Re: [bitcoin-dev] RFC for BIP: Derivation scheme for P2WPKH-nested-in-P2SH based accounts

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Pieter Wuille <pieter.wuille@gmail•com>
To: Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>,
	 Daniel Weigl <Daniel.Weigl@mycelium•com>
Subject: Re: [bitcoin-dev] RFC for BIP: Derivation scheme for P2WPKH-nested-in-P2SH based accounts
Date: Wed, 15 Jun 2016 13:00:42 +0200	[thread overview]
Message-ID: <CAPg+sBj_9A8gmqRhs3Yg1+rVubdPLMxUhbcrGovF22RgCfVbrw@mail.gmail.com> (raw)
In-Reply-To: <576133A7.6070004@mycelium.com>

[-- Attachment #1: Type: text/plain, Size: 1120 bytes --]

On Jun 15, 2016 12:53, "Daniel Weigl via bitcoin-dev" <
bitcoin-dev@lists•linuxfoundation.org> wrote:
>
> That would be a big privacy leak, imo. As soon as both outputs are spent,
its visible
> which one was the P2WPKH-in-P2SH and which one the pure P2WPKH and as a
consequence
> you leak which output was the change and which one the actual sent output
>
> So, i'd suggest to even make it a requirement for "normal"
send-to-single-address transactions
> to always use the same output type for the change output (if the wallet
is able to recognize it)

Indeed, and you can go even further. When there are multiple "sending"
outputs, pick one at random, and mimic it for the change output. This means
that if you have a P2PKH and 3 P2SH sends, you'll have 25% chance for a
P2PKH change output, and 75% chance for a P2SH output.

You can go even further of course, if you want privacy that remains after
those sends get spent. In that case, you also need to match the template of
the redeemscript/witnessscript. For example, if the send you are mimicking
is a 2-of-3, the change output should also use 2-of-3.

-- 
Pieter

[-- Attachment #2: Type: text/html, Size: 1364 bytes --]

next prev parent reply	other threads:[~2016-06-15 11:00 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-14 15:41 Daniel Weigl
2016-06-15 10:26 ` Jochen Hoenicke
2016-06-15 10:53   ` Daniel Weigl
2016-06-15 11:00     ` Pieter Wuille [this message]
2016-06-15 17:08       ` Russell O'Connor
2016-06-18  6:07 ` Aaron Voisine
2016-09-07  9:42 ` [bitcoin-dev] [cont'd] " Daniel Weigl

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAPg+sBj_9A8gmqRhs3Yg1+rVubdPLMxUhbcrGovF22RgCfVbrw@mail.gmail.com \
    --to=pieter.wuille@gmail$(echo .)com \
    --cc=Daniel.Weigl@mycelium$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox