1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <gmaxwell@gmail.com>) id 1YJnWl-00016D-Ua
for bitcoin-development@lists.sourceforge.net;
Fri, 06 Feb 2015 18:21:15 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.223.175 as permitted sender)
client-ip=209.85.223.175; envelope-from=gmaxwell@gmail.com;
helo=mail-ie0-f175.google.com;
Received: from mail-ie0-f175.google.com ([209.85.223.175])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YJnWk-0006aC-RN
for bitcoin-development@lists.sourceforge.net;
Fri, 06 Feb 2015 18:21:15 +0000
Received: by iebtr6 with SMTP id tr6so3290088ieb.4
for <bitcoin-development@lists.sourceforge.net>;
Fri, 06 Feb 2015 10:21:09 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.43.55.84 with SMTP id vx20mr13781953icb.62.1423246869560;
Fri, 06 Feb 2015 10:21:09 -0800 (PST)
Received: by 10.107.6.95 with HTTP; Fri, 6 Feb 2015 10:21:09 -0800 (PST)
In-Reply-To: <20150204142323.DEC4BE2DCDE@quidecco.de>
References: <20150204142323.DEC4BE2DCDE@quidecco.de>
Date: Fri, 6 Feb 2015 18:21:09 +0000
Message-ID: <CAAS2fgQyecwuiXxYxzF4bmYCVvcQnBa97LYXYu-Gf3rVNs5VJw@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Isidor Zeuner <cryptocurrencies@quidecco.de>
Content-Type: text/plain; charset=UTF-8
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(gmaxwell[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1YJnWk-0006aC-RN
Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] determining change addresses using the
least significant digits
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Fri, 06 Feb 2015 18:21:16 -0000
On Wed, Feb 4, 2015 at 2:23 PM, Isidor Zeuner
<cryptocurrencies@quidecco.de> wrote:
> Hi there,
>
> traditionally, the Bitcoin client strives to hide which output
> addresses are change addresses going back to the payer. However,
> especially with today's dynamically calculated miner fees, this
> may often be ineffective:
>
> A user sending a payment using the Bitcoin client will usually enter
> the payment amount only up to the number of digits which are
> considered to be significant enough. So, the least significant digits
> will often be zero for the payment. With dynamically calculated miner
> fees, this will often not be the case for the change amount, making it
> easy for an observer to classify the output addresses.
>
> A possible approach to handle this issue would be to add a randomized
> offset amount to the payment amount. This offset amount can be small
> in comparison to the payment amount.
Sending someone too much can really play hell with their accounting.
Unless you know they're okay with it, I wouldn't suggest it.
I often randomly round up the output when I'm paying to a depository
account... and I've thought that would be a useful feature to have,
but I dunno how to usefully present a UI for "pay at least X but
you're allowed to round-up up to 0.01 BTC more".
Another strategy is this: create two change outputs, with uniform
probablity make one equal to your payment amount (which is also nice
because if your payment amount models future payment amount the change
will be usefully sized) or split your change evenly.
|