📅 Original date posted:2012-12-03
📝 Original message:On Mon, Dec 3, 2012 at 10:17 AM, Alan Reiner <etotheipi at gmail.com> wrote:
> Perhaps it could be improved by cleaning up dust from any address by default
> (not just ones already included in the tx), with the option for the user to
> disable that behavior. After all, anonymity was never a core feature of the
> network -- I think it makes sense that the logic would reduce anonymity by
> default in exchange for a cleaner network, with a clear option to "opt-out"
> of that logic if user cares. I think most users don't actually care...
Yea, the obvious case would look for exact matches— but because sane
software pays change to fresh addresses I expect this to trigger an
unfortunately infrequent amount of time.
Why do you bother with the 5 input limit? The way I'd handle this in
the reference client is as a pure post-processing step. E.g. take any
w/ change transaction formed and try adding small inputs in a greedy
fashion until the next would change the fees. Do you see a reason not
to do this?
A next step up in infrequency is to use input taint tracking
information to gather up coins from all inputs which are already
crosslinked. In the reference client, which doesn't avoid
crosslinking, this would likely be quite effective but I worry about
having an O(N^2)-ish algorithm as part of coin selection. And so I
think it would require maintaining in the wallet the cross link
history for each address rather than building it on the fly. This
seems like a lot of changes for a relatively modest optimization.
Another possibility would be to not apply the privacy rule to very
small inputs or to addresses which have only ever received a very
small sum total. But I don't know how to define very small in a robust
way, and I think that the privacy behavior of the software being
"inconsistent" from the users perspective would be somewhat
unfortunate. Perhaps a setting for the value considered very small
for this purpose which defaults to the relay MINFEE? (And also
include larger outputs when they're address matches).
The the problem with this is this: Say I have an address 1GMaxwellFOO
that everyone knows belongs to me. Someone who wants to identify all
my transactions sends me a constant spray of 1e-8 inputs to
1GMaxwellFOO. If the address association is ignored (even for only
very small inputs) then all my transactions become rapidly
identifiable. Privacy, of at least a basic form, is an important
element of the system, if it's not preserved than bitcoin is inferior
to traditional value transfer systems in an additional way.
(And FWIW, I've seen self-appointed sluths on IRC trying to catch
trouble makers by paying tiny amounts to their extortion addresses;
with the incorrect expectation that it would taint their other
transactions. So even when it doesn't usually work people have tried
using this to attack people)
Gregory Maxwell [ARCHIVE] /
npub1f2…crwet
2023-06-07 10:45:01
in reply to nevent1q…es62
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwetSeen on
wss://relay.noswhere.comPublished at
2023-06-07 10:45:01Event JSON
{
"id": "b0a7753be48f45c94ff83fcd2eb7f1f6e3327ac8bda725824d14cff216212245",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686134701,
"kind": 1,
"tags": [
[
"e",
"e38e06cde7ee8f4b601cbd5e5a0ad7773352871f0487670ef1ae95a3f05e5aad",
"",
"root"
],
[
"e",
"4e844608f08c2168c7215f73ed22b1ededd878969fd9aaeeac470785786e235a",
"",
"reply"
],
[
"p",
"4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73"
]
],
"content": "📅 Original date posted:2012-12-03\n📝 Original message:On Mon, Dec 3, 2012 at 10:17 AM, Alan Reiner \u003cetotheipi at gmail.com\u003e wrote:\n\u003e Perhaps it could be improved by cleaning up dust from any address by default\n\u003e (not just ones already included in the tx), with the option for the user to\n\u003e disable that behavior. After all, anonymity was never a core feature of the\n\u003e network -- I think it makes sense that the logic would reduce anonymity by\n\u003e default in exchange for a cleaner network, with a clear option to \"opt-out\"\n\u003e of that logic if user cares. I think most users don't actually care...\n\nYea, the obvious case would look for exact matches— but because sane\nsoftware pays change to fresh addresses I expect this to trigger an\nunfortunately infrequent amount of time.\n\nWhy do you bother with the 5 input limit? The way I'd handle this in\nthe reference client is as a pure post-processing step. E.g. take any\nw/ change transaction formed and try adding small inputs in a greedy\nfashion until the next would change the fees. Do you see a reason not\nto do this?\n\nA next step up in infrequency is to use input taint tracking\ninformation to gather up coins from all inputs which are already\ncrosslinked. In the reference client, which doesn't avoid\ncrosslinking, this would likely be quite effective but I worry about\nhaving an O(N^2)-ish algorithm as part of coin selection. And so I\nthink it would require maintaining in the wallet the cross link\nhistory for each address rather than building it on the fly. This\nseems like a lot of changes for a relatively modest optimization.\n\nAnother possibility would be to not apply the privacy rule to very\nsmall inputs or to addresses which have only ever received a very\nsmall sum total. But I don't know how to define very small in a robust\nway, and I think that the privacy behavior of the software being\n\"inconsistent\" from the users perspective would be somewhat\nunfortunate. Perhaps a setting for the value considered very small\nfor this purpose which defaults to the relay MINFEE? (And also\ninclude larger outputs when they're address matches).\n\nThe the problem with this is this: Say I have an address 1GMaxwellFOO\n that everyone knows belongs to me. Someone who wants to identify all\nmy transactions sends me a constant spray of 1e-8 inputs to\n1GMaxwellFOO. If the address association is ignored (even for only\nvery small inputs) then all my transactions become rapidly\nidentifiable. Privacy, of at least a basic form, is an important\nelement of the system, if it's not preserved than bitcoin is inferior\nto traditional value transfer systems in an additional way.\n\n(And FWIW, I've seen self-appointed sluths on IRC trying to catch\ntrouble makers by paying tiny amounts to their extortion addresses;\nwith the incorrect expectation that it would taint their other\ntransactions. So even when it doesn't usually work people have tried\nusing this to attack people)",
"sig": "8f4313bd162114cd5aaae0c5d54c40ded2d5a8161b2870f924962e747eb6d4c89e63d2ec97089ba60783aab98025c514a0b53939a589f9fec87becc0d44dc83c"
}