Add Silent Payments (BIP-352/375) send support #864
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Implements verification for sending to Silent Payment addresses (sp1.../tsp1...). SeedSigner independently re-derives the expected Taproot output from the scanned SP address and verifies it matches a PSBT output from the coordinator wallet. User flow: 1. Scan SP address QR -> SeedSigner stores B_scan, B_spend 2. Scan PSBT from coordinator (BlueWallet, Sparrow, etc.) 3. SeedSigner verifies a P2TR output matches the SP-derived address 4. User sees "Silent Payment Verified" with original sp1... address 5. User approves and signs New files: - src/seedsigner/helpers/silent_payments.py - BIP-352 crypto operations - tests/test_silent_payments.py - Unit tests with official test vectors Modified: - QR detection for sp1.../tsp1... addresses - PSBT parser with SP output verification - Views/screens for SP address handling Passes BIP-352 test vectors from bitcoin/bips repository. Related: SeedSigner#569 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add docs/silent_payments.md: comprehensive user guide explaining: - What Silent Payments are and privacy benefits - How verification works (before vs after) - The risk of unverified SP transactions - Step-by-step usage instructions - Why SeedSigner can only verify, not generate SP addresses - Update docs/qr_formats.md: add SP address to supported QR formats - Expand silent_payments.py docstring with detailed security model 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implements automatic Silent Payment verification when coordinator wallets include BIP-375 fields in PSBTs, eliminating the need to scan SP addresses separately. New functionality: - BIP-374 DLEQ proof verification (verify_dleq_proof) - BIP-375 PSBT field parsing: - PSBT_GLOBAL_SP_ECDH_SHARE (0x07) - PSBT_GLOBAL_SP_DLEQ (0x08) - PSBT_OUT_SP_V0_INFO (0x09) - PSBT_IN_SP_ECDH_SHARE (0x1d) - parsing only, aggregation future - PSBT_IN_SP_DLEQ (0x1e) - parsing only - SP address encoding (encode_silent_payment_address) Verification priority: 1. BIP-375 fields present → verify via DLEQ (automatic) 2. User scanned SP address → verify via re-derivation (fallback) 3. Neither → display bc1p... only (no verification) Tests: 25 tests passing (8 new for BIP-375/374) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents the relationship between BIP-375 fields and PSBT versions, noting that embit preserves BIP-375 fields in its unknown dict regardless of PSBT version, and most coordinators use v0-compatible PSBTs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add get_psbt_version() and is_psbt_v2() helper functions - PSBT_GLOBAL_VERSION (0xFB) field detection for v2 PSBTs - Log PSBTv2 detection in PSBT parser for diagnostics - Add 5 new tests for PSBTv2 detection (30 tests total) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Previously _verify_sp_outputs() was only called when pending_sp_address was set (user scanned SP address first). Now it's always called, allowing BIP-375 automatic verification to work without pre-scanning. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The embit secp256k1.ec_pubkey_negate() function RETURNS the negated point as a 64-byte raw value - it does NOT modify the input in-place. This was causing DLEQ proof verification to always fail because the original (non-negated) points were being used in the combine operation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Link to bip375-test-tools for testing BIP-375 verification without needing a full coordinator wallet setup. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document new testing tool capabilities: - Seed QR export for loading test keys - Animated UR QR codes - Camera scanning for signed PSBT verification - Full end-to-end signing flow testing 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses #569 (Silent Payments bounty)
Description
Adds full Silent Payments send support, enabling SeedSigner to sign transactions to
sp1...addresses while verifying the output derivation is correct.Key features:
sp1.../tsp1...addresses1. Automatic (BIP-375): Coordinator includes proof data in PSBT → SeedSigner verifies via DLEQ
2. Manual: User scans SP address first → SeedSigner re-derives and verifies the output
Why this matters:
Without this, users see only a random
bc1p...address with no way to confirm it corresponds to their intendedsp1...recipient. Buggy, compromised, or MITM-attacked wallet software could substitute a different address. SeedSigner now independently verifies the derivation before signing.Demo video:
New.project21.mp4
Test tool: https://github.com/FreeOnlineUser/bip375-test-tools
Generates valid BIP-375 PSBTs with fake inputs for testing the complete signing flow.
Files Changed
src/seedsigner/helpers/silent_payments.py- Core SP/DLEQ implementationsrc/seedsigner/models/psbt_parser.py- BIP-375 field extraction and verificationsrc/seedsigner/models/decode_qr.py- SP address QR decodingsrc/seedsigner/views/scan_views.py- SP address scanning flowsrc/seedsigner/views/psbt_views.py- Display verified SP addressessrc/seedsigner/gui/screens/psbt_screens.py- UI for SP verification statusdocs/silent_payments.md- User documentationtests/test_silent_payments.py- Comprehensive test suiteRelated BIPs
This pull request is categorized as a:
Checklist
pytestand made sure all unit tests pass before submitting the PRIf you modified or added functionality/workflow, did you add new unit tests?
I have tested this PR on the following platforms/os: