Hello,

I would like to propose a method based on BIP32 (and optionally BIP44) for improving fungibility and on chain privacy with wallets for which this is not a primary concern, requiring minimal changes to allow such wallets to safely forward change outputs to more specialized wallets. This is intended to complement more comprehensive proposals such as BIP79.

Note that this draft is still incomplete, there are open questions about the particular format to use. In its current form it proposes two viable options (and two more are included completeness) and though I have a slight preference for the first option, I remain undecided given the tradeoffs, and so I am writing the mailing list to solicit inputs/criticism.

https://gist.github.com/nothingmuch/652f3a98089a0600637eadab738b2d6a

Thanks to SirMeow, Adam Ficsor, and Adam Gibson for reviewing earlier versions and providing valuable feedback and suggestions.

Regards,
Yuval