Overview
Silent Payments (defined in BIP352) represent a significant advancement in Bitcoin privacy. They allow a recipient to publish a single static address (similar to an email address) while every sender automatically generates a unique on-chain address for each payment. This eliminates the need for address reuse without requiring any back-and-forth communication between parties.
How It Works
The sender combines the recipient's static public key with their own transaction inputs using Elliptic Curve Diffie-Hellman (ECDH) to derive a unique, one-time output address.
Sender's Input Keys + Recipient's Static Key
|
ECDH Shared Secret
|
Unique One-Time Address
|
On-chain Output (unlinkable)
The recipient scans the blockchain by performing the same ECDH computation with each transaction's input keys and their own static private key. If a match is found, they can spend the output.
Privacy Benefits
Unlike traditional address sharing, Silent Payments ensure that:
- No two payments to the same recipient produce the same on-chain address
- An outside observer cannot link payments to the same recipient
- The recipient does not need to run an interactive server or be online to receive payments
This directly improves fungibility by making chain analysis significantly harder.
Trade-offs and Considerations
The primary cost of Silent Payments is that the recipient must scan every transaction on the blockchain to detect payments, which is computationally more expensive than monitoring a fixed set of addresses. Light clients and SPV nodes face additional challenges, though indexing optimizations are being developed to mitigate this burden.
Common Misconceptions
- Silent Payments are not the same as stealth addresses from other cryptocurrencies, though they share conceptual similarities. BIP352 is specifically designed for Bitcoin's UTXO model.
- The static address is not an on-chain address — it is a protocol-level identifier used to derive actual on-chain addresses.