Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z4xkA-00055F-MA for bitcoin-development@lists.sourceforge.net; Tue, 16 Jun 2015 20:46:02 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of ozlabs.org designates 103.22.144.67 as permitted sender) client-ip=103.22.144.67; envelope-from=rusty@ozlabs.org; helo=ozlabs.org; Received: from ozlabs.org ([103.22.144.67]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) id 1Z4xk9-0001gZ-Dn for bitcoin-development@lists.sourceforge.net; Tue, 16 Jun 2015 20:46:02 +0000 Received: by ozlabs.org (Postfix, from userid 1011) id 662D01402AA; Wed, 17 Jun 2015 06:45:53 +1000 (AEST) From: Rusty Russell To: Jorge =?utf-8?Q?Tim=C3=B3n?= In-Reply-To: References: <87k2vhfnx9.fsf@rustcorp.com.au> <87r3pdembs.fsf@rustcorp.com.au> <87eglcelf3.fsf@rustcorp.com.au> User-Agent: Notmuch/0.17 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu) Date: Tue, 16 Jun 2015 17:36:38 +0930 Message-ID: <87zj40cc1d.fsf@rustcorp.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.7 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.8 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date -0.0 SPF_PASS SPF: sender matches SPF record -0.6 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.3 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1Z4xk9-0001gZ-Dn Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] [RFC] Canonical input and output ordering in transactions X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jun 2015 20:46:02 -0000 Jorge Tim=C3=B3n writes: > On Jun 15, 2015 11:43 PM, "Rusty Russell" wrote: > >> Though Peter Todd's more general best-effort language might make more >> sense. It's not like you can hide an OP_RETURN transaction to make it >> look like something else, so that transaction not going to be >> distinguished by non-canonical ordering. > > What about commitments that don't use op_return (ie pay2contract > commitments)? I have no idea what they are? :) > In any case, if the motivation is ordering in multi-party transactions > there should be ways to do it without any consequences for other > transaction types' privacy. For example you could have a deterministic > method that depends on a random seed all parties in the transaction > previously share. That way the ordering is deterministic for all parties > involved in the transaction (which can use whatever channel they're using > to send the parts to also send this random seed) while at the same time t= he > order looks random (or at least not cannonical in a recognisable way) to > everyone else. Yes, my plan B would be an informational bip with simple code, suggesting a way to permute a transaction based on some secret. No point everyone reinventing the wheel, badly. Cheers, Rusty.