From: rhavar@protonmail•com
To: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: [bitcoin-dev] Transaction Input/Output Sorting
Date: Sun, 21 Oct 2018 19:00:59 +0000 [thread overview]
Message-ID: <sKbqoBddMV_gqKR8AIje8pbaF9FMc0gy636OOtI5jqszGH6lRrLtDtd_bQBB_d01vexaI17N4k_Zss8aeDOOsE51VDeQ7RGC2cxv1nnc--0=@protonmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1339 bytes --]
Right now it's just *way* too easy to spot the boundaries between different wallets. There's a lot of things that contribute to that, but the one that concerns me the most is the way wallets sort transaction inputs and outputs.
Some wallets and protocols (especially HW wallets) have a strong preference for deterministic sorting (i.e. using bip69), while other wallets have a lot of objections to this.
I'm not sure I fully understand the objections, but I think they can be summarized as "during the transition period there will be a lot of privacy loss" and "if in the future someone wants to use bitcoin in a way that's not compatible with bip69 their transactions will stick out heavily".
I wonder if this impasse could be solved with deterministic sorting, but based on a semi-secret. Like `sortingSecret = hmac(walletSeed, "sortingSecret")` and then there's a standardized sort order based on the sortingSecret. e.g. sort inputs/output by the `hash(data || sortingSecret)`. Wallets could come up with their own way of computing (or storing) the "sortingSecret" but from there it's standardized.
I has the advantages of deterministic sorting (as long as you know the sortingSecret) you can verify it's done correctly and externally looks totally randomized.
Am I missing something, or could this be the way forward?
-Ryan
[-- Attachment #2: Type: text/html, Size: 2709 bytes --]
next reply other threads:[~2018-10-21 19:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-21 19:00 rhavar [this message]
2018-10-21 21:54 ` Pavol Rusnak
2018-10-22 1:54 ` rhavar
2018-10-23 14:29 ` Chris Belcher
2018-10-24 16:12 ` Gregory Maxwell
2018-10-24 17:52 ` rhavar
2018-10-24 18:21 ` rhavar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='sKbqoBddMV_gqKR8AIje8pbaF9FMc0gy636OOtI5jqszGH6lRrLtDtd_bQBB_d01vexaI17N4k_Zss8aeDOOsE51VDeQ7RGC2cxv1nnc--0=@protonmail.com' \
--to=rhavar@protonmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox