Right now it's just *way* too easy to spot the boundaries between different 
wallets. There's a lot of things that contribute to that, but the one that 
concerns me the most is the way wallets sort transaction inputs and outputs.

Some wallets and protocols (especially HW wallets) have  a strong preference 
for deterministic sorting (i.e. using bip69), while other wallets have a lot of 
objections to this.

I'm not sure I fully understand the objections, but I think they can be 
summarized as "during the transition period there will be a lot of privacy 
loss" and "if in the future someone wants to use bitcoin in a way that's not 
compatible with bip69 their transactions will stick out heavily".

I wonder if this impasse could be solved with deterministic sorting, but based 
on a semi-secret.  Like  `sortingSecret = hmac(walletSeed, "sortingSecret")` 
and then there's a standardized sort order based on the sortingSecret. e.g. 
sort inputs/output by the  `hash(data || sortingSecret)`.   Wallets could come 
up with their own way of computing (or storing) the "sortingSecret" but from 
there it's standardized.

I has the advantages of deterministic sorting (as long as you know the 
sortingSecret) you can verify it's done correctly and externally looks totally 

Am I missing something, or could this be the way forward?

bitcoin-dev mailing list

Reply via email to