Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2016-06-15 📝 Original message:On Jun 15, 2016 12:53, ...
📅 Original date posted:2016-06-15
📝 Original message:On Jun 15, 2016 12:53, "Daniel Weigl via bitcoin-dev" <
bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> That would be a big privacy leak, imo. As soon as both outputs are spent,
its visible
> which one was the P2WPKH-in-P2SH and which one the pure P2WPKH and as a
consequence
> you leak which output was the change and which one the actual sent output
>
> So, i'd suggest to even make it a requirement for "normal"
send-to-single-address transactions
> to always use the same output type for the change output (if the wallet
is able to recognize it)
Indeed, and you can go even further. When there are multiple "sending"
outputs, pick one at random, and mimic it for the change output. This means
that if you have a P2PKH and 3 P2SH sends, you'll have 25% chance for a
P2PKH change output, and 75% chance for a P2SH output.
You can go even further of course, if you want privacy that remains after
those sends get spent. In that case, you also need to match the template of
the redeemscript/witnessscript. For example, if the send you are mimicking
is a 2-of-3, the change output should also use 2-of-3.
--
Pieter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160615/35a22171/attachment.html>;
📝 Original message:On Jun 15, 2016 12:53, "Daniel Weigl via bitcoin-dev" <
bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> That would be a big privacy leak, imo. As soon as both outputs are spent,
its visible
> which one was the P2WPKH-in-P2SH and which one the pure P2WPKH and as a
consequence
> you leak which output was the change and which one the actual sent output
>
> So, i'd suggest to even make it a requirement for "normal"
send-to-single-address transactions
> to always use the same output type for the change output (if the wallet
is able to recognize it)
Indeed, and you can go even further. When there are multiple "sending"
outputs, pick one at random, and mimic it for the change output. This means
that if you have a P2PKH and 3 P2SH sends, you'll have 25% chance for a
P2PKH change output, and 75% chance for a P2SH output.
You can go even further of course, if you want privacy that remains after
those sends get spent. In that case, you also need to match the template of
the redeemscript/witnessscript. For example, if the send you are mimicking
is a 2-of-3, the change output should also use 2-of-3.
--
Pieter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160615/35a22171/attachment.html>;