Right now it's just *way* too easy to spot the boundaries between different
wallets. There's a lot of things that contribute to that, but the one that
concerns me the most is the way wallets sort transaction inputs and outputs.
Some wallets and protocols (especially HW wallets) have a strong preference
for deterministic sorting (i.e. using bip69), while other wallets have a lot of
objections to this.
I'm not sure I fully understand the objections, but I think they can be
summarized as "during the transition period there will be a lot of privacy
loss" and "if in the future someone wants to use bitcoin in a way that's not
compatible with bip69 their transactions will stick out heavily".
I wonder if this impasse could be solved with deterministic sorting, but based
on a semi-secret. Like `sortingSecret = hmac(walletSeed, "sortingSecret")`
and then there's a standardized sort order based on the sortingSecret. e.g.
sort inputs/output by the `hash(data || sortingSecret)`. Wallets could come
up with their own way of computing (or storing) the "sortingSecret" but from
there it's standardized.
I has the advantages of deterministic sorting (as long as you know the
sortingSecret) you can verify it's done correctly and externally looks totally
randomized.
Am I missing something, or could this be the way forward?
-Ryan
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
