Your solution in the second part of the email does not solve the problem
you indicated in the first part of your email.

On Sun, Oct 21, 2018, 23:41 Ryan Havar via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Right now it's just *way* too easy to spot the boundaries between
> different wallets. There's a lot of things that contribute to that, but the
> one that concerns me the most is the way wallets sort transaction inputs
> and outputs.
>
> Some wallets and protocols (especially HW wallets) have a strong
> preference for deterministic sorting (i.e. using bip69), while other
> wallets have a lot of objections to this.
>
> I'm not sure I fully understand the objections, but I think they can be
> summarized as "during the transition period there will be a lot of privacy
> loss" and "if in the future someone wants to use bitcoin in a way that's
> not compatible with bip69 their transactions will stick out heavily".
>
> I wonder if this impasse could be solved with deterministic sorting, but
> based on a semi-secret.  Like  `sortingSecret = hmac(walletSeed,
> "sortingSecret")` and then there's a standardized sort order based on the
> sortingSecret. e.g. sort inputs/output by the  `hash(data ||
> sortingSecret)`.   Wallets could come up with their own way of computing
> (or storing) the "sortingSecret" but from there it's standardized.
>
> I has the advantages of deterministic sorting (as long as you know the
> sortingSecret) you can verify it's done correctly and externally looks
> totally randomized.
>
> Am I missing something, or could this be the way forward?
>
> -Ryan
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>