Wallet developers implementing payjoin face a serious privacy flaw: transaction fingerprinting. Armin Sabouri detailed this on Delving Bitcoin, showing how implementation differences let observers distinguish payjoin transactions from regular ones. Payjoin, a two-party CoinJoin variant, aims to obscure ownership by pooling inputs and outputs. But artifacts like uneven input/output partitions by owner, varying input encoding lengths, and signature quirks betray it.
Sabouri tested three setups: Samourai Wallet, the PDK demo, and Cake Wallet sending to Bull Bitcoin Mobile. Samourai showed mismatched SIGHASH_ALL bytes in inputs—one included, one omitted. PDK had inconsistent input signature encodings. Cake Wallet assigned outputs differently, with the payjoin output larger than expected. Backward links from prior transactions and forward spends from outputs compound the issue, letting chain analysis firms link transactions across chains.
Why this matters: Payjoin boosts privacy without full CoinJoin coordination, vital for everyday Bitcoin use. Fingerprinting undermines it, exposing users to surveillance. Some fixes are simple—standardize encodings—but others stem from design choices, like how wallets handle signatures. Developers must audit now; ignoring this invites deanonymization by firms like Chainalysis, who already flag CoinJoins.
Wallet Backup Metadata Gets a Draft BIP
Pythcoiner proposed BIP 2130 on the Bitcoin-Dev list, a JSON-based format for wallet backup metadata. Stored as a UTF-8 text file, it holds optional fields like descriptors, keys, labels, and PSBTs. Wallets ignore irrelevant fields, enabling cross-wallet compatibility.
Bitcoin wallets today suffer format silos—Electrum uses one, Sparrow another—complicating migrations and recovery. This standard could streamline backups, especially for multisig or descriptor wallets. Imagine exporting from one app, importing to another without data loss. But skepticism applies: optional fields risk bloat, and JSON’s verbosity suits files, not on-chain use.
Implications run deep. Better backups reduce user errors, a top Bitcoin loss vector—estimates peg forgotten seeds at billions in lost coins. It aids institutional adoption, where compliance demands auditable recoveries. Still, no mandate exists; uptake depends on wallet teams. Track the PR at BIPs repository for progress.
Consensus Talks: PQC Challenges HD Wallets
Conduition posted on Delving Bitcoin about compact isogeny-based post-quantum cryptography (PQC) potentially replacing HD wallets, key tweaking, and silent payments. Quantum computers threaten ECDSA; NIST’s PQC standards loom, but Bitcoin lags.
HD wallets derive keys hierarchically from seeds—efficient but quantum-vulnerable via Shor’s algorithm. Key tweaking (e.g., MuSig2) and silent payments rely on it too. Isogenies, pairing-based crypto, offer compact signatures resistant to harvest-now-decrypt-later attacks. Conduition’s research claims viability, but details cut short in sources.
Reality check: Quantum threats are years off—Google’s Sycamore hit 53 qubits, needs millions for Bitcoin. SIKE (isogeny scheme) broke in 2022, shaking the field. Changing consensus demands 95% miner signaling, years of debate. Why care? Proactive PQC hardens Bitcoin against nation-states stockpiling traffic. Dropping HD could simplify code, cut attack surfaces, but breaks compatibility—expect backlash.
Optech #399 also notes routine updates: no major releases highlighted, but watch Bitcoin Core, LND, and Electrum for patches. Infrastructure tweaks include Knots’ OP_RETURN limits and Electrs indexing boosts—minor but cumulative for node operators.
Bottom line: Payjoin flaws demand immediate fixes; backup BIP fills a real gap; PQC stirs long-term debate. Bitcoin privacy and security evolve incrementally—users, pressure wallet devs; node runners, stay vigilant.
