wallet: shuffle coins before grouping, where warranted #13808

pull kallewoof wants to merge 1 commits into bitcoin:master from kallewoof:random-ordering-output-groups changing 1 files +9 −1
  1. kallewoof commented at 4:59 pm on July 30, 2018: member

    Coins are randomly shuffled in coin selection to avoid unintentional privacy leaks regarding the user’s coin set. For the case where a user has a lot of coins with the same destination, these will be grouped into groups of 10 before the shuffling.

    It is unclear whether this has any implications at all, but this PR plugs the potential issue, if there ever is one, by shuffling the coins before they are grouped.

    Issue brought up in #12257 (review)

  2. MarcoFalke added this to the milestone 0.17.0 on Jul 30, 2018
  3. kallewoof force-pushed on Jul 30, 2018
  4. kallewoof force-pushed on Jul 30, 2018
  5. MarcoFalke added the label Wallet on Jul 30, 2018
  6. promag commented at 1:34 pm on August 1, 2018: member
    Could shuffle after GroupOutputs()? , just shuffle each group.m_outputs in the same condition? Currently GroupOutputs result depends on the input order, but that can change. Post-shuffle would be guaranteed.
  7. kallewoof commented at 3:43 am on August 2, 2018: member
    @promag You would have to not cap the size of groups and create them with unlimited size, then shuffle each one and break it into groups.. don’t see the benefit to this, honestly, unless it has a huge impact on speed for big wallets or something?
  8. in src/wallet/wallet.cpp:2521 in bea78f2405 outdated 
    2514@@ -2515,6 +2515,12 @@ bool CWallet::SelectCoins(const std::vector<COutput>& vAvailableCoins, const CAm
2515 
2516     // form groups from remaining coins; note that preset coins will not
2517     // automatically have their associated (same address) coins included
2518+    if (coin_control.m_avoid_partial_spends && vCoins.size() > 10) {
2519+        // Cases where we have 11+ outputs all pointing to the same destination may result in
2520+        // privacy leaks as they will potentially be deterministically sorted. We solve that by
2521+        // explicitly sorting the outputs before processing
    instagibbs commented at 8:06 pm on August 9, 2018:
    s/sorting/shuffling/ ?
  9. in src/wallet/wallet.cpp:2518 in bea78f2405 outdated 
    2514@@ -2515,6 +2515,12 @@ bool CWallet::SelectCoins(const std::vector<COutput>& vAvailableCoins, const CAm
2515 
2516     // form groups from remaining coins; note that preset coins will not
2517     // automatically have their associated (same address) coins included
2518+    if (coin_control.m_avoid_partial_spends && vCoins.size() > 10) {
    instagibbs commented at 8:06 pm on August 9, 2018:
    can we make this 10 a constant to make it easier for the reader/future writer, or make it a parameter to the grouping function itself?
    instagibbs commented at 8:10 pm on August 9, 2018:
    Second thought: Would an unconditional shuffle just be easier here? We shuffle inputs later post-selection, so nothing of value should be lost.
    kallewoof commented at 11:11 pm on August 9, 2018:

    I haven’t checked, but I don’t think you can remove the later shuffle, and you at least want to skip shuffling if !m_avoid_partial_spends, so I don’t think unconditional is ideal here.

    I.e. if we could move the shuffle operation to always happen here, rather than later, that would work fine.

    If we can’t, we should at least not skip the extra shuffle if we are not grouping, since that’s just no-reason-wasteful.

  10. kallewoof force-pushed on Aug 9, 2018
  11. kallewoof commented at 11:12 pm on August 9, 2018: member
    Addressed @instagibbs nits (except unconditional shuffle).
  12. kallewoof force-pushed on Aug 10, 2018
  13. wallet: shuffle coins before grouping, where warranted 
    Issue brought up in https://github.com/bitcoin/bitcoin/pull/12257\#discussion_r204554549
    18f690ec2f
  14. kallewoof force-pushed on Aug 10, 2018
  15. achow101 commented at 6:46 pm on August 10, 2018: member
    utACK 18f690ec2f7eb1b4aa51825bfed0cbfdadc93ac7
  17. sipa commented at 10:40 pm on August 10, 2018: member
    utACK 18f690ec2f7eb1b4aa51825bfed0cbfdadc93ac7, but can you update the PR description to explain the issue and solution? It isn’t at all clear from the commit message or description why this is necessary.
  18. kallewoof commented at 4:57 am on August 11, 2018: member
    @sipa I updated the description.
  19. MarcoFalke commented at 9:30 pm on August 12, 2018: member
    utACK 18f690ec2f7eb1b4aa51825bfed0cbfdadc93ac7
  20. fanquake commented at 9:09 am on August 13, 2018: member
    utACK 18f690e
  21. ken2812221 referenced this in commit 13d51a2b61 on Aug 13, 2018
  22. laanwj merged this on Aug 13, 2018
  23. laanwj closed this on Aug 13, 2018
  24. kallewoof deleted the branch on Oct 17, 2019
  25. UdjinM6 referenced this in commit e076832ddb on Jul 4, 2021
  26. UdjinM6 referenced this in commit 000f129f75 on Jul 6, 2021
  27. UdjinM6 referenced this in commit c76470c98e on Jul 6, 2021
  28. DrahtBot locked this on Dec 16, 2021


kallewoof promag instagibbs achow101 sipa MarcoFalke fanquake

Labels
Wallet

Milestone
0.17.0

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-07-05 19:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me