Improve change amount privacy #6569

issue gmaxwell openend this issue on August 18, 2015
  1. gmaxwell commented at 10:22 am on August 18, 2015: contributor

    Right now existing change values are often very identifying.

    Coin selection could be smarter and try to result in change amounts that were more plausible output values, this would likely also reduce overall transaction sizes.

    Another approach applicable for larger amounts of change would be to have two change outputs and randomly set it to be one equal to a payment amount (and then the rest) or each change output being half the change.

    (Improvements here were requested by Introshine on reddit)

  2. gmaxwell added the label Privacy on Aug 18, 2015
  3. gmaxwell commented at 11:04 am on August 18, 2015: contributor
    From JMW74 on reddit: One thing that might help also: if the spend amount has a lot of trailing zeros, eg, 2.34000000 BTC, then have change outputs that also have the same amount of trailing zeros. Otherwise, it’s obvious which one is the spend.
  4. dcousens commented at 12:38 pm on August 18, 2015: contributor
    @gmaxwell whatever comes of this, it’d be great to write it up as BIP too.
  5. RHavar commented at 4:26 pm on August 18, 2015: contributor

    There’s a lot of trade-offs in coin selection, and a lot of the tools people are going to use to solve the problem (e.g. constraint solvers) aren’t really realistically ever going to get merged into bitcoin. So how about instead we aim at making pluggable coin-selection?

    Maybe something as simple that pipes the target addresses and amounts, target fee (per kb), list of unspent, and a list of possible change addresses. The coin selector reads this in, writes out a set of inputs and outputs. Bitcoin could sanity check it, and then convert to a raw transaction and sign.

    Having stand alone coin selection system would really encourage the development of good solutions, testing all free of the constraints of doing it from within bitcoin core itself :D

  6. JeremyRubin commented at 5:10 pm on August 18, 2015: contributor

    Another potential thing to look at is repeated payments, eg if I pay 0.7832 BTC every week perhaps this identifies me.

    I would also think that w.r.t. to change it may be useful to try to pick something based on other common sizes on the chain already.

  7. jgarzik commented at 5:19 pm on August 18, 2015: contributor
    @JeremyRubin Yes - the example I use is coin denominations within the USD system. If there are standard amounts widely used, there is perhaps a lower identification factor.
  8. JeremyRubin commented at 5:27 pm on August 18, 2015: contributor
    @jgarzik Yeah; it’s lower because you don’t know what conversion rate they are working in, but people keep histories of market data & it would be not to hard to try to look for same-size payments across all spreads. You’d lose bits compared to in-bitcoin amount of course.
  9. JeremyRubin commented at 5:29 pm on August 18, 2015: contributor
    @jgarzik w.r.t. the original zero coin (not cash) design, iirc, the protocol impinges on putting a standard amount in or out of the commitment. Eg, 1 BTC in, 1 BTC out. Perhaps having some type of standard size transactions would make developing such systems easier as well.
  10. MarcoFalke commented at 6:24 am on August 12, 2022: member
    I think this was implemented in GenerateChangeTarget (https://github.com/bitcoin/bitcoin/issues/24494)
  11. MarcoFalke closed this on Aug 12, 2022

  12. MarcoFalke added the label Feature on Aug 12, 2022
  13. MarcoFalke added the label Wallet on Aug 12, 2022
  14. bitcoin locked this on Aug 12, 2023

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-21 15:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me