Skip to content

Add Silent Payments Support#587

Open
macgyver13 wants to merge 18 commits intoColdcard:new_edgefrom
macgyver13:silentpayments-bip375-psbt
Open

Add Silent Payments Support#587
macgyver13 wants to merge 18 commits intoColdcard:new_edgefrom
macgyver13:silentpayments-bip375-psbt

Conversation

@macgyver13
Copy link
Copy Markdown

@macgyver13 macgyver13 commented Nov 26, 2025
edited
Loading

Finally consider this PR ready for review and feedback to determine next steps.

TODOs:

  • verify silent payments labeled address handling
  • verify multi sig silent payment workflows
  • address edge cases / attack scenarios
  • (on hold) test on real hardware - evaluate memory and performance
  • (partial) proper UI/UX for Silent Payments - seeking feedback

Screenshots

Updated UX with - silent payment address - appended to - to address -

SHIFT SYM CAPS SHIFT SYM CAPS SHIFT SYM CAPS

Contribute Shares Prompt

0F056943EDGE

@macgyver13 macgyver13 mentioned this pull request Nov 26, 2025
Open
@macgyver13 macgyver13 force-pushed the silentpayments-bip375-psbt branch from e065256 to 4923edd Compare December 4, 2025 22:37
scgbckbone
scgbckbone reviewed Dec 5, 2025
View reviewed changes
Comment thread shared/bech32.py Outdated
@macgyver13 macgyver13 force-pushed the silentpayments-bip375-psbt branch from 4923edd to c5b5977 Compare December 5, 2025 21:28
@FreeOnlineUser FreeOnlineUser mentioned this pull request Jan 7, 2026
Open
nymius
nymius reviewed Jan 30, 2026
View reviewed changes
Comment thread shared/silentpayments.py Outdated
@scgbckbone scgbckbone mentioned this pull request Mar 18, 2026
Open
@macgyver13 macgyver13 force-pushed the silentpayments-bip375-psbt branch from 2554014 to b39d529 Compare March 26, 2026 13:29
@macgyver13 macgyver13 marked this pull request as draft March 26, 2026 13:33
@macgyver13 macgyver13 force-pushed the silentpayments-bip375-psbt branch from b39d529 to ecbd31f Compare March 27, 2026 01:25
@macgyver13
Copy link
Copy Markdown
Author

macgyver13 commented Mar 27, 2026

Still have plenty of tasks to do on this PR but wanted to provide a checkpoint given the number of changes. I can break this into multiple PRs if preferred. I expect commits 7887701 through c516610 to remain stable.

Core Changes:

  • fix: (psbt v2)
  • fix: (usb_test)

Silent Payments Changes:

  • Standardized testing to use pytest and simulator instead of ngu_wrapper
  • Added bip375_test_vectors.json and parameterized test_silentpayments to use each vector
  • Introduced the workflow of contributing shares but not signing when multi-signers contribute to a SP output
  • Silent Payments Address is now appended to UI text instead of replacing - to address -
  • Labeled silent payments addresses are rendered correctly for change
  • Added BIP376 fields and associated operations

TODOs:

  • Considering how to show BIP353 HRN when provided by wallet coordinator like Sparrow
  • Identify sensitive material areas that need to be cleared
  • Add more tests to handle edge cases - open to suggestions
  • Consider doc/silentpayments.md

@macgyver13
nit: mark bitcoind dependent sign tests
5229033
@macgyver13
bump submodule versions
940ab93 
external/ckcc-protocol
- Add bip375 and bip376 constants
external/libngu
- Expose ec_pubkey_combine
- Expose ec_pubkey_tweak_mul
- Add bip352_encode
@macgyver13 macgyver13 force-pushed the silentpayments-bip375-psbt branch from ecbd31f to 9434786 Compare April 28, 2026 21:11
macgyver13 added 16 commits April 30, 2026 10:34
@macgyver13
BIP-352: implement Silent Payments cryptographic primitives
6633e15 
Add bip352 crypto primitives / helpers
Add bip352 tagged hashes
@macgyver13
BIP-374: implement DLEQ proof generation and verification
baac8dd 
Add bip374 tagged hashes
Add dleq bip374 reference generate_dleq_proof, verify_dleq_proof functions
@macgyver13
SP: add SilentPaymentsMixin
90fbe6d 
Extend psbt handling with silent payment specific functions
Incorporate validation functions from bip375 test vectors
- psbt_structure, input_eligibility, ecdh_coverage
Add private key derivation helper functions
@macgyver13
fix: (psbt v2) structural changes
b2506b5 
Only store key_data for short_values - remove key_type
Only serialize PSBT_OUT_SCRIPT if self.script has a value
Adjust v2 script assert to not required if sp_v0_info is present
@macgyver13
fix: (usb_test) Unify local and globals dict to single namespace
441295c 
Provides silent payments testing framework with access to MockPSBT
@macgyver13
BIP-375: add test vectors
33f890b 
Use devtest/verify_sp_outputs.py for simulator testing 
Add testing/test_bip375_vectors.py and testing/bip375_test_vectors.json
- Correct input eligibility ecdh share assumptions
Add devtest/unit_silentpayments.py to perform unit testing via simulator
Mirror psbt fields in testing/psbt.py
@macgyver13
BIP-352: add test vectors
dcb06b2 
Add testing/test_bip352_vectors.py and testing/bip352_test_vectors.json 
- Verify SP sending and receiving test vectors
@macgyver13
BIP-375: implement Silent Payments PSBT signing workflows
faeef4c 
Integrate preview silent payment address as output in auth:interact
Integrate silent payments in signing workflow
Add sp_hrp property to chains.py
Add silent payments fields to psbt.py
@macgyver13
BIP-376: handle spending silent payments outputs
59798e9 
Add sp_spend support to _derive_input_privkey
Validate bip376 spend key derivation
@macgyver13
SP: add Silent Payments integration tests
c186494 
Create end-to-end tests for SP in testing/test_silentpayments.py
- Expose foreign_mk for partial ownership coverage test
Integrate SP spend into psbt functions: consider_inputs, determine_my_signing_key, sign_it
- Synthesize parsed_subpaths from PSBT_IN_SPEND_BIP32_DERIVATION
- Set input.sp_idxs to placeholder to synthesize input is_owned
- Implement SP input signing
Refactor _compute_and_store_ecdh_shares and _derive_input_privkey to leverage input.sp_idxs
@macgyver13
SP: introduce partial share contribution workflow
ea54a41 
Add test to validate 'Contribute Shares?' UX
Simplify SP preview and signing code paths
@macgyver13
SP: introduce UI change output validation
8459a91 
Add silent payments label change tests
- Detect presence or absence of 'Change back:' in UI story
Add multi-signer incomplete coverage scenario tests
@macgyver13
SP: add sp spend derivation path tests
b1d2e61 
Verify SP spend path was derived from m/352h
Add signature verification for taproot inputs and SP outputs
@macgyver13
SP: add docs/silentpayments.md
900e650
@macgyver13
SP: implement bip352 generic format export
20eac9c 
Include key-value pairs: spscan, deriv, name, xfp, key_exp in bip352 dictionary
Add bip352 test block to test_export_coldcard
Support bech32m 1023 character limit for silent payments
@macgyver13
SP: add more integration tests
c8be414 
Mixed inputs SP spend and P2TR
Reject non-SIGHASH_ALL
Reject psbt v0 send to SP output
@macgyver13 macgyver13 force-pushed the silentpayments-bip375-psbt branch from 9434786 to c8be414 Compare April 30, 2026 19:56
@macgyver13
Copy link
Copy Markdown
Author

macgyver13 commented Apr 30, 2026

Summary of changes since March update:

  • Added bip352_test_vectors.json and test_bip352_vectors.py
  • Added BIP376 spend path validation
  • Clear sensitive material in Silent Payments workflows
  • Added doc/silentpayments.md
  • Added bip352 generic format export
  • Total integration tests in test_silentpayments.py:
    • test_sp_signing_story
    • test_sp_p2wpkh_input
    • test_sp_p2tr_input
    • test_sp_mixed_inputs
    • test_sp_mixed_sp_spend_and_regular_input
    • test_sp_three_outputs_same_scan_key
    • test_sp_two_outputs_different_scan_keys
    • test_sp_mixed_output_types
    • test_sp_all_owned_multi_input
    • test_sp_partial_owned_coverage_complete
    • test_sp_partial_owned_coverage_incomplete
    • test_sp_partial_owned_coverage_incomplete_refused
    • test_sp_spend_silent_payment_output
    • test_sp_spend_silent_payment_output_with_taproot
    • test_sp_spend_wrong_tweak_rejected
    • test_sp_spend_wrong_purpose_rejected
    • test_sp_spend_wrong_coin_type_rejected
    • test_exit_gracefully_on_sp_validation_failure
    • test_sp_non_sighash_all_rejected
    • test_sp_psbt_v0_rejected
    • test_sp_spend_to_labeled_change_address

Testing

Targeted tests

cd testing
pytest test_bip352_vectors.py
pytest test_bip375_vectors.py
pytest test_silentpayments.py
pytest test_export.py::test_export_coldcard

General tests

DEFAULT_PYTEST_MARKS = "not onetime and not veryslow and not manual and not bitcoind"
python run_sim_tests.py --multiproc --num-proc 6

@macgyver13 macgyver13 marked this pull request as ready for review April 30, 2026 20:28
@macgyver13 macgyver13 changed the title WIP: Add Silent Payments + BIP 375 Support Add Silent Payments Support Apr 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@scgbckbone scgbckbone scgbckbone left review comments

@nymius nymius nymius left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@macgyver13 @scgbckbone @nymius