On Wed, Jun 15, 2016 at 7:00 AM, Pieter Wuille via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

Indeed, and you can go even further. When there are multiple "sending" outputs, pick one at random, and mimic it for the change output. This means that if you have a P2PKH and 3 P2SH sends, you'll have 25% chance for a P2PKH change output, and 75% chance for a P2SH output.

This isn't quite perfect because if there is only 1 P2PKH output and you know the person is using the above algorithm then you know the P2PKH output isn't the change.

I don't know what the perfect method is.  My guess is that it is to let p be the probability that a P2PKH output is produced over the entire network and to pick P2PKH for your change output with probability p (and similarly for other output types).

On Wed, Jun 15, 2016 at 7:00 AM, Pieter Wuille via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:


On Jun 15, 2016 12:53, "Daniel Weigl via bitcoin-dev" <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> That would be a big privacy leak, imo. As soon as both outputs are spent, its visible
> which one was the P2WPKH-in-P2SH and which one the pure P2WPKH and as a consequence
> you leak which output was the change and which one the actual sent output
>
> So, i'd suggest to even make it a requirement for "normal" send-to-single-address transactions
> to always use the same output type for the change output (if the wallet is able to recognize it)

Indeed, and you can go even further. When there are multiple "sending" outputs, pick one at random, and mimic it for the change output. This means that if you have a P2PKH and 3 P2SH sends, you'll have 25% chance for a P2PKH change output, and 75% chance for a P2SH output.

You can go even further of course, if you want privacy that remains after those sends get spent. In that case, you also need to match the template of the redeemscript/witnessscript. For example, if the send you are mimicking is a 2-of-3, the change output should also use 2-of-3.

--
Pieter


_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev