On Sunday, October 21, 2018 2:54 PM, Pavol Rusnak <st...@satoshilabs.com> wrote:
> Your solution in the second part of the email does not solve the problem you
> indicated in the first part of your email.
Sorry, I'm not quite sure what parts you are referring to. I assume you might
mean my first paragraph, so I'll try explain myself a bit clearer how this
makes it harder to find wallet boundaries.
Right now you can generally tell if a transaction is using bip69 or not (as
long as you account for the probability that it's randomly sorted to
accidentally be bip69). And generally wallets are consistent if they use bip69
or not.
This can often make it massively easier to detect what is change and not. Let's
say I'm clustering a wallet and know they're using a wallet that always uses
bip69, and I'm looking at a transaction in that cluster and trying to guess
which is the change and which is not. There's a lot of things you can use to
assign a probability. The most obvious thing is looking at the amount of
significant-digits of the output amounts (if they vary a lot, change tends to
be the one with more), but a much more powerful one is looking at how the
outputs are spent (and if they end up spend-linking back into the original
cluster).
So let's say that the transaction output is spent by a non-bip69 transaction --
I right away know that it's going to (almost certainly) be a different wallet
(e.g. the destination).
My (shower-thoughty) "solution" fixes this problem, because an outside
observer has no way of knowing if a transaction is using deterministic sorting
or not, so can not use this information to establish wallet boundaries.
--
On somewhat of a tangent I was actually fortunate enough to have someone with
access to the biggest(?) bitcoin analysis service help me with a few
experiments. While I was genuinely taken aback by how accurate some of their
analysis can be, I also found it pretty easy to trick -- implying it relies
heavily on some fragile heuristics.
I don't like to be alarmist, but I worry a lot about the fungibility of bitcoin
when we have such effective blockchain analysis and a *LOT* of the ecosystem
using a centralized analytics service. And in fact, we're already starting to
see some minor effects of this (e.g. people already know that if they gamble
their funds, they'll probably have trouble using an exchange later). And I
don't think we're too far from the point where any "unidentified" bitcoin is
instantly flagged as "suspicious" (and for instance, requires more explaining
for by exchanges) potentially seriously harming bitcoin fungibility and it's
value determined also by it's history.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
