Remove redundant shuffle in KnapsackSolver #15752

pull madeken wants to merge 1 commits into bitcoin:master from madeken:master changing 3 files +4 −59
  1. madeken commented at 11:58 PM on April 4, 2019: none

    It's a bit simpler to unconditionally shuffle once in SelectCoins instead of in SelectCoinsMinConf which is repeatedly called.

  2. fanquake added the label Wallet on Apr 4, 2019
  4. madeken commented at 3:51 PM on April 5, 2019: none

    @Empact the comment is wrong...

    The reason it sometimes fails and sometimes succeeds is because of the randomization here: https://github.com/bitcoin/bitcoin/blob/e21129e78e38935eb3310207c5be7cf2b1f422e7/src/wallet/coinselection.cpp#L195

    but note at that stage it's iterating over a sorted list:

    https://github.com/bitcoin/bitcoin/blob/e21129e78e38935eb3310207c5be7cf2b1f422e7/src/wallet/coinselection.cpp#L255

  5. MarcoFalke commented at 3:58 PM on April 5, 2019: member

    The tests are failing, so they need to be updated in the same commit

  6. gmaxwell commented at 4:07 PM on April 5, 2019: contributor

    What happens if there are ties in the sort or multiple smallest elements >= N?

  7. madeken commented at 4:52 PM on April 5, 2019: none

    @gmaxwell I doubt it matters, but fair enough point. That's easy enough to fix with: 856b0a7bd015551d166cb8001ac45460e659b28d to just unconditionally shuffle before all the calls to SelectCoinsMinConf

  8. madeken force-pushed on Apr 5, 2019
  9. madeken force-pushed on Apr 5, 2019
  10. madeken commented at 5:55 PM on April 5, 2019: none

    Rebased, updated original post (description) and removed the test of randomness in SelectCoinsMinConf as it's no longer applicable and SelectCoins doesn't make it easy to do the same test.

  11. Lift the wallet shuffle from SelectCoinsMinConf to SelectCoins
    That way it's only done once
    72c233650a
  12. madeken force-pushed on Apr 5, 2019
  13. Empact commented at 8:08 PM on April 5, 2019: member

    That looks better to me, but if deterministic output is significant to privacy, I'd rather have less efficient operation covered by a test than more efficient operation without one, particularly wrt coin selection.

  14. madeken commented at 9:07 PM on April 5, 2019: none

    @Empact even without the shuffle (which it has), the privacy implications are tiny. It only makes a difference in an extreme edge case: if BnB fails (does its own sorting), and if the sum of < N is <N fails (has its own randomization) and if the smallest >= N input has ties.

    And even then, the privacy difference between "This is the smallest >= N input (first tie-breaking)" and "This is a smallest >= N input (random tie-breaking)" is going pretty negligible.

  15. gmaxwell commented at 9:36 PM on April 5, 2019: contributor

    Why bother with the change however? I'm not really seeing the motivation for it, saving say 0.5ms in a 500ms operation isn't particularly interesting. Actually figuring out if the privacy difference is material isn't free....

  16. laanwj commented at 10:44 AM on April 10, 2019: member

    Agree with @gmaxwell here.

    I'd like to see significant performance numbers before considering this change. I'd suspect an extra shuffle is almost free, and the human work of reviewing this is considerable and likely better spent on other PRs.

  17. madeken closed this on Apr 11, 2019
  18. DrahtBot locked this on Dec 16, 2021
Contributors
madekenEmpactMarcoFalkegmaxwelllaanwj
Labels
Wallet
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-21 15:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me