From 9159b40629dd1b8a02b8983783c5c8e766c45133 Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Mon, 19 Jan 2026 19:00:00 -0300
Subject: [PATCH 01/14] bip-draft: spending silent payment outputs with psbts
---
...lent-payments-outputs-with-psbts.mediawiki | 110 ++++++++++++++++++
1 file changed, 110 insertions(+)
create mode 100644 bip-spending-silent-payments-outputs-with-psbts.mediawiki
diff --git a/bip-spending-silent-payments-outputs-with-psbts.mediawiki b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
new file mode 100644
index 0000000000..512d552dbe
--- /dev/null
+++ b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
@@ -0,0 +1,110 @@
+
+ BIP: ?
+ Layer: Applications
+ Title: Spending Silent Payment outputs with PSBTs
+ Authors: nymius
+ Status: Draft
+ Type: Specification
+ Assigned: ?
+ License: BSD-2-Clause
+ Discussion: 2024-05-17: https://delvingbitcoin.org/t/bip352-psbt-support/877/30 [delving bitcoin post] Original discussion
+ 2025-12-05: https://gist.github.com/nymius/b3dd0b8a08c6735d617e6216b73c4260 [gist] First draft
+ 2025-12-15: https://gnusha.org/pi/bitcoindev/R53cG3TeXgXDUUS4kH_q226GlaFCjI0DZVT6mdTQzSQdj3RnNqWA-bFT7uGgGQFJG6938kDGvDJVoFQj8ItEMsJ6NyOjCTvpVEarYiyW6-8=@proton.me/ [bitcoin-dev] [BIP Proposal] Add PSBT_IN_SP_TWEAK field
+ Version: 0.1.0
+ Requires: 352, 375, 371
+
+
+== Introduction ==
+
+=== Abstract ===
+
+This document proposes an additional per input field for BIP 370 PSBTv2 that allows BIP 352 silent payment tweaks to be included in a PSBT of version 2. This field will be relevant to silent payment outputs spending.
+
+=== Motivation ===
+
+BIPs 352 specify silent payments protocol, which provides a new way to create P2TR outputs and spend them.
+
+The existing PSBT fields are unable to support silent payments without changes, due to the new method by which outputs are created.
+
+BIP 375 and complementary BIP 374 specify how to create outputs locked with silent payment keys using PSBTs. But they don't specify how to unlock these outputs in a transaction.[''' Why not including this new field in BIP 375?''' Historically, Silent Payments have been categorized by the perspective of the user of the protocol: receiver or sender. BIP 375 has followed this convention, and its stated on its title: Sending Silent Payments with PSBTs. Given that spending belongs to the sphere of the receiver, and considering this convention, this specification should be a different BIP.]
+
+Therefore a new field must be defined to allow PSBTs to carry the information necessary for tweaking taproot keys without following the BIP 340 tagging scheme.
+
+== Specification ==
+
+We use the following functions and conventions:
+
+* ser32(i): serializes a 32-bit unsigned integer ''i'' as a 4-byte sequence, most significant byte first.
+* ser256(p): serializes the integer p as a 32-byte sequence, most significant byte first.
+* serP(P): serializes the coordinate pair P = (x,y) as a byte sequence using SEC1's compressed form: (0x02 or 0x03) || ser256(x), where the header byte depends on the parity of the omitted Y coordinate.
+* ''hashtag(x)'': refers to ''SHA256(SHA256(tag) || SHA256(tag) || x)''.
+
+=== Fields ===
+
+{| class="wikitable"
+! Name
+!
+!
+! Description
+!
+! Description
+! Versions Requiring Inclusion
+! Versions Requiring Exclusion
+! Versions Allowing Inclusion
+|-
+| Silent Payment Tweak
+| PSBT_IN_SP_TWEAK = 0x1f
+| None
+| No key data
+| <32-byte hash>
+| A 32 byte raw tweak. Finalizers should remove this field after PSBT_IN_FINAL_SCRIPTWITNESS is constructed.
+|
+| 0
+| 2
+|}
+
+Per [https://github.com/bitcoin/bips/blob/master/bip-0352.mediawiki#spending BIP 352 spending] the <32-byte-hash> is ''hashBIP0352/SharedSecret(serP(ecdh_shared_secret) || ser32(k))''
+
+or ''hashBIP0352/SharedSecret(serP(ecdh_shared_secret) || ser32(k)) + hashBIP0352/Label(ser256(bscan) || ser32(m)'',
+
+where ''hashBIP0352/Label(ser256(bscan) || ser32(m))'' is the optional label derived by some integer ''m''.
+
+== Rationale ==
+
+On PSBTs, when spending non silent payment outputs, one can rely on the PSBT_IN_BIP32_DERIVATION or any of the allowed PSBT_IN_TAP_* combinations available to get the right private keys to sign for each input.
+
+To spend silent payment outputs you have to combine the private key with the tweak obtained from the transaction corpus.
+
+Passing the prevouts together with the PSBT to allow the computation of the tweaks, forces more computation on the signer side.
+
+Once a silent payment UTXO is scanned, is easier to store the output together with the tweak that generated it.
+
+To avoid the burden on the signer it would be better to pass this data into the PSBT together with the input spending the silent payment. Currently, there is no field prescribed for this.
+
+The PSBT_IN_BIP32_DERIVATION field cannot be used because its different nature, neither the PSBT_IN_TAP_MERKLE_ROOT field because of the tagged hash used for tweaking.
+
+A change of the hash tag used for silent payments to TapTweak or something compatible with taproot tweaking wouldn't make sense: although the raw tweak can be disguised as the tap tree merkle root for spending, at the moment of verifying change outputs, you need the full tap tree, and there would be none backing this fake merkle root.
+
+The use of proprietary fields is possible but brittle, as one may end up having to perform extra lookups for keys that are not unified across implementations.
+
+Assuming different tweaking schemes available, PSBT_IN_TAP_RAW_TWEAK would be a more general solution. However is unclear how a hardware wallet will determine what the content of the field were in the first more general case. In addition, PSBT fields are usually specified as to the nature of the contents.
+
+== Backward compatibility ==
+
+This is a new field added to the existing PSBT format. Because PSBT is designed to be extensible, old software will ignore the new fields.
+
+== Test vectors ==
+
+'''''TODO'''''
+
+== Reference implementation ==
+
+'''''TODO'''''
+
+== Acknowledgements ==
+
+Thanks to Craig Raw, macgyver, josibake and all others who participated in discussions on this topic.
+
+== References ==
+
+
From fd66836e43bfb1feebc2a26aa8887866b64d5cd8 Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Thu, 29 Jan 2026 16:41:02 -0300
Subject: [PATCH 02/14] bip-draft(bip352/spending/psbt): reference BIP 370 as
dependency for this proposal
---
bip-spending-silent-payments-outputs-with-psbts.mediawiki | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bip-spending-silent-payments-outputs-with-psbts.mediawiki b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
index 512d552dbe..e1486580aa 100644
--- a/bip-spending-silent-payments-outputs-with-psbts.mediawiki
+++ b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
@@ -11,7 +11,7 @@
2025-12-05: https://gist.github.com/nymius/b3dd0b8a08c6735d617e6216b73c4260 [gist] First draft
2025-12-15: https://gnusha.org/pi/bitcoindev/R53cG3TeXgXDUUS4kH_q226GlaFCjI0DZVT6mdTQzSQdj3RnNqWA-bFT7uGgGQFJG6938kDGvDJVoFQj8ItEMsJ6NyOjCTvpVEarYiyW6-8=@proton.me/ [bitcoin-dev] [BIP Proposal] Add PSBT_IN_SP_TWEAK field
Version: 0.1.0
- Requires: 352, 375, 371
+ Requires: 352, 370, 371, 375
== Introduction ==
From 4ac8948f87664e9bd9d26bae75501763d22f9032 Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Thu, 29 Jan 2026 16:42:03 -0300
Subject: [PATCH 03/14] bip-draft(bip352/spending/psbt): fix typo `BIP 340` ->
`BIP 341`
---
bip-spending-silent-payments-outputs-with-psbts.mediawiki | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bip-spending-silent-payments-outputs-with-psbts.mediawiki b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
index e1486580aa..2c7e940ae4 100644
--- a/bip-spending-silent-payments-outputs-with-psbts.mediawiki
+++ b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
@@ -28,7 +28,7 @@ The existing PSBT fields are unable to support silent payments without changes,
BIP 375 and complementary BIP 374 specify how to create outputs locked with silent payment keys using PSBTs. But they don't specify how to unlock these outputs in a transaction.[''' Why not including this new field in BIP 375?''' Historically, Silent Payments have been categorized by the perspective of the user of the protocol: receiver or sender. BIP 375 has followed this convention, and its stated on its title: Sending Silent Payments with PSBTs. Given that spending belongs to the sphere of the receiver, and considering this convention, this specification should be a different BIP.]
-Therefore a new field must be defined to allow PSBTs to carry the information necessary for tweaking taproot keys without following the BIP 340 tagging scheme.
+Therefore a new field must be defined to allow PSBTs to carry the information necessary for tweaking taproot keys without following the BIP 341 tagging scheme.
== Specification ==
From 9b4b2004e0c9cdd592f446913400cd86a349563d Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Thu, 29 Jan 2026 16:42:36 -0300
Subject: [PATCH 04/14] bip-draft(bip352/spending/psbt): fix grammar
---
bip-spending-silent-payments-outputs-with-psbts.mediawiki | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bip-spending-silent-payments-outputs-with-psbts.mediawiki b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
index 2c7e940ae4..fa2a84911a 100644
--- a/bip-spending-silent-payments-outputs-with-psbts.mediawiki
+++ b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
@@ -81,9 +81,9 @@ Once a silent payment UTXO is scanned, is easier to store the output together wi
To avoid the burden on the signer it would be better to pass this data into the PSBT together with the input spending the silent payment. Currently, there is no field prescribed for this.
-The PSBT_IN_BIP32_DERIVATION field cannot be used because its different nature, neither the PSBT_IN_TAP_MERKLE_ROOT field because of the tagged hash used for tweaking.
+The PSBT_IN_BIP32_DERIVATION field cannot be used because of its different nature, neither can the PSBT_IN_TAP_MERKLE_ROOT field because of the tagged hash used for tweaking.
-A change of the hash tag used for silent payments to TapTweak or something compatible with taproot tweaking wouldn't make sense: although the raw tweak can be disguised as the tap tree merkle root for spending, at the moment of verifying change outputs, you need the full tap tree, and there would be none backing this fake merkle root.
+A change of the hash tag used for silent payments to TapTweak or something compatible with taproot tweaking wouldn't make sense: although the raw tweak can be disguised as the script tree merkle root for spending, at the moment of verifying change outputs, you need the full script tree, and there would be none backing this fake merkle root.
The use of proprietary fields is possible but brittle, as one may end up having to perform extra lookups for keys that are not unified across implementations.
From 26c6685c064dd195e9ff620fccc9f591769fbc60 Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Thu, 29 Jan 2026 16:43:24 -0300
Subject: [PATCH 05/14] bip-draft(bip352/spending/psbt): add missing Copyright
section
---
bip-spending-silent-payments-outputs-with-psbts.mediawiki | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/bip-spending-silent-payments-outputs-with-psbts.mediawiki b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
index fa2a84911a..2342cb7ab4 100644
--- a/bip-spending-silent-payments-outputs-with-psbts.mediawiki
+++ b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
@@ -101,6 +101,10 @@ This is a new field added to the existing PSBT format. Because PSBT is designed
'''''TODO'''''
+== Copyright ==
+
+This document is licensed under the 2-clause BSD license.
+
== Acknowledgements ==
Thanks to Craig Raw, macgyver, josibake and all others who participated in discussions on this topic.
From 858275ea6c3c3d21ea3f8f633a5b2edcf675198f Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Thu, 29 Jan 2026 16:44:11 -0300
Subject: [PATCH 06/14] bip-draft(bip352/spending/psbt): add Changelog section
---
bip-spending-silent-payments-outputs-with-psbts.mediawiki | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/bip-spending-silent-payments-outputs-with-psbts.mediawiki b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
index 2342cb7ab4..8d10ff07e7 100644
--- a/bip-spending-silent-payments-outputs-with-psbts.mediawiki
+++ b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
@@ -101,6 +101,11 @@ This is a new field added to the existing PSBT format. Because PSBT is designed
'''''TODO'''''
+== Changelog ==
+
+* 0.1.0 (YYYY-MM-DD '''''TODO'''''):
+** Initial version
+
== Copyright ==
This document is licensed under the 2-clause BSD license.
From d3b7256d5240f3f3d3125872f8943cbae22fce74 Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Thu, 29 Jan 2026 16:44:58 -0300
Subject: [PATCH 07/14] bip-draft(bip352/spending/psbt): add 'Test vectors'
section as subsection of 'Reference implementation'
---
bip-spending-silent-payments-outputs-with-psbts.mediawiki | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bip-spending-silent-payments-outputs-with-psbts.mediawiki b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
index 8d10ff07e7..ed0e700905 100644
--- a/bip-spending-silent-payments-outputs-with-psbts.mediawiki
+++ b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
@@ -93,11 +93,11 @@ Assuming different tweaking schemes available, PSBT_IN_TAP_RAW_TWEAK wo
This is a new field added to the existing PSBT format. Because PSBT is designed to be extensible, old software will ignore the new fields.
-== Test vectors ==
+== Reference implementation ==
'''''TODO'''''
-== Reference implementation ==
+=== Test vectors ===
'''''TODO'''''
From de04a5689303f3b71abbc9e0c74bd4251db143e6 Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Thu, 5 Feb 2026 17:05:24 -0300
Subject: [PATCH 08/14] bip-draft(bip352/spending/psbt): remove BIP 375 from
required BIPs
---
bip-spending-silent-payments-outputs-with-psbts.mediawiki | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bip-spending-silent-payments-outputs-with-psbts.mediawiki b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
index ed0e700905..b49d33859d 100644
--- a/bip-spending-silent-payments-outputs-with-psbts.mediawiki
+++ b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
@@ -11,7 +11,7 @@
2025-12-05: https://gist.github.com/nymius/b3dd0b8a08c6735d617e6216b73c4260 [gist] First draft
2025-12-15: https://gnusha.org/pi/bitcoindev/R53cG3TeXgXDUUS4kH_q226GlaFCjI0DZVT6mdTQzSQdj3RnNqWA-bFT7uGgGQFJG6938kDGvDJVoFQj8ItEMsJ6NyOjCTvpVEarYiyW6-8=@proton.me/ [bitcoin-dev] [BIP Proposal] Add PSBT_IN_SP_TWEAK field
Version: 0.1.0
- Requires: 352, 370, 371, 375
+ Requires: 352, 370, 371
== Introduction ==
From dd626e9a2be523e914e9eda58b158d08ea439252 Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Thu, 5 Feb 2026 17:10:00 -0300
Subject: [PATCH 09/14] bip376: update header with assigned number and date of
assignment
---
bip-spending-silent-payments-outputs-with-psbts.mediawiki | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bip-spending-silent-payments-outputs-with-psbts.mediawiki b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
index b49d33859d..3ae0e6292a 100644
--- a/bip-spending-silent-payments-outputs-with-psbts.mediawiki
+++ b/bip-spending-silent-payments-outputs-with-psbts.mediawiki
@@ -1,11 +1,11 @@
- BIP: ?
+ BIP: 376
Layer: Applications
Title: Spending Silent Payment outputs with PSBTs
Authors: nymius
Status: Draft
Type: Specification
- Assigned: ?
+ Assigned: 2026-02-05
License: BSD-2-Clause
Discussion: 2024-05-17: https://delvingbitcoin.org/t/bip352-psbt-support/877/30 [delving bitcoin post] Original discussion
2025-12-05: https://gist.github.com/nymius/b3dd0b8a08c6735d617e6216b73c4260 [gist] First draft
From 4d17a191d80650b36b9ffb611e0ff9d6405474f6 Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Thu, 5 Feb 2026 17:12:30 -0300
Subject: [PATCH 10/14] bip376: rename draft document
---
...nt-payments-outputs-with-psbts.mediawiki => bip-0376.mediawiki | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename bip-spending-silent-payments-outputs-with-psbts.mediawiki => bip-0376.mediawiki (100%)
diff --git a/bip-spending-silent-payments-outputs-with-psbts.mediawiki b/bip-0376.mediawiki
similarity index 100%
rename from bip-spending-silent-payments-outputs-with-psbts.mediawiki
rename to bip-0376.mediawiki
From aa4c4edc460e4a7b31e7665f4dd323f8662a8b91 Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Thu, 5 Feb 2026 17:14:44 -0300
Subject: [PATCH 11/14] bip376: add reference in README's BIP table
---
README.mediawiki | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/README.mediawiki b/README.mediawiki
index ed4e1dd24a..510391e9a7 100644
--- a/README.mediawiki
+++ b/README.mediawiki
@@ -1262,6 +1262,13 @@ users (see also: [https://en.bitcoin.it/wiki/Economic_majority economic majority
| Specification
| Draft
|-
+| [[bip-0376.mediawiki|376]]
+| Applications
+| Spending Silent Payment outputs with PSBTs
+| nymius
+| Specification
+| Draft
+|-
| [[bip-0379.md|379]]
| Applications
| Miniscript
From 03e925c22f595b58fce3ba7e007227b4c59ed90d Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Tue, 10 Feb 2026 16:31:21 -0300
Subject: [PATCH 12/14] bip376: remove paragraph proposing changes to BIP 352
After considering how to explain the difficulty of making BIP 341 and
BIP 352 compatible to avoid the addition of this field, I decided to
remove the paragraph completely, because at the end, the discussion if
BIP 352 could have been made differently to be compatible with BIP 341
tag hashes and reuse BIP 371 fields, belongs to BIP 352 and not here.
This BIP should consider BIP 352 as it is. Changes to BIP 352 belong to
a different BIP proposal.
---
bip-0376.mediawiki | 2 --
1 file changed, 2 deletions(-)
diff --git a/bip-0376.mediawiki b/bip-0376.mediawiki
index 3ae0e6292a..2cf5dace67 100644
--- a/bip-0376.mediawiki
+++ b/bip-0376.mediawiki
@@ -83,8 +83,6 @@ To avoid the burden on the signer it would be better to pass this data into the
The PSBT_IN_BIP32_DERIVATION field cannot be used because of its different nature, neither can the PSBT_IN_TAP_MERKLE_ROOT field because of the tagged hash used for tweaking.
-A change of the hash tag used for silent payments to TapTweak or something compatible with taproot tweaking wouldn't make sense: although the raw tweak can be disguised as the script tree merkle root for spending, at the moment of verifying change outputs, you need the full script tree, and there would be none backing this fake merkle root.
-
The use of proprietary fields is possible but brittle, as one may end up having to perform extra lookups for keys that are not unified across implementations.
Assuming different tweaking schemes available, PSBT_IN_TAP_RAW_TWEAK would be a more general solution. However is unclear how a hardware wallet will determine what the content of the field were in the first more general case. In addition, PSBT fields are usually specified as to the nature of the contents.
From 4bc76226f5ee5bc95498fbda2852970b0e69928f Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Tue, 10 Feb 2026 18:20:11 -0300
Subject: [PATCH 13/14] bip376: add PSBT_IN_SP_SPEND_BIP32_DERIVATION field
---
bip-0376.mediawiki | 28 ++++++++++++++++++++--------
1 file changed, 20 insertions(+), 8 deletions(-)
diff --git a/bip-0376.mediawiki b/bip-0376.mediawiki
index 2cf5dace67..29ec3fd95f 100644
--- a/bip-0376.mediawiki
+++ b/bip-0376.mediawiki
@@ -18,17 +18,17 @@
=== Abstract ===
-This document proposes an additional per input field for BIP 370 PSBTv2 that allows BIP 352 silent payment tweaks to be included in a PSBT of version 2. This field will be relevant to silent payment outputs spending.
+This document proposes additional per input fields for BIP 370 PSBTv2 that allows BIP 352 silent payment tweaks to be included in a PSBT of version 2. These fields will be relevant to Silent Payment outputs spending.
=== Motivation ===
-BIPs 352 specify silent payments protocol, which provides a new way to create P2TR outputs and spend them.
+BIP 352 specify the silent payments protocol, which provides a new way to create P2TR outputs and spend them.
The existing PSBT fields are unable to support silent payments without changes, due to the new method by which outputs are created.
BIP 375 and complementary BIP 374 specify how to create outputs locked with silent payment keys using PSBTs. But they don't specify how to unlock these outputs in a transaction.[''' Why not including this new field in BIP 375?''' Historically, Silent Payments have been categorized by the perspective of the user of the protocol: receiver or sender. BIP 375 has followed this convention, and its stated on its title: Sending Silent Payments with PSBTs. Given that spending belongs to the sphere of the receiver, and considering this convention, this specification should be a different BIP.]
-Therefore a new field must be defined to allow PSBTs to carry the information necessary for tweaking taproot keys without following the BIP 341 tagging scheme.
+Therefore new fields must be defined to allow PSBTs to carry the information necessary for tweaking taproot keys without following the BIP 341 tagging scheme.
== Specification ==
@@ -52,8 +52,18 @@ We use the following functions and conventions:
! Versions Requiring Exclusion
! Versions Allowing Inclusion
|-
+| Silent Payment Spend Key BIP 32 Derivation Path[''' Why only considering BIP 32 for spend key generation?''' Although alternative key derivation methods exist (e.g., FROST) and have devised mechanisms to interact with PSBTs without modifying the format, the vast majority of hardware wallets are architected around BIP 32 derivation schemes. As primary consumers of the PSBT format, these devices have significantly influenced its design. Consequently, this BIP avoids preemptively enforcing a shift away from the established BIP 32 paradigm.]
+| PSBT_IN_SP_SPEND_BIP32_DERIVATION = 0x1f
+| <33-byte spend key>
+| The 33-byte spend public key locking this input.
+| <4-byte fingerprint> <32-bit little endian uint path element>*
+| The master key fingerprint as defined by BIP 32 concatenated with the derivation path of the spend public key. The derivation path is represented as indexed 32-bit unsigned integers concatenated with each other. Finalizers should remove this field after PSBT_IN_FINAL_SCRIPTWITNESS is constructed.
+|
+| 0
+| 2
+|-
| Silent Payment Tweak
-| PSBT_IN_SP_TWEAK = 0x1f
+| PSBT_IN_SP_TWEAK = 0x20
| None
| No key data
| <32-byte hash>
@@ -81,15 +91,17 @@ Once a silent payment UTXO is scanned, is easier to store the output together wi
To avoid the burden on the signer it would be better to pass this data into the PSBT together with the input spending the silent payment. Currently, there is no field prescribed for this.
-The PSBT_IN_BIP32_DERIVATION field cannot be used because of its different nature, neither can the PSBT_IN_TAP_MERKLE_ROOT field because of the tagged hash used for tweaking.
-
The use of proprietary fields is possible but brittle, as one may end up having to perform extra lookups for keys that are not unified across implementations.
-Assuming different tweaking schemes available, PSBT_IN_TAP_RAW_TWEAK would be a more general solution. However is unclear how a hardware wallet will determine what the content of the field were in the first more general case. In addition, PSBT fields are usually specified as to the nature of the contents.
+For the Silent Payment spending tweak, the PSBT_IN_BIP32_DERIVATION field cannot be used because of its different nature, neither can the PSBT_IN_TAP_MERKLE_ROOT field because of the tagged hash used for tweaking.
+
+Assuming different tweaking schemes available, PSBT_IN_TAP_RAW_TWEAK would be a more general solution, but PSBT fields are usually specified as to the nature of the contents, and is unclear how a hardware wallet will determine what the content of the field were in the first more general case.
+
+The inclusion of the tweak in the PSBT is insufficient in isolation; it must be accompanied by the information required to derive the correct private key. Silent Payment spend public key cannot utilize PSBT_IN_TAP_BIP32_DERIVATION because BIP 352 specifies 33-byte spend keys, which do not fit within this keydata field. Furthermore, reliance on PSBT_IN_BIP32_DERIVATION is precluded because BIP 352 spending rules follow BIP 341, which mandates the use of Schnorr signatures.
== Backward compatibility ==
-This is a new field added to the existing PSBT format. Because PSBT is designed to be extensible, old software will ignore the new fields.
+These are new fields added to the existing PSBT format. Because PSBT is designed to be extensible, old software will ignore the new fields.
== Reference implementation ==
From 2a3ca6aa279f91db9affcf0412149c4704a7ee8b Mon Sep 17 00:00:00 2001
From: nymius <155548262+nymius@users.noreply.github.com>
Date: Wed, 11 Feb 2026 13:04:26 -0300
Subject: [PATCH 14/14] bip376: unify Silent Payment protocol mentions in
document
---
bip-0376.mediawiki | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/bip-0376.mediawiki b/bip-0376.mediawiki
index 29ec3fd95f..37e1557c16 100644
--- a/bip-0376.mediawiki
+++ b/bip-0376.mediawiki
@@ -18,15 +18,15 @@
=== Abstract ===
-This document proposes additional per input fields for BIP 370 PSBTv2 that allows BIP 352 silent payment tweaks to be included in a PSBT of version 2. These fields will be relevant to Silent Payment outputs spending.
+This document proposes additional per input fields for BIP 370 PSBTv2 that allows BIP 352 Silent Payment tweaks to be included in a PSBT of version 2. These fields will be relevant to Silent Payment outputs spending.
=== Motivation ===
-BIP 352 specify the silent payments protocol, which provides a new way to create P2TR outputs and spend them.
+BIP 352 specify the Silent Payment protocol, which provides a new way to create P2TR outputs and spend them.
-The existing PSBT fields are unable to support silent payments without changes, due to the new method by which outputs are created.
+The existing PSBT fields are unable to support Silent Payment without changes, due to the new method by which outputs are created.
-BIP 375 and complementary BIP 374 specify how to create outputs locked with silent payment keys using PSBTs. But they don't specify how to unlock these outputs in a transaction.[''' Why not including this new field in BIP 375?''' Historically, Silent Payments have been categorized by the perspective of the user of the protocol: receiver or sender. BIP 375 has followed this convention, and its stated on its title: Sending Silent Payments with PSBTs. Given that spending belongs to the sphere of the receiver, and considering this convention, this specification should be a different BIP.]
+BIP 375 and complementary BIP 374 specify how to create outputs locked with Silent Payment keys using PSBTs. But they don't specify how to unlock these outputs in a transaction.[''' Why not including this new field in BIP 375?''' Historically, Silent Payment has been categorized by the perspective of the user of the protocol: receiver or sender. BIP 375 has followed this convention, and its stated on its title: Sending Silent Payments with PSBTs. Given that spending belongs to the sphere of the receiver, and considering this convention, this specification should be a different BIP.]
Therefore new fields must be defined to allow PSBTs to carry the information necessary for tweaking taproot keys without following the BIP 341 tagging scheme.
@@ -81,15 +81,15 @@ where ''hashBIP0352/Label(ser256(bscan) || ser<
== Rationale ==
-On PSBTs, when spending non silent payment outputs, one can rely on the PSBT_IN_BIP32_DERIVATION or any of the allowed PSBT_IN_TAP_* combinations available to get the right private keys to sign for each input.
+On PSBTs, when spending non Silent Payment outputs, one can rely on the PSBT_IN_BIP32_DERIVATION or any of the allowed PSBT_IN_TAP_* combinations available to get the right private keys to sign for each input.
-To spend silent payment outputs you have to combine the private key with the tweak obtained from the transaction corpus.
+To spend Silent Payment outputs you have to combine the private key with the tweak obtained from the transaction corpus.
Passing the prevouts together with the PSBT to allow the computation of the tweaks, forces more computation on the signer side.
-Once a silent payment UTXO is scanned, is easier to store the output together with the tweak that generated it.
+Once a Silent Payment UTXO is scanned, is easier to store the output together with the tweak that generated it.
-To avoid the burden on the signer it would be better to pass this data into the PSBT together with the input spending the silent payment. Currently, there is no field prescribed for this.
+To avoid the burden on the signer it would be better to pass this data into the PSBT together with the input spending the Silent Payment output. Currently, there is no field prescribed for this.
The use of proprietary fields is possible but brittle, as one may end up having to perform extra lookups for keys that are not unified across implementations.