You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: bip-0078.mediawiki
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,7 +52,6 @@ Another implementation proposal has been written: [[https://github.com/bitcoin/b
52
52
53
53
We decided to deviate from it for several reasons:
54
54
* It was not using PSBT, so if the receiver wanted to bump the fee, they would need the full UTXO set.
55
-
* The receiver was responsible to pay the additional fee, not the sender.
56
55
* Inability to change the payment output to match scriptPubKey type.
57
56
* Lack of basic versioning negotiation if the protocol evolves.
58
57
* No standardization of error condition for proper feedback to the sender.
@@ -232,7 +231,9 @@ The receiver needs to do some check on the original PSBT before proceeding:
232
231
* Non-interactive receivers (like a payment processor) need to check that the original PSBT is broadcastable. <code>*</code>
233
232
* If the sender included inputs in the original PSBT owned by the receiver, the receiver must either return error <code>original-psbt-rejected</code> or make sure they do not sign those inputs in the payjoin proposal.
234
233
* If the sender's inputs are all from the same scriptPubKey type, the receiver must match the same type. If the receiver can't match the type, they must return error <code>unavailable</code>.
235
-
* Make sure that the inputs included in the original transaction has never been seen before. (Prevent [[#probing-attack|probing attacks]].)
234
+
* Make sure that the inputs included in the original transaction have never been seen before.
235
+
** This prevent [[#probing-attack|probing attacks]].
236
+
** This prevent reentrant payjoin, where a sender attempts to use payjoin transaction as a new original transaction for a new payjoin.
236
237
237
238
<code>*</code>: Interactive receivers are not required to validate the original PSBT because they are not exposed to [[#probing-attack|probing attacks]].
238
239
@@ -377,7 +378,7 @@ The sender's software wallet can verify that the payjoin proposal is legitimate
377
378
378
379
However, a hardware wallet can't verify that this is indeed the case. This means that the security guarantee of the hardware wallet is decreased. If the sender's software is compromised, the hardware wallet would sign two valid transactions, thus sending two payments.
379
380
380
-
Without payjoin, the maximum amount of money that could be lost by a compromised software is equal to one payment (via address substitution).
381
+
Without payjoin, the maximum amount of money that could be lost by a compromised software is equal to one payment (via [[#output-substitution|payment output substitution]]).
381
382
382
383
With payjoin, the maximum amount of money that can be lost is equal to two payments.
0 commit comments