summaryrefslogtreecommitdiff
path: root/bip-0069.mediawiki
diff options
context:
space:
mode:
Diffstat (limited to 'bip-0069.mediawiki')
-rw-r--r--bip-0069.mediawiki9
1 files changed, 2 insertions, 7 deletions
diff --git a/bip-0069.mediawiki b/bip-0069.mediawiki
index f262126..3aa9463 100644
--- a/bip-0069.mediawiki
+++ b/bip-0069.mediawiki
@@ -30,11 +30,6 @@ Since wallet clients are left to their own devices to determine this ordering, t
For example, a wallet client might naively order inputs based on when addresses were added to a wallet by the user through importing or random generation.
Many wallets will place spending outputs first and change outputs second, leaking information about both the sender and receiver’s finances to passive blockchain observers.
Such information should remain private not only for the benefit of consumers, but in higher order financial systems must be kept secret to prevent fraud.
-Currently, there is no clear standard for how wallet clients ought to order transaction inputs and outputs.
-Since wallet clients are left to their own devices to determine this ordering, they often leak information about their users’ finances.
-For example, a wallet client might naively order inputs based on when addresses were added to a wallet by the user through importing or random generation.
-Many wallets will place spending outputs first and change outputs second, leaking information about both the sender and receiver’s finances to passive blockchain observers.
-Such information should remain private not only for the benefit of consumers, but in higher order financial systems must be kept secret to prevent fraud.
A researcher recently demonstrated this principle when he detected that Bitstamp leaked information when creating exchange transactions, enabling potential espionage among traders. [1]
One way to address these privacy weaknesses is by randomizing the order of inputs and outputs. [2]
@@ -83,7 +78,7 @@ N.B. All comparisons do not need to operate in constant time since they are not
===Transaction Inputs===
-Transaction inputs are defined by the hash of a previous transaction, the output index of of a UTXO from that previous transaction, the size of an unlocking script, the unlocking script, and a sequence number. [3]
+Transaction inputs are defined by the hash of a previous transaction, the output index of a UTXO from that previous transaction, the size of an unlocking script, the unlocking script, and a sequence number. [3]
For sorting inputs, the hash of the previous transaction and the output index within that transaction are sufficient for sorting purposes; each transaction hash has an extremely high probability of being unique in the blockchain — this is enforced for coinbase transactions by BIP30 — and output indices within a transaction are unique.
For the sake of efficiency, transaction hashes should be compared first before output indices, since output indices from different transactions are often equivalent, while all bytes of the transaction hash are effectively random variables.
@@ -92,7 +87,7 @@ In the event of two matching transaction hashes, the respective previous output
If the previous output indices match, the inputs are considered equal.
Transaction malleability will not negatively impact the correctness of this process.
-Even if a wallet client follows this process using unconfirmed UTXOs as inputs and an attacker changes modifies the blockchain’s record of the hash of the previous transaction, the wallet client will include the invalidated previous transaction hash in its input data, and will still correctly sort with respect to that invalidated hash.
+Even if a wallet client follows this process using unconfirmed UTXOs as inputs and an attacker modifies the blockchain’s record of the hash of the previous transaction, the wallet client will include the invalidated previous transaction hash in its input data, and will still correctly sort with respect to that invalidated hash.
===Transaction Outputs===