1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
Return-Path: <stick@satoshilabs.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id BC97D3EE
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 21 Oct 2018 21:54:39 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-vs1-f54.google.com (mail-vs1-f54.google.com
[209.85.217.54])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 90DFA7C3
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 21 Oct 2018 21:54:38 +0000 (UTC)
Received: by mail-vs1-f54.google.com with SMTP id i10so28359063vsm.13
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 21 Oct 2018 14:54:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=satoshilabs.com; s=google;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=uYUwtsp6EwNB3TpOS2e4u8AJdS4CVK14QOsaKNRaQ4U=;
b=O0U4qZwQHtgsVISQ5UvlO+rZimuEQYEBnBE41u3hnS9cgXKWlebZ7ATXdDLs5os6BI
Ytpar2o1uplPDdx+WezWiOsN7SISG/EiohXbSk+PHw9SsE3rROZCyUEjyYjFLPY9Nalo
sSUvdZnMuHT54Jh6um/oC1f8Fi+hHVzPdPDDs+YxGKqEFLH9L7M2YcfCbFZwiYOmXtwQ
wxAnwrjc6gIeWEJA/pw7BPwt2A6SHEbDFRCJnak3+lbWr0PV6lIll8cZ+1IYvG8bthxu
dCkqmX1VcASNxEIj4KG5ZHLLo11UwHekRTOiP5OSI+39J9H3v8uNEGFe1lVWt0meB52c
cIfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=uYUwtsp6EwNB3TpOS2e4u8AJdS4CVK14QOsaKNRaQ4U=;
b=SPVBr72R+L5M+w2Iy/pUmaAC5D1C6f+nFfhjNWBF6/xhHEJvJSNbzaU352/YjrCg2N
7gLcvADi6RnwlGqN39UtvFSKbd7X1U8hyLEX6LVWBt13eq0t3iEydXdSRY/M62YhoLep
DrS0WkM7lyrJrIFR2mNQt8NaHwtrU0UAKsHGLvvX+YFMGmG1m0njnmnRp44QfD25nG1P
yDSvtQX8cJFebHYfi5dWwCasiSj9Roh207q1LoLu1gwL7WqnAMRQsV195hJBsse/YEqA
RE0qc6V+yzIpC6q3tst973cEGOOGVgHVLs2YGkxX1c7KxnrCeSoTjcyvb5B+4IBgL0Hn
lwgw==
X-Gm-Message-State: ABuFfogmhko+AQVMS6OiH/7xZEfQr2TF675/VNh9RNL4ge82U+Xearjz
Ac25JKVEedDm02VxdSPSqxNtr4g1xsrdvgKtLMu2Gw==
X-Google-Smtp-Source: ACcGV60kQLLitI1Y9RtgYBbDME9PxAbGLHk8aFKYLJNRAqTK1JmK6eO/km1XuhSHxgpzroQrRymUwTmC0HZ7+rsHn6w=
X-Received: by 2002:a67:86d5:: with SMTP id
i204mr16753491vsd.169.1540158877595;
Sun, 21 Oct 2018 14:54:37 -0700 (PDT)
MIME-Version: 1.0
References: <sKbqoBddMV_gqKR8AIje8pbaF9FMc0gy636OOtI5jqszGH6lRrLtDtd_bQBB_d01vexaI17N4k_Zss8aeDOOsE51VDeQ7RGC2cxv1nnc--0=@protonmail.com>
In-Reply-To: <sKbqoBddMV_gqKR8AIje8pbaF9FMc0gy636OOtI5jqszGH6lRrLtDtd_bQBB_d01vexaI17N4k_Zss8aeDOOsE51VDeQ7RGC2cxv1nnc--0=@protonmail.com>
From: Pavol Rusnak <stick@satoshilabs.com>
Date: Sun, 21 Oct 2018 23:54:26 +0200
Message-ID: <CAF90Avnbxd3HA0yPcr929sf0o7ihF3SgcnCfqbvAeA8uxZa4Og@mail.gmail.com>
To: rhavar@protonmail.com,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000cc16350578c42e2f"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Mon, 22 Oct 2018 04:07:30 +0000
Subject: Re: [bitcoin-dev] Transaction Input/Output Sorting
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Oct 2018 21:54:39 -0000
--000000000000cc16350578c42e2f
Content-Type: text/plain; charset="UTF-8"
Your solution in the second part of the email does not solve the problem
you indicated in the first part of your email.
On Sun, Oct 21, 2018, 23:41 Ryan Havar via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Right now it's just *way* too easy to spot the boundaries between
> different wallets. There's a lot of things that contribute to that, but the
> one that concerns me the most is the way wallets sort transaction inputs
> and outputs.
>
> Some wallets and protocols (especially HW wallets) have a strong
> preference for deterministic sorting (i.e. using bip69), while other
> wallets have a lot of objections to this.
>
> I'm not sure I fully understand the objections, but I think they can be
> summarized as "during the transition period there will be a lot of privacy
> loss" and "if in the future someone wants to use bitcoin in a way that's
> not compatible with bip69 their transactions will stick out heavily".
>
> I wonder if this impasse could be solved with deterministic sorting, but
> based on a semi-secret. Like `sortingSecret = hmac(walletSeed,
> "sortingSecret")` and then there's a standardized sort order based on the
> sortingSecret. e.g. sort inputs/output by the `hash(data ||
> sortingSecret)`. Wallets could come up with their own way of computing
> (or storing) the "sortingSecret" but from there it's standardized.
>
> I has the advantages of deterministic sorting (as long as you know the
> sortingSecret) you can verify it's done correctly and externally looks
> totally randomized.
>
> Am I missing something, or could this be the way forward?
>
> -Ryan
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--000000000000cc16350578c42e2f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">Your solution in the second part of the email does not so=
lve the problem you indicated in the first part of your email.</div><br><di=
v class=3D"gmail_quote"><div dir=3D"ltr">On Sun, Oct 21, 2018, 23:41 Ryan H=
avar via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundatio=
n.org">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br></div><block=
quote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc=
solid;padding-left:1ex"><div><span style=3D"background-color:rgb(255,255,2=
55)" class=3D"m_-2140874694805853848highlight"><span class=3D"m_-2140874694=
805853848colour"><span class=3D"m_-2140874694805853848font"><span style=3D"=
font-size:14px" class=3D"m_-2140874694805853848size"><font face=3D"sans-ser=
if" color=3D"#252525">Right now it's just *way* too easy to spot the bo=
undaries between different wallets. There's a lot of things that contri=
bute to that, but the one that concerns me the most is the way wallets sort=
transaction inputs and outputs.</font></span></span></span></span><br></di=
v><div><br> Some wallets and protocols (especially HW wallets) have <span s=
tyle=3D"background-color:rgb(255,255,255)" class=3D"m_-2140874694805853848h=
ighlight"><span class=3D"m_-2140874694805853848colour"><span class=3D"m_-21=
40874694805853848font"><span class=3D"m_-2140874694805853848size"><font fac=
e=3D"sans-serif" color=3D"#252525"> a strong preference for deterministic=
=C2=A0sorting (i.e. using bip69), while other wallets have a lot of objecti=
ons to this.</font></span></span></span></span></div><div><br></div><div><s=
pan style=3D"background-color:rgb(255,255,255)" class=3D"m_-214087469480585=
3848highlight"><span class=3D"m_-2140874694805853848colour"><span class=3D"=
m_-2140874694805853848font"><span class=3D"m_-2140874694805853848size"><fon=
t face=3D"sans-serif" color=3D"#252525">I'm not sure I fully understand=
the objections, but I think they can be summarized=C2=A0as "during th=
e transition period there will be a lot of privacy loss" and "if =
in the future someone wants to use bitcoin in a way that's not compatib=
le with bip69 their transactions will stick out heavily".<br></font></=
span></span></span></span></div><div><br></div><div><span style=3D"backgrou=
nd-color:rgb(255,255,255)" class=3D"m_-2140874694805853848highlight"><span =
class=3D"m_-2140874694805853848colour"><span class=3D"m_-214087469480585384=
8font"><span class=3D"m_-2140874694805853848size"><font face=3D"sans-serif"=
color=3D"#252525">I wonder if this impasse could be solved with determinis=
tic=C2=A0sorting, but based on a semi-secret.=C2=A0 Like=C2=A0 `sortingSecr=
et =3D hmac(walletSeed, "sortingSecret")` and then there's a =
standardized sort order based on the sortingSecret. e.g. sort inputs/output=
by the=C2=A0 `hash(data || sortingSecret)`.=C2=A0 =C2=A0Wallets could come=
up with their own way of computing (or storing) the "sortingSecret&qu=
ot; but from there it's standardized.<br></font></span></span></span></=
span></div><div><br></div><div>I has the advantages of deterministic sortin=
g (as long as you know the sortingSecret) you can verify it's done corr=
ectly and externally looks totally randomized.<br></div><div><br></div><div=
>Am I missing something, or could this be the way forward?<br></div><div><b=
r></div><div class=3D"m_-2140874694805853848protonmail_signature_block"><di=
v class=3D"m_-2140874694805853848protonmail_signature_block-user"><div>-Rya=
n<br></div></div><div class=3D"m_-2140874694805853848protonmail_signature_b=
lock-proton m_-2140874694805853848protonmail_signature_block-empty"><br></d=
iv></div><div><br></div>_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" =
rel=3D"noreferrer">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer noreferrer" target=3D"_blank">https://lists.linuxfoundati=
on.org/mailman/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--000000000000cc16350578c42e2f--
|
