 How do BIP 47 reusable payment codes work? Now we go to the completely other ends of technical questions. This is not an easy one to explain. BIP 47 reusable payment codes are basically the technology behind what is known as PANIMS, or private anonymous channels. What PANIMS and private anonymous channels with BIP 47 allow you to do is receive a payment from someone... where essentially the sender and recipient's address are encrypted in such a way that nobody knows who they are sending to. An anonymous payment is essentially sent from one person to another. The way it works is very complex to explain, but basically what it is, is this. Alice and Bob want to pay each other using this kind of anonymized payment channel, or payment code. Bob sets up what's called a PANIM. What this PANIM is effectively is a hierarchical deterministic wallet in which Bob publishes a digital blob... that is a public key and chain code under a pseudonym. Let's say Bob calls himself Satoshi Nakamoto and publishes a PANIM for Satoshi Nakamoto, which has within it a public key. Bob is monitoring output transactions to that public key. Now, Alice could just pay that public key. The problem is then that everybody who knows which PANIM belongs to Bob would be able to see all of those payments... and at that point track all the payments to Bob, and that's a problem. If there is no secure mechanism for Bob to get information out about other addresses they want to get paid on, this is a problem. How do payment codes work around this? Alice constructs a special transaction that sends to one of Bob's addresses, which is called a watching address, sends what's called a notification message. This is not a payment, instead it's an up-return output. It's a data output that contains 80 bytes. What these 80 bytes are, are the basis for an elliptic curve Diffie-Hellman key exchange. This is the part that's really difficult to explain, which is what Diffie-Hellman key exchange is. Diffie-Hellman key exchange, a technique invented in the 70s, allows two parties to construct a secret key... based on their knowledge of each other's public keys, in such a way that no one can intercept that secret key... and the two parties can use it to communicate with each other. This is what's actually used for VPNs. When you do a VPN, what you use is the public key of the VPN provider and your public key... to set up a secret key that's used in that particular VPN channel for that period of time as you use it. Alice uses Bob's public key that's embedded in the Paynim, the identity payment code, and constructs a secret key. That secret key is then used for both Bob and Alice to generate temporary Bitcoin addresses... that they can make payments to each other back and forth, so that no one can know which Bitcoin addresses these will be without having access to the shared secret between Alice and Bob. Once Alice and Bob have exchanged this shared secret through posting these notification transactions, they can now exchange up to four billion payments between each other that appear to be going to... seemingly random Bitcoin addresses that each of the two of them can generate for each other... without anybody being able to associate them back to the original Paynim. What you have essentially is a single public address, which is the Paynim, the pseudonym public key... that Bob publishes for Alice to pay. That's the only thing that's public, and the only thing that can do is be used to establish the secret payment channels... that then allow Alice and Bob to exchange payments with each other in a way that's invisible to the rest of the blockchain... and can't be associated to the rest of the blockchain. If you were to watch Bob's address, you would be able to see Alice's notification, but you wouldn't be able to decrypt the blob, because that's encrypted to Bob's public key. You wouldn't be able to see the response that Bob sends back, because that's also going to be encrypted. Once they have a common secret, they'd be able to send on completely different Bitcoin addresses... payments that you would never be able to associate back to the Paynim. So, a very public identifier, hey, it's me, pay me here, followed by a series of very private transactions... where they're not associated at all with that public identifier. So, what do reusable payment codes solve? They solve a situation that, in order to be paid by people out there, if I wanted to get paid by people, I would have to post an address. In fact, I already do that. I have an address on my website, one Andreas, three BAT, etc., which people can send donations to and give me gifts. The problem is that everyone can see all of the gifts going to that. So, if I make a public address available, then I also make all of the payments that public address available. I can't do a public address with private transactions, except I can with reusable payment codes. I would be able to post a very public ID that everyone can send payments to, but none of the payments are visible to anybody else. Because all of the payments are sent based on these privately negotiated, elliptic-curved Diffie-Hellman key exchanges that happen using the Paynim. I hope that was a good explanation. It's a very difficult topic to explain. If you look at the BIP 47, the BIP, the Bitcoin Improvement Proposal, it has some very useful charts and diagrams... that show the time progression of the notification payments and subsequent payments, and which addresses Alice and Bob are watching... in order to establish this series of secret Bitcoin addresses between them.