From: Chris Belcher <belcher@riseup.net>
To: Ryan Havar via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Transaction Input/Output Sorting
Date: Tue, 23 Oct 2018 15:29:30 +0100 [thread overview]
Message-ID: <62ab0a37-2969-d9fe-5849-9362154560d0@riseup.net> (raw)
In-Reply-To: <oTVax1iu2AHkNx8jQ9QlnWr2FS6Uusm1zKPZOkn1XRBv5my23NvVab0lWWH3DSbt3pXEv-ZsmhhU79MGuwnUdP2EKMk931XRyvuLxPRMyjk=@protonmail.com>
Thanks for bringing our attention to this important topic.
According to (https://p2sh.info/dashboard/db/bip-69-stats) around 60% of
transaction follow bip69 (possibly just by chance).
If its useful, a bitcoin wiki page that tracks wallets which use bip69
can be created. A similar page exists for bech32
(https://en.bitcoin.it/wiki/Bech32_adoption). If we had this at least
we'd know which open source wallets we can write code for or which
closed source wallets we can bug about bip69.
On 22/10/2018 02:54, Ryan Havar via bitcoin-dev wrote:
> On Sunday, October 21, 2018 2:54 PM, Pavol Rusnak <stick@satoshilabs.com> wrote:
>
>> Your solution in the second part of the email does not solve the problem you indicated in the first part of your email.
>
> Sorry, I'm not quite sure what parts you are referring to. I assume you might mean my first paragraph, so I'll try explain myself a bit clearer how this makes it harder to find wallet boundaries.
>
> Right now you can generally tell if a transaction is using bip69 or not (as long as you account for the probability that it's randomly sorted to accidentally be bip69). And generally wallets are consistent if they use bip69 or not.
>
> This can often make it massively easier to detect what is change and not. Let's say I'm clustering a wallet and know they're using a wallet that always uses bip69, and I'm looking at a transaction in that cluster and trying to guess which is the change and which is not. There's a lot of things you can use to assign a probability. The most obvious thing is looking at the amount of significant-digits of the output amounts (if they vary a lot, change tends to be the one with more), but a much more powerful one is looking at how the outputs are spent (and if they end up spend-linking back into the original cluster).
>
> So let's say that the transaction output is spent by a non-bip69 transaction -- I right away know that it's going to (almost certainly) be a different wallet (e.g. the destination).
>
> My (shower-thoughty) "solution" fixes this problem, because an outside observer has no way of knowing if a transaction is using deterministic sorting or not, so can not use this information to establish wallet boundaries.
>
> --
> On somewhat of a tangent I was actually fortunate enough to have someone with access to the biggest(?) bitcoin analysis service help me with a few experiments. While I was genuinely taken aback by how accurate some of their analysis can be, I also found it pretty easy to trick -- implying it relies heavily on some fragile heuristics.
>
> I don't like to be alarmist, but I worry a lot about the fungibility of bitcoin when we have such effective blockchain analysis and a *LOT* of the ecosystem using a centralized analytics service. And in fact, we're already starting to see some minor effects of this (e.g. people already know that if they gamble their funds, they'll probably have trouble using an exchange later). And I don't think we're too far from the point where any "unidentified" bitcoin is instantly flagged as "suspicious" (and for instance, requires more explaining for by exchanges) potentially seriously harming bitcoin fungibility and it's value determined also by it's history.
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
next prev parent reply other threads:[~2018-10-23 14:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-21 19:00 [bitcoin-dev] Transaction Input/Output Sorting rhavar
2018-10-21 21:54 ` Pavol Rusnak
2018-10-22 1:54 ` rhavar
2018-10-23 14:29 ` Chris Belcher [this message]
2018-10-24 16:12 ` Gregory Maxwell
2018-10-24 17:52 ` rhavar
2018-10-24 18:21 ` rhavar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=62ab0a37-2969-d9fe-5849-9362154560d0@riseup.net \
--to=belcher@riseup.net \
--cc=bitcoin-dev@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox