Re: [bitcoindev] OP_KEEPCHANGE - mitigating dust outputs

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Pieter Wuille <bitcoin-dev@wuille•net>
To: James Ferguson <jamesfergusonch@gmail•com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] OP_KEEPCHANGE - mitigating dust outputs
Date: Thu, 26 Sep 2024 01:22:54 +0000	[thread overview]
Message-ID: <4_re7EWb0zy-E_Yk472AGf4WwgwxO9XCC1Y2RqYGlCV7FXpbq1ifIe-DL93-y5erlsAO_G-27SzLcFhGq9kDs8KNE0u2GSC24cFV-rJ5X10=@wuille.net> (raw)
In-Reply-To: <83296012-d713-482a-ad7a-3fd9bf7cded9n@googlegroups.com>

[-- Attachment #1: Type: text/plain, Size: 4043 bytes --]

Hi James,

I believe you're imagining that Bitcoin works very differently from how it actually does. Comments below inline.

On Wednesday, September 25th, 2024 at 8:44 PM, James Ferguson <jamesfergusonch@gmail•com> wrote:

> Introduction of provisionally named "OP_KEEPCHANGE" allows small residual UTXO (change) to be automatically credited to the primary recipient’s address.

Bitcoin doesn't have a concept of address balances at the protocol level, or even addresses at all, let alone a "primary recipient address". Balances you see in wallets and blockchain explorers simply report the sum of the values of UTXOs under control of a given address, but this is a local interpretation made by that software; the protocol itself does not know or care about these things.

The way to "credit an address" in Bitcoin is literally to create a UTXO locked with (the script corresponding to) the address in question, so barring an extremely invasive overhaul of how the entire protocol works, there isn't actually any UTXO set size benefit to this proposal - change UTXOs would still need to be created. In addition, if your proposal requires revealing what the recipient of a payment is (as "crediting primary recipient" implies), it would necessarily also undo the primary privacy benefit of having a UTXO model in the first place: today, one cannot generally tell which output of a transaction is the payee, and this is by design.

Of course, a hypothetical proposal could change anything about Bitcoin's design if it were to have enough support. If the Bitcoin ecosystem really wanted an address balance model, nothing prevents the introduction of that. In that case, there is no point to have UTXOs, or change, at all. Just make transaction deduct some address balances, and credit some others directly. This removes many of the issues you seem to want to address much more directly (including coin selection, dust accumulation, UTXO set growth to some extent, and many more, while adding other complications in other places, of course). However, it would also massively hurt privacy, as there would be an on-chain cost to creating new addresses/balances, incentivizing keeping one's funds in just one. The current UTXO model does not care about the distinction between payments and change and this is very much desirable: sending your change to a new change address with pristine history costs exactly the same as sending it back to the address the spend coins were assigned to.

> b) Enhanced Privacy: .
> This provides a slight improvement in transaction privacy by obfuscating the typical patterns used to identify change outputs.

But it does so at the cost of incentivizing not transitioning to a new address on every transaction, a huge privacy leak.

> - When used in a transaction, `OP_KEEPCHANGE` signals that any excess change be added to the primary output instead of generating a separate change output.

Change does not exist at the protocol level. It is just an output like any normal payment output, and indistinguishable from it. The protocol also has no knowledge of excess - that is a concept purely local to the sender wallet. It chooses to add an output back to itself, to balance the amounts in the inputs with the amounts in the outputs (minus fee). At the very least your proposal would require a way to signal how much to send back, and to where (remember that multiple parties can cooperate to jointly construct a single transaction!). At this point you're not far off from just having another output...

Cheers,

--
Pieter

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/4_re7EWb0zy-E_Yk472AGf4WwgwxO9XCC1Y2RqYGlCV7FXpbq1ifIe-DL93-y5erlsAO_G-27SzLcFhGq9kDs8KNE0u2GSC24cFV-rJ5X10%3D%40wuille.net.

[-- Attachment #2: Type: text/html, Size: 8066 bytes --]

next prev parent reply	other threads:[~2024-09-26  1:30 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-26  0:44 James Ferguson
2024-09-26  1:22 ` Pieter Wuille [this message]
2024-09-26  9:05   ` James Ferguson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='4_re7EWb0zy-E_Yk472AGf4WwgwxO9XCC1Y2RqYGlCV7FXpbq1ifIe-DL93-y5erlsAO_G-27SzLcFhGq9kDs8KNE0u2GSC24cFV-rJ5X10=@wuille.net' \
    --to=bitcoin-dev@wuille$(echo .)net \
    --cc=bitcoindev@googlegroups.com \
    --cc=jamesfergusonch@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox