Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.220.48 as permitted sender)
	client-ip=209.85.220.48; envelope-from=danny.thorpe@gmail.com;
	helo=mail-pa0-f48.google.com; 
MIME-Version: 1.0
In-Reply-To: <87k2vhfnx9.fsf@rustcorp.com.au>
References: <87k2vhfnx9.fsf@rustcorp.com.au>
Date: Mon, 8 Jun 2015 14:25:40 -0700
Message-ID: <CAJN5wHVSK-oW+zVZmEMfyFkd+GUHRhFHEjEmKrdvqas3LzY0zw@mail.gmail.com>
From: Danny Thorpe <danny.thorpe@gmail.com>
To: Rusty Russell <rusty@rustcorp.com.au>
Content-Type: multipart/alternative; boundary=001a113838a895ba6705180848f4
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] [RFC] Canonical input and output ordering
 in transactions
Precedence: list

--001a113838a895ba6705180848f4
Content-Type: text/plain; charset=UTF-8

FWIW, The Open Assets colored coin protocol (CoinPrism) places special
significance on the zeroth input and the position of the OP_RETURN colored
coin marker output to distinguish colored coin issuance outputs from
transfer outputs. Reordering the inputs or the outputs breaks the colored
coin representation.

Recommending sorting of the inputs and outputs as a best practice is fine
(and better than random, IMO), but not as part of IsStandard() or consensus
rules.  There are cases where the order of the inputs and outputs is
significant.

-Danny

On Fri, Jun 5, 2015 at 9:42 PM, Rusty Russell <rusty@rustcorp.com.au> wrote:

> Title: Canonical Input and Output Ordering
> Author: Rusty Russell <rusty@rustcorp.com.au>
> Discussions-To: "Bitcoin Dev" <bitcoin-development@lists.sourceforge.net>
> Status: Draft
> Type: Standards Track
> Created: 2015-06-06
>
> Abstract
>
> This BIP provides a canonical ordering of inputs and outputs when
> creating transactions.
>
> Motivation
>
> Most bitcoin wallet implementations randomize the outputs of
> transactions they create to avoid trivial linkage analysis (especially
> change outputs), however implementations have made mistakes in this area
> in the past.
>
> Using a canonical ordering has the same effect, but is simpler, more
> obvious if incorrect, and can eventually be enforced by IsStandard() and
> even a soft-fork to enforce it.
>
> Specification
>
> Inputs should be ordered like so:
>         index (lower value first)
>         txid (little endian order, lower byte first)
>
> Outputs should be ordered like so:
>         amount (lower value first)
>         script (starting from first byte, lower byte first, shorter wins)
>
> Rationale
>
> Any single wallet is already free to implement this, but if other
> wallets do not it would reduce privacy by making those transactions
> stand out.  Thus a BIP is appropriate, especially if this were to
> become an IsStandard() rule once widely adopted.
>
> Because integers are fast to compare, they're sorted first, before the
> lexographical ordering.
>
> The other input fields do not influence the sort order, as any valid
> transactions cannot have two inputs with the same index and txid.
>
> Reference Implementation
>
> https://github.com/rustyrussell/bitcoin/tree/bip-in-out-ordering
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

--001a113838a895ba6705180848f4
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">FWIW, The Open Assets colored coin protocol (CoinPrism) pl=
aces special significance on the zeroth input and the position of the OP_RE=
TURN colored coin marker output to distinguish colored coin issuance output=
s from transfer outputs. Reordering the inputs or the outputs breaks the co=
lored coin representation.<div><br></div><div>Recommending sorting of the i=
nputs and outputs as a best practice is fine (and better than random, IMO),=
 but not as part of IsStandard() or consensus rules.=C2=A0 There are cases =
where the order of the inputs and outputs is significant.</div><div><br></d=
iv><div>-Danny</div></div><div class=3D"gmail_extra"><br><div class=3D"gmai=
l_quote">On Fri, Jun 5, 2015 at 9:42 PM, Rusty Russell <span dir=3D"ltr">&l=
t;<a href=3D"mailto:rusty@rustcorp.com.au" target=3D"_blank">rusty@rustcorp=
.com.au</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D=
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Title: Cano=
nical Input and Output Ordering<br>
Author: Rusty Russell &lt;<a href=3D"mailto:rusty@rustcorp.com.au">rusty@ru=
stcorp.com.au</a>&gt;<br>
Discussions-To: &quot;Bitcoin Dev&quot; &lt;<a href=3D"mailto:bitcoin-devel=
opment@lists.sourceforge.net">bitcoin-development@lists.sourceforge.net</a>=
&gt;<br>
Status: Draft<br>
Type: Standards Track<br>
Created: 2015-06-06<br>
<br>
Abstract<br>
<br>
This BIP provides a canonical ordering of inputs and outputs when<br>
creating transactions.<br>
<br>
Motivation<br>
<br>
Most bitcoin wallet implementations randomize the outputs of<br>
transactions they create to avoid trivial linkage analysis (especially<br>
change outputs), however implementations have made mistakes in this area<br=
>
in the past.<br>
<br>
Using a canonical ordering has the same effect, but is simpler, more<br>
obvious if incorrect, and can eventually be enforced by IsStandard() and<br=
>
even a soft-fork to enforce it.<br>
<br>
Specification<br>
<br>
Inputs should be ordered like so:<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 index (lower value first)<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 txid (little endian order, lower byte first)<br=
>
<br>
Outputs should be ordered like so:<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 amount (lower value first)<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 script (starting from first byte, lower byte fi=
rst, shorter wins)<br>
<br>
Rationale<br>
<br>
Any single wallet is already free to implement this, but if other<br>
wallets do not it would reduce privacy by making those transactions<br>
stand out.=C2=A0 Thus a BIP is appropriate, especially if this were to<br>
become an IsStandard() rule once widely adopted.<br>
<br>
Because integers are fast to compare, they&#39;re sorted first, before the<=
br>
lexographical ordering.<br>
<br>
The other input fields do not influence the sort order, as any valid<br>
transactions cannot have two inputs with the same index and txid.<br>
<br>
Reference Implementation<br>
<br>
<a href=3D"https://github.com/rustyrussell/bitcoin/tree/bip-in-out-ordering=
" target=3D"_blank">https://github.com/rustyrussell/bitcoin/tree/bip-in-out=
-ordering</a><br>
<br>
---------------------------------------------------------------------------=
---<br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div><br></div>

--001a113838a895ba6705180848f4--