> On Thu, Jan 08, 2015 at 05:11:53AM +0100, Amir Taaki wrote:
>> This increases the number of client side computations, which reduces the
>> anonymity. It is trivial for the server to store this data and halves
>> the computation workload for the client, thereby increasing the
>> acceptable working dataset & improving anonymity for the client.

On 01/07/2015 11:25 PM, Peter Todd wrote:
> Good point.
>
> However, what about changing the stealth standard itself to not have the
> sign byte in the OP_RETURN? I believe we've discussed this, along with
> getting rid of that version byte. We're still at the point where we can
> change things.

Yes, it was discussed to drop the version byte and the "first byte of
the ephemeral key" (sign) in the OP_RETURN. And to order it as:

RETURN <P:32> <id:5> <nonce:0..2>

with the payment id encrypted using the shared secret, and preserving
the option to increase the nonce length if OP_RETURN is expanded.

Seems like this would resolve the questions above.

e