base branch
from
Open

BIP 77: Payjoin Version 2 — Async Payjoin #1483

Changes from 1 commit
Commits
Show all changes
70 commits
Select commit Hold shift + click to select a range
5e2f2aa
Draft payjoin v2 BIP
DanGould Jun 3, 2023
3df3f51
Include mailing list feedback
DanGould Aug 12, 2023
936d0e7
Include TABConf feedback
DanGould Nov 1, 2023
4069db5
Include padding
DanGould Dec 14, 2023
45daed4
Include production reference implementation
DanGould Dec 15, 2023
b593c45
Adopt BIP-77 for payjoin v2
DanGould Dec 27, 2023
6becb34
Distinguish payjoin directory from OHTTP Relay
DanGould Mar 6, 2024
754e287
Detail OHTTP Key Configuration mechanism
DanGould Mar 6, 2024
80b8bac
Fix punctuation
DanGould Mar 6, 2024
b5353b5
Make base64URL references consistent
DanGould Mar 6, 2024
9e8b4d7
Reference standardized Secp256k1 DHKEM for HPKE
DanGould Mar 6, 2024
3c1629b
Add Comments-URI
DanGould Mar 27, 2024
a0d3654
fixup: Format and spell check
DanGould May 3, 2024
b758311
Add BIP 77 to README
DanGould May 3, 2024
95a3b14
Add Payjoin V2 overview diagram
DanGould May 3, 2024
6646e99
Add Oblivious HTTP Sequence Diagram
DanGould May 6, 2024
5ff5b7a
Correct links and spelling
DanGould May 6, 2024
ce66047
Wrap <code> blocks
DanGould May 7, 2024
07db553
Fix basic scheme actors
DanGould May 7, 2024
b693fb9
Fix dead samourai links
DanGould May 7, 2024
f9b4b91
Orient motivation around a problem
DanGould May 10, 2024
bc3123e
fix links
DanGould May 10, 2024
35ebad8
Keyconfig s/should/must/ be provided
DanGould May 21, 2024
224208c
Fix typos
DanGould May 21, 2024
d7ffad8
s/pubkey/public key
DanGould May 21, 2024
3b863a4
Incorporate jonatack's suggestions
DanGould Jun 2, 2024
f86fe41
Incorporate more jonatack suggestions
DanGould Jul 6, 2024
5c65c21
Incorporate satsie's suggesetions
DanGould Jul 6, 2024
b701ade
Rename "Async Payjoin"
DanGould Jul 15, 2024
93b1e60
Replace BIP21 params with fragment params
DanGould Jul 15, 2024
7e7b3b4
Revise document to describe Payjoin Sessions
DanGould Jul 15, 2024
df3bd52
Revise Sequence Diagram
DanGould Jul 15, 2024
dc4a975
Spell initialize
DanGould Sep 26, 2024
87f892d
Update the bip to represent the stable protocol
DanGould Sep 26, 2024
11b1b83
Spell according to Type Checks's job
DanGould Sep 26, 2024
e44f748
Mention the format of the ohttp fragment
DanGould Sep 26, 2024
f7a5d25
Reference BIP 78 attack vectors
DanGould Oct 8, 2024
3b7be8c
Remove straggling text
DanGould Oct 8, 2024
66457a0
Specify authorization mechanism
DanGould Oct 9, 2024
c917eab
Use implicit session initialization
DanGould Oct 9, 2024
3046520
Specify cryptographic handshake based on Noise IK
DanGould Oct 16, 2024
28f064b
Add Spacebear's clarifications
DanGould Oct 21, 2024
915258a
Document subdirectory Short IDs
DanGould Jan 6, 2025
113c237
Require uppercase URL
DanGould Jan 6, 2025
a2b8009
Specify bech32 fragment parameter definitions
DanGould Jan 6, 2025
952156e
Uppercase URL specifically only after subdirectory
DanGould Jan 17, 2025
73941ab
Note payload uniformity via padding and ellswift
DanGould Jan 10, 2025
4853f5a
Include Message Byte Representations
DanGould Jan 10, 2025
69ae3f1
Document HPKE `info` strings
DanGould Jan 24, 2025
799e8c1
Truncate lines to 120 characters
DanGould Jan 24, 2025
a309129
Receiver's Original PSBT, not proposal
DanGould Mar 25, 2025
90eef4a
Specify no mixed [output script]
DanGould Mar 25, 2025
e5a3d17
Remove extraneous pipe character
DanGould Mar 25, 2025
9b2134b
Require BIPS 21, 78, 174
DanGould Mar 25, 2025
85ad617
Update checklist MUST/MUST NOT sections
DanGould Mar 25, 2025
05e54b8
inputs ⇒ input
DanGould Mar 25, 2025
74d2b9d
Clarify BIP 78 payjoin version 1 connection
DanGould Mar 25, 2025
16517de
Fix backwards compat language
DanGould Mar 25, 2025
b1d02f5
Payjoin version 2 URIs
DanGould Mar 25, 2025
cebc7b4
Reference Binary HTTP RFC
DanGould Mar 25, 2025
6a05b9f
Payjoin version 1 Proposal PSBTs
DanGould Mar 25, 2025
36d8431
Oblivous -> Oblivious
DanGould Mar 25, 2025
4661c43
Rm reference to 'production relays'
DanGould Mar 25, 2025
a0e5311
Repeat the active agent by name
DanGould Mar 25, 2025
8803dc3
Add Post-History
DanGould Mar 25, 2025
999c338
Title 'Async Payjoin'
DanGould Mar 25, 2025
34f66d0
Check spelling
DanGould Mar 25, 2025
a4d4065
directory -> mailbox
DanGould Mar 25, 2025
87d4038
Move ohttp= fragment param to link to frag spec
DanGould Mar 25, 2025
f74ad17
Mention URI keys as bootstrap mechanism
DanGould Mar 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Note payload uniformity via padding and ellswift
  • Loading branch information
@DanGould
DanGould committed Jan 17, 2025
commit 73941ab3d16b2f432ac25c7c6cbe11790cfb60b9
11 changes: 9 additions & 2 deletions bip-0077.mediawiki
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,9 +238,16 @@ OHTTP relays can be run as basic HTTP proxies from wallet providers or third par
<img src=bip-0077/oblivious-http-sequence.png></img>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m surprised that the sequence diagram above was drawn in ASCII, while this is an image. Perhaps both should be provided in the same style.



===Message Padding===
===Uniform Payloads===

Encapsulated OHTTP payloads and messages seen by the Payjoin Directory are constructed to be uniform so that the third-party services are unable to distinguish between them based on payload size or by distinguishing them from random bytes. However, the Encapsulated OHTTP message includes an uncompressed key for the DHKEM which is distinguishable from random bytes but uniform across different encapsulated requests.

OHTTP messages are padded to 8192 bytes.

HPKE message payloads are padded to 7168 bytes. Elligator swift is used to encode encapsulated HPKE public keys prepended to the HPKE ciphertext so that the payjoin directory can't distinguish between key material, the ciphertext, and randomness, so that the directory may accomodate new protocols in the future without discrimination.

This is sufficient size for most PSBTs without exceeding the [[https://www.geekersdigest.com/max-http-request-header-size-server-comparison/| 8KB limit]] of many HTTP/1.1 web servers. 8KB is also too small for image sharing, making misuse of the Payjoin Directory impractical.

All ciphertexts should be padded to the same length of 7168 bytes to prevent traffic analysis. This is sufficient size for most PSBTs without exceeding the [[https://www.geekersdigest.com/max-http-request-header-size-server-comparison/| 8KB limit]] of many HTTP/1.1 web servers. 8KB is also too small for image sharing, making misuse of the Payjoin Directory impractical.

===Secp256k1 Hybrid Public Key Encryption===

Expand Down