[wallet] Use destination groups instead of coins in coin select #12257
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
It doesn't avoid reuse (you still need to sign for each input), and has security issues in the event of QC (but that's already a hypothetical big issue for us anyway), but seems useful anyway. Is this affected by the current coin control grouping defect, where it includes change in the same group as unrelated outputs? That would be a serious privacy risk, I think, since it would basically tell the world which output was change. |
Together with
I'm not sure what this defect is. Is it described somewhere? |
kallewoof
force-pushed
the
feature-addrgrouped-coinselect
branch
5 times, most recently
from
3af1fac
to
3210b00
Compare
|
Does this also keep track of the change outputs in case more coins arrive later to Imagine your example, where the coins from If more coins arrive at |
|
@ziggamon Change outputs will go to a different destination so they will be considered separate from their inputs. In other words, |
kallewoof
force-pushed
the
feature-addrgrouped-coinselect
branch
from
7bef298
to
a796602
Compare
kallewoof
force-pushed
the
feature-addrgrouped-coinselect
branch
4 times, most recently
from
7c78571
to
58e4bb1
Compare
src/wallet/wallet.cpp
Outdated
| @@ -3063,6 +3048,30 @@ bool CWallet::CreateTransaction(const std::vector<CRecipient>& vecSend, CWalletT | |||
| return true; | |||
| } | |||
|
|
|||
| bool CWallet::CreateTransaction(const std::vector<CRecipient>& vecSend, CWalletTx& wtxNew, CReserveKey& reservekey, CAmount& nFeeRet, | |||
There was a problem hiding this comment.
I think this is avoidable complexity, because avoidpartial will be always higher fees.
I think it is OK, you pay fee for privacy, while giving incentive to privacy over fee by default.
There was a problem hiding this comment.
Actually avoidpartial gives the same fee a lot of the times, from what I've seen so far. It depends on your utxo set, of course.
|
Some notes I am leaving here but to think about:
|
src/wallet/wallet.cpp
Outdated
| @@ -2575,17 +2556,21 @@ bool CWallet::SelectCoins(const std::vector<COutput>& vAvailableCoins, const CAm | |||
| ++it; | |||
| } | |||
|
|
|||
| // form groups from remaining coins; note that preset coins will not | |||
| // automatically have their associated (same address) coins included | |||
| std::vector<OutputGroup> groups = group_outputs(vCoins, !(coinControl && coinControl->m_avoid_partial_spends > -1 ? coinControl->m_avoid_partial_spends : gArgs.GetBoolArg("-avoidpartialspends", DEFAULT_AVOIDPARTIALSPENDS))); | |||
There was a problem hiding this comment.
I think coinControl->m_avoid_partial_spends should be a boolean, and coinControl should set its value based on the arg avoidpartialspends just after being created. (At worse, just before this call for now)
This will make the code easier to reason about.
There was a problem hiding this comment.
Unfortunately that means either adding a coincontrol.cpp file and moving the constructor there, or adding a dependency on the gArg thing in coincontrol.h, which seems a bit overkill just for this. I'm very open to suggestions though; the short thing is an undesired hack.
src/wallet/coincontrol.h
Outdated
| @@ -30,6 +30,8 @@ class CCoinControl | |||
| boost::optional<CFeeRate> m_feerate; | |||
| //! Override the default confirmation target if set | |||
| boost::optional<unsigned int> m_confirm_target; | |||
| //! Avoid partial use of funds sent to a given address: -1 means default | |||
| short m_avoid_partial_spends; | |||
There was a problem hiding this comment.
what about std::optional<bool> ?
There was a problem hiding this comment.
Ah I forgot we were using boost for that... I would still prefer boost than a short though.
There was a problem hiding this comment.
Changed to using a boost::optional.
I think keeping it off by default for now is reasonable, until we get enough of an idea of the general consensus among people. I suspect, though, that most people won't care, as long as it doesn't give overly huge fee increases.
Also some people have a "permanent" address that they receive payments to over a long period of time (e.g. charities). They also care little about privacy, usually, as their address is publicly tied to them anyway.
Good point. I think the dust limit check can be added to the grouping method fairly easily. |
src/wallet/wallet.cpp
Outdated
| @@ -2421,103 +2421,84 @@ static void ApproximateBestSubset(const std::vector<CInputCoin>& vValue, const C | |||
| } | |||
| } | |||
|
|
|||
| bool CWallet::SelectCoinsMinConf(const CAmount& nTargetValue, const int nConfMine, const int nConfTheirs, const uint64_t nMaxAncestors, std::vector<COutput> vCoins, | |||
There was a problem hiding this comment.
I am unsure yet, but I think you can make the diff way smaller by keeping the old signature of this method and building the OutputGroup at the scope (local variable) of this function only.
There was a problem hiding this comment.
This method doesn't know whether you want single or grouped as it doesn't have coincontrol. Would have to add a bool for that at least. Not sure it'll become smaller though. It'll just move code around.
There was a problem hiding this comment.
So the way I did it with NBitcoin is to keep the concept of group internal to only the method which does coin packing.
If grouping is deactivated, I group by random, that way there is a single code path for everything.
I think it is a way smaller code change because all consumer of SelectCoinsMinConf do not have to change (you can make the bool default to false to keep original behavior)
The concept of group does not make lot's of sense anywhere outside of this method.
There was a problem hiding this comment.
I discussed with @NicolasDorier and we concluded that the current way this is done is okay (NBitcoin does it differently so it made sense there).
kallewoof
force-pushed
the
feature-addrgrouped-coinselect
branch
from
d766814
to
740daf7
Compare
doc/man/bitcoind.1
Outdated
| \fB\-avoidpartialspends\fR | ||
| .IP | ||
| Group outputs by address, selecting all or none, instead of selecting on | ||
| a per\-output basis. Improved privacy as an address is only used |
There was a problem hiding this comment.
would say Privacy is improved as an address...
kallewoof
force-pushed
the
feature-addrgrouped-coinselect
branch
from
9867f16
to
7794150
Compare
kallewoof
force-pushed
the
feature-addrgrouped-coinselect
branch
4 times, most recently
from
2e648f1
to
2f43761
Compare
HashUnlimited
pushed a commit
to HashUnlimited/chaincoin
that referenced
this pull request
Sep 14, 2018
Issue brought up in bitcoin#12257
jfhk
pushed a commit
to jfhk/bitcoin
that referenced
this pull request
Nov 14, 2018
Issue brought up in bitcoin#12257
meshcollider
added a commit
that referenced
this pull request
Jun 18, 2019
5ebc6b0 bitcoind: update -avoidpartialspends description to account for auto-enable for avoid_reuse wallets (Karl-Johan Alm) ada258f doc: release notes for avoid_reuse (Karl-Johan Alm) 2766955 wallet: enable avoid_partial_spends by default if avoid_reuse is set (Karl-Johan Alm) 8f2e208 test: add test for avoidreuse feature (Karl-Johan Alm) 0bdfbd3 wallet/rpc: add 'avoid_reuse' option to RPC commands (Karl-Johan Alm) f904723 wallet/rpc: add setwalletflag RPC and MUTABLE_WALLET_FLAGS (Karl-Johan Alm) 8247a0d wallet: enable avoid_reuse feature (Karl-Johan Alm) eec1566 wallet: avoid reuse flags (Karl-Johan Alm) 5892809 wallet: make IsWalletFlagSet() const (Karl-Johan Alm) 129a5ba wallet: rename g_known_wallet_flags constant to KNOWN_WALLET_FLAGS (Karl-Johan Alm) Pull request description: Add a new wallet flag called `avoid_reuse` which, when enabled, will keep track of when a specific destination has been spent from, and will actively "blacklist" any new UTXOs which send to an already-spent-from destination. This improves privacy, as a payer could otherwise begin tracking a payee's wallet by regularly peppering a known UTXO with dust outputs, which would then be scooped up and used in payments by the payee, allowing the payer to map out (1) the inputs owned by the payee and (2) the destinations to which the payee is making payments. This replaces #10386 and together with the (now merged) #12257 it addresses #10065 in full. The concerns raised in #10386 (comment) are also addressed due to #12257. ~~Note: this builds on top of #15780.~~ (merged) ACKs for commit 5ebc6b: jnewbery: ACK 5ebc6b0 laanwj: Concept and code-review ACK 5ebc6b0 meshcollider: Code review ACK 5ebc6b0 achow101: ACK 5ebc6b0 modulo above nits Tree-SHA512: fdef45826af544cbbb45634ac367852cc467ec87081d86d08b53ca849e588617e9a0a255b7e7bb28692d15332de58d6c3d274ac003355220e4213d7d9070742e
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Jun 19, 2019
…rivacy 5ebc6b0 bitcoind: update -avoidpartialspends description to account for auto-enable for avoid_reuse wallets (Karl-Johan Alm) ada258f doc: release notes for avoid_reuse (Karl-Johan Alm) 2766955 wallet: enable avoid_partial_spends by default if avoid_reuse is set (Karl-Johan Alm) 8f2e208 test: add test for avoidreuse feature (Karl-Johan Alm) 0bdfbd3 wallet/rpc: add 'avoid_reuse' option to RPC commands (Karl-Johan Alm) f904723 wallet/rpc: add setwalletflag RPC and MUTABLE_WALLET_FLAGS (Karl-Johan Alm) 8247a0d wallet: enable avoid_reuse feature (Karl-Johan Alm) eec1566 wallet: avoid reuse flags (Karl-Johan Alm) 5892809 wallet: make IsWalletFlagSet() const (Karl-Johan Alm) 129a5ba wallet: rename g_known_wallet_flags constant to KNOWN_WALLET_FLAGS (Karl-Johan Alm) Pull request description: Add a new wallet flag called `avoid_reuse` which, when enabled, will keep track of when a specific destination has been spent from, and will actively "blacklist" any new UTXOs which send to an already-spent-from destination. This improves privacy, as a payer could otherwise begin tracking a payee's wallet by regularly peppering a known UTXO with dust outputs, which would then be scooped up and used in payments by the payee, allowing the payer to map out (1) the inputs owned by the payee and (2) the destinations to which the payee is making payments. This replaces bitcoin#10386 and together with the (now merged) bitcoin#12257 it addresses bitcoin#10065 in full. The concerns raised in bitcoin#10386 (comment) are also addressed due to bitcoin#12257. ~~Note: this builds on top of bitcoin#15780.~~ (merged) ACKs for commit 5ebc6b: jnewbery: ACK 5ebc6b0 laanwj: Concept and code-review ACK 5ebc6b0 meshcollider: Code review ACK bitcoin@5ebc6b0 achow101: ACK 5ebc6b0 modulo above nits Tree-SHA512: fdef45826af544cbbb45634ac367852cc467ec87081d86d08b53ca849e588617e9a0a255b7e7bb28692d15332de58d6c3d274ac003355220e4213d7d9070742e
jasonbcox
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Jun 28, 2019
Summary: Issue brought up in bitcoin/bitcoin#12257 This is a bacport of Core PR13808 Test Plan: make check Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D3414
jtoomim
pushed a commit
to jtoomim/bitcoin-abc
that referenced
this pull request
Jun 29, 2019
Summary: Issue brought up in bitcoin/bitcoin#12257 This is a bacport of Core PR13808 Test Plan: make check Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D3414
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 17, 2020
…d address 891beb0 [test] fundrawtransaction: lock watch-only shared address (Karl-Johan Alm) Pull request description: `self.nodes[0]` creates an address which is watch-only-shared with `self.nodes[3]`. If `nodes[0]` spends the associated UTXO during any of its sends later, the watchonly test will fail, as `nodes[3]` now has insufficient funds. I ran into this in bitcoin#12257 and this commit is in that PR as well, but I figured I'd split it out (and remove from there once/if merged). Tree-SHA512: d04a04b1ecebe82127cccd47c1b3de311bf07f4b51dff80db20ea2f142e1d5c4a85ed6180c5c0b081d550e238c742e119b953f60f487deac5a3f3536e1a8d9fe
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 27, 2020
…d address 891beb0 [test] fundrawtransaction: lock watch-only shared address (Karl-Johan Alm) Pull request description: `self.nodes[0]` creates an address which is watch-only-shared with `self.nodes[3]`. If `nodes[0]` spends the associated UTXO during any of its sends later, the watchonly test will fail, as `nodes[3]` now has insufficient funds. I ran into this in bitcoin#12257 and this commit is in that PR as well, but I figured I'd split it out (and remove from there once/if merged). Tree-SHA512: d04a04b1ecebe82127cccd47c1b3de311bf07f4b51dff80db20ea2f142e1d5c4a85ed6180c5c0b081d550e238c742e119b953f60f487deac5a3f3536e1a8d9fe
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 28, 2020
…d address 891beb0 [test] fundrawtransaction: lock watch-only shared address (Karl-Johan Alm) Pull request description: `self.nodes[0]` creates an address which is watch-only-shared with `self.nodes[3]`. If `nodes[0]` spends the associated UTXO during any of its sends later, the watchonly test will fail, as `nodes[3]` now has insufficient funds. I ran into this in bitcoin#12257 and this commit is in that PR as well, but I figured I'd split it out (and remove from there once/if merged). Tree-SHA512: d04a04b1ecebe82127cccd47c1b3de311bf07f4b51dff80db20ea2f142e1d5c4a85ed6180c5c0b081d550e238c742e119b953f60f487deac5a3f3536e1a8d9fe
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Jun 29, 2020
…d address 891beb0 [test] fundrawtransaction: lock watch-only shared address (Karl-Johan Alm) Pull request description: `self.nodes[0]` creates an address which is watch-only-shared with `self.nodes[3]`. If `nodes[0]` spends the associated UTXO during any of its sends later, the watchonly test will fail, as `nodes[3]` now has insufficient funds. I ran into this in bitcoin#12257 and this commit is in that PR as well, but I figured I'd split it out (and remove from there once/if merged). Tree-SHA512: d04a04b1ecebe82127cccd47c1b3de311bf07f4b51dff80db20ea2f142e1d5c4a85ed6180c5c0b081d550e238c742e119b953f60f487deac5a3f3536e1a8d9fe
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Feb 2, 2021
… flexible f77e1d3 test: Add MempoolAncestryTests (Karl-Johan Alm) a08d76b mempool: Calculate descendant maximum thoroughly (Karl-Johan Alm) 6d35683 wallet: Switch to using ancestor/descendant limits (Karl-Johan Alm) 6888195 wallet: Strictly greater than for ancestor caps (Karl-Johan Alm) 322b12a Remove deprecated TransactionWithinChainLimit (Karl-Johan Alm) 4784751 Switch to GetTransactionAncestry() in OutputEligibleForSpending (Karl-Johan Alm) 475a385 Add GetTransactionAncestry to CTxMemPool for general purpose chain limit checking (Karl-Johan Alm) 46847d6 mempool: Fix max descendants check (Karl-Johan Alm) b9ef21d mempool: Add explicit max_descendants (Karl-Johan Alm) Pull request description: Currently, `TransactionWithinChainLimit` is restricted to single-output use, and needs to be called every time for different limits. If it is replaced with a chain limit value calculator, that can be called once and reused, and is generally more flexible (see e.g. bitcoin#12257). Update: this PR now corrects usage of max ancestors / max descendants, including calculating the correct max descendant value, as advertised for the two limits. ~~This change also makes `nMaxAncestors` signed, as the replacement method will return `-1` for "not in the mempool", which is different from "0", which means "no ancestors/descendants in mempool".~~ ~~This is a subset of bitcoin#12257.~~ Tree-SHA512: aa59c849360542362b3126c0e29d44d3d58f11898e277d38c034dc4b86a5b4500f77ac61767599ce878c876b5c446fec9c02699797eb2fa41e530ec863a00cf9
PastaPastaPasta
pushed a commit
to PastaPastaPasta/dash
that referenced
this pull request
Feb 4, 2021
… flexible f77e1d3 test: Add MempoolAncestryTests (Karl-Johan Alm) a08d76b mempool: Calculate descendant maximum thoroughly (Karl-Johan Alm) 6d35683 wallet: Switch to using ancestor/descendant limits (Karl-Johan Alm) 6888195 wallet: Strictly greater than for ancestor caps (Karl-Johan Alm) 322b12a Remove deprecated TransactionWithinChainLimit (Karl-Johan Alm) 4784751 Switch to GetTransactionAncestry() in OutputEligibleForSpending (Karl-Johan Alm) 475a385 Add GetTransactionAncestry to CTxMemPool for general purpose chain limit checking (Karl-Johan Alm) 46847d6 mempool: Fix max descendants check (Karl-Johan Alm) b9ef21d mempool: Add explicit max_descendants (Karl-Johan Alm) Pull request description: Currently, `TransactionWithinChainLimit` is restricted to single-output use, and needs to be called every time for different limits. If it is replaced with a chain limit value calculator, that can be called once and reused, and is generally more flexible (see e.g. bitcoin#12257). Update: this PR now corrects usage of max ancestors / max descendants, including calculating the correct max descendant value, as advertised for the two limits. ~~This change also makes `nMaxAncestors` signed, as the replacement method will return `-1` for "not in the mempool", which is different from "0", which means "no ancestors/descendants in mempool".~~ ~~This is a subset of bitcoin#12257.~~ Tree-SHA512: aa59c849360542362b3126c0e29d44d3d58f11898e277d38c034dc4b86a5b4500f77ac61767599ce878c876b5c446fec9c02699797eb2fa41e530ec863a00cf9
Munkybooty
pushed a commit
to Munkybooty/dash
that referenced
this pull request
Jun 15, 2021
… in coin select 232f96f doc: Add release notes for -avoidpartialspends (Karl-Johan Alm) e00b469 clean-up: Remove no longer used ivars from CInputCoin (Karl-Johan Alm) 43e04d1 wallet: Remove deprecated OutputEligibleForSpending (Karl-Johan Alm) 0128121 test: Add basic testing for wallet groups (Karl-Johan Alm) 59d6f7b wallet: Switch to using output groups instead of coins in coin selection (Karl-Johan Alm) 87ebce2 wallet: Add output grouping (Karl-Johan Alm) bb629cb Add -avoidpartialspends and m_avoid_partial_spends (Karl-Johan Alm) 65b3eda wallet: Add input bytes to CInputCoin (Karl-Johan Alm) a443d7a moveonly: CoinElegibilityFilter into coinselection.h (Karl-Johan Alm) 173e18a utils: Add insert() convenience templates (Karl-Johan Alm) Pull request description: This PR adds an optional (off by default) `-avoidpartialspends` flag, which changes coin select to use output groups rather than outputs, where each output group corresponds to all outputs with the same destination. It is a privacy improvement, as each time you spend some output, any other output that is publicly associated with the destination (address) will also be spent at the same time, at the cost of fee increase for cases where coin select without group restriction would find a more optimal set of coins (see example below). For regular use without address reuse, this PR should have no effect on the user experience whatsoever; it only affects users who, for some reason, have multiple outputs with the same destination (i.e. address reuse). Nodes with this turned off will still try to avoid partial spending, if the fee of the resulting transaction is not greater than the fee of the original transaction. Example: a node has four outputs linked to two addresses `A` and `B`: * 1.0 btc to `A` * 0.5 btc to `A` * 1.0 btc to `B` * 0.5 btc to `B` The node sends 0.2 btc to `C`. Without `-avoidpartialspends`, the following coin selection will occur: * 0.5 btc to `A` or `B` is picked * 0.2 btc is output to `C` * 0.3 - fee is output to (unique change address) With `-avoidpartialspends`, the following will instead happen: * Both of (0.5, 1.0) btc to `A` or `B` is picked (one or the other pair) * 0.2 btc is output to `C` * 1.3 - fee is output to (unique change address) As noted, the pro here is that, assuming nobody sends to the address after you spend from it, you will only ever use one address once. The con is that the transaction becomes slightly larger in this case, because it is overpicking outputs to adhere to the no partial spending rule. This complements bitcoin#10386, in particular it addresses @luke-jr and @gmaxwell's concerns in bitcoin#10386 (comment) and bitcoin#10386 (comment). Together with `-avoidreuse`, this fully addresses the concerns in bitcoin#10065 I believe. Tree-SHA512: 24687a4490ba59cf4198ed90052944ff4996653a4257833bb52ed24d058b3e924800c9b3790aeb6be6385b653b49e304453e5d7ff960e64c682fc23bfc447621 # Conflicts: # src/Makefile.am # src/bench/coin_selection.cpp # src/wallet/coincontrol.h # src/wallet/coinselection.cpp # src/wallet/coinselection.h # src/wallet/init.cpp # src/wallet/test/coinselector_tests.cpp # src/wallet/wallet.cpp # src/wallet/wallet.h # test/functional/test_runner.py
Munkybooty
pushed a commit
to Munkybooty/dash
that referenced
this pull request
Jun 15, 2021
… in coin select 232f96f doc: Add release notes for -avoidpartialspends (Karl-Johan Alm) e00b469 clean-up: Remove no longer used ivars from CInputCoin (Karl-Johan Alm) 43e04d1 wallet: Remove deprecated OutputEligibleForSpending (Karl-Johan Alm) 0128121 test: Add basic testing for wallet groups (Karl-Johan Alm) 59d6f7b wallet: Switch to using output groups instead of coins in coin selection (Karl-Johan Alm) 87ebce2 wallet: Add output grouping (Karl-Johan Alm) bb629cb Add -avoidpartialspends and m_avoid_partial_spends (Karl-Johan Alm) 65b3eda wallet: Add input bytes to CInputCoin (Karl-Johan Alm) a443d7a moveonly: CoinElegibilityFilter into coinselection.h (Karl-Johan Alm) 173e18a utils: Add insert() convenience templates (Karl-Johan Alm) Pull request description: This PR adds an optional (off by default) `-avoidpartialspends` flag, which changes coin select to use output groups rather than outputs, where each output group corresponds to all outputs with the same destination. It is a privacy improvement, as each time you spend some output, any other output that is publicly associated with the destination (address) will also be spent at the same time, at the cost of fee increase for cases where coin select without group restriction would find a more optimal set of coins (see example below). For regular use without address reuse, this PR should have no effect on the user experience whatsoever; it only affects users who, for some reason, have multiple outputs with the same destination (i.e. address reuse). Nodes with this turned off will still try to avoid partial spending, if the fee of the resulting transaction is not greater than the fee of the original transaction. Example: a node has four outputs linked to two addresses `A` and `B`: * 1.0 btc to `A` * 0.5 btc to `A` * 1.0 btc to `B` * 0.5 btc to `B` The node sends 0.2 btc to `C`. Without `-avoidpartialspends`, the following coin selection will occur: * 0.5 btc to `A` or `B` is picked * 0.2 btc is output to `C` * 0.3 - fee is output to (unique change address) With `-avoidpartialspends`, the following will instead happen: * Both of (0.5, 1.0) btc to `A` or `B` is picked (one or the other pair) * 0.2 btc is output to `C` * 1.3 - fee is output to (unique change address) As noted, the pro here is that, assuming nobody sends to the address after you spend from it, you will only ever use one address once. The con is that the transaction becomes slightly larger in this case, because it is overpicking outputs to adhere to the no partial spending rule. This complements bitcoin#10386, in particular it addresses @luke-jr and @gmaxwell's concerns in bitcoin#10386 (comment) and bitcoin#10386 (comment). Together with `-avoidreuse`, this fully addresses the concerns in bitcoin#10065 I believe. Tree-SHA512: 24687a4490ba59cf4198ed90052944ff4996653a4257833bb52ed24d058b3e924800c9b3790aeb6be6385b653b49e304453e5d7ff960e64c682fc23bfc447621 # Conflicts: # src/Makefile.am # src/bench/coin_selection.cpp # src/wallet/coincontrol.h # src/wallet/coinselection.cpp # src/wallet/coinselection.h # src/wallet/init.cpp # src/wallet/test/coinselector_tests.cpp # src/wallet/wallet.cpp # src/wallet/wallet.h # test/functional/test_runner.py
Munkybooty
pushed a commit
to Munkybooty/dash
that referenced
this pull request
Jun 16, 2021
… in coin select 232f96f doc: Add release notes for -avoidpartialspends (Karl-Johan Alm) e00b469 clean-up: Remove no longer used ivars from CInputCoin (Karl-Johan Alm) 43e04d1 wallet: Remove deprecated OutputEligibleForSpending (Karl-Johan Alm) 0128121 test: Add basic testing for wallet groups (Karl-Johan Alm) 59d6f7b wallet: Switch to using output groups instead of coins in coin selection (Karl-Johan Alm) 87ebce2 wallet: Add output grouping (Karl-Johan Alm) bb629cb Add -avoidpartialspends and m_avoid_partial_spends (Karl-Johan Alm) 65b3eda wallet: Add input bytes to CInputCoin (Karl-Johan Alm) a443d7a moveonly: CoinElegibilityFilter into coinselection.h (Karl-Johan Alm) 173e18a utils: Add insert() convenience templates (Karl-Johan Alm) Pull request description: This PR adds an optional (off by default) `-avoidpartialspends` flag, which changes coin select to use output groups rather than outputs, where each output group corresponds to all outputs with the same destination. It is a privacy improvement, as each time you spend some output, any other output that is publicly associated with the destination (address) will also be spent at the same time, at the cost of fee increase for cases where coin select without group restriction would find a more optimal set of coins (see example below). For regular use without address reuse, this PR should have no effect on the user experience whatsoever; it only affects users who, for some reason, have multiple outputs with the same destination (i.e. address reuse). Nodes with this turned off will still try to avoid partial spending, if the fee of the resulting transaction is not greater than the fee of the original transaction. Example: a node has four outputs linked to two addresses `A` and `B`: * 1.0 btc to `A` * 0.5 btc to `A` * 1.0 btc to `B` * 0.5 btc to `B` The node sends 0.2 btc to `C`. Without `-avoidpartialspends`, the following coin selection will occur: * 0.5 btc to `A` or `B` is picked * 0.2 btc is output to `C` * 0.3 - fee is output to (unique change address) With `-avoidpartialspends`, the following will instead happen: * Both of (0.5, 1.0) btc to `A` or `B` is picked (one or the other pair) * 0.2 btc is output to `C` * 1.3 - fee is output to (unique change address) As noted, the pro here is that, assuming nobody sends to the address after you spend from it, you will only ever use one address once. The con is that the transaction becomes slightly larger in this case, because it is overpicking outputs to adhere to the no partial spending rule. This complements bitcoin#10386, in particular it addresses @luke-jr and @gmaxwell's concerns in bitcoin#10386 (comment) and bitcoin#10386 (comment). Together with `-avoidreuse`, this fully addresses the concerns in bitcoin#10065 I believe. Tree-SHA512: 24687a4490ba59cf4198ed90052944ff4996653a4257833bb52ed24d058b3e924800c9b3790aeb6be6385b653b49e304453e5d7ff960e64c682fc23bfc447621 # Conflicts: # src/Makefile.am # src/bench/coin_selection.cpp # src/wallet/coincontrol.h # src/wallet/coinselection.cpp # src/wallet/coinselection.h # src/wallet/init.cpp # src/wallet/test/coinselector_tests.cpp # src/wallet/wallet.cpp # src/wallet/wallet.h # test/functional/test_runner.py
Munkybooty
pushed a commit
to Munkybooty/dash
that referenced
this pull request
Jun 22, 2021
… in coin select 232f96f doc: Add release notes for -avoidpartialspends (Karl-Johan Alm) e00b469 clean-up: Remove no longer used ivars from CInputCoin (Karl-Johan Alm) 43e04d1 wallet: Remove deprecated OutputEligibleForSpending (Karl-Johan Alm) 0128121 test: Add basic testing for wallet groups (Karl-Johan Alm) 59d6f7b wallet: Switch to using output groups instead of coins in coin selection (Karl-Johan Alm) 87ebce2 wallet: Add output grouping (Karl-Johan Alm) bb629cb Add -avoidpartialspends and m_avoid_partial_spends (Karl-Johan Alm) 65b3eda wallet: Add input bytes to CInputCoin (Karl-Johan Alm) a443d7a moveonly: CoinElegibilityFilter into coinselection.h (Karl-Johan Alm) 173e18a utils: Add insert() convenience templates (Karl-Johan Alm) Pull request description: This PR adds an optional (off by default) `-avoidpartialspends` flag, which changes coin select to use output groups rather than outputs, where each output group corresponds to all outputs with the same destination. It is a privacy improvement, as each time you spend some output, any other output that is publicly associated with the destination (address) will also be spent at the same time, at the cost of fee increase for cases where coin select without group restriction would find a more optimal set of coins (see example below). For regular use without address reuse, this PR should have no effect on the user experience whatsoever; it only affects users who, for some reason, have multiple outputs with the same destination (i.e. address reuse). Nodes with this turned off will still try to avoid partial spending, if the fee of the resulting transaction is not greater than the fee of the original transaction. Example: a node has four outputs linked to two addresses `A` and `B`: * 1.0 btc to `A` * 0.5 btc to `A` * 1.0 btc to `B` * 0.5 btc to `B` The node sends 0.2 btc to `C`. Without `-avoidpartialspends`, the following coin selection will occur: * 0.5 btc to `A` or `B` is picked * 0.2 btc is output to `C` * 0.3 - fee is output to (unique change address) With `-avoidpartialspends`, the following will instead happen: * Both of (0.5, 1.0) btc to `A` or `B` is picked (one or the other pair) * 0.2 btc is output to `C` * 1.3 - fee is output to (unique change address) As noted, the pro here is that, assuming nobody sends to the address after you spend from it, you will only ever use one address once. The con is that the transaction becomes slightly larger in this case, because it is overpicking outputs to adhere to the no partial spending rule. This complements bitcoin#10386, in particular it addresses @luke-jr and @gmaxwell's concerns in bitcoin#10386 (comment) and bitcoin#10386 (comment). Together with `-avoidreuse`, this fully addresses the concerns in bitcoin#10065 I believe. Tree-SHA512: 24687a4490ba59cf4198ed90052944ff4996653a4257833bb52ed24d058b3e924800c9b3790aeb6be6385b653b49e304453e5d7ff960e64c682fc23bfc447621 # Conflicts: # src/Makefile.am # src/bench/coin_selection.cpp # src/wallet/coincontrol.h # src/wallet/coinselection.cpp # src/wallet/coinselection.h # src/wallet/init.cpp # src/wallet/test/coinselector_tests.cpp # src/wallet/wallet.cpp # src/wallet/wallet.h # test/functional/test_runner.py
Munkybooty
pushed a commit
to Munkybooty/dash
that referenced
this pull request
Jun 24, 2021
… in coin select 232f96f doc: Add release notes for -avoidpartialspends (Karl-Johan Alm) e00b469 clean-up: Remove no longer used ivars from CInputCoin (Karl-Johan Alm) 43e04d1 wallet: Remove deprecated OutputEligibleForSpending (Karl-Johan Alm) 0128121 test: Add basic testing for wallet groups (Karl-Johan Alm) 59d6f7b wallet: Switch to using output groups instead of coins in coin selection (Karl-Johan Alm) 87ebce2 wallet: Add output grouping (Karl-Johan Alm) bb629cb Add -avoidpartialspends and m_avoid_partial_spends (Karl-Johan Alm) 65b3eda wallet: Add input bytes to CInputCoin (Karl-Johan Alm) a443d7a moveonly: CoinElegibilityFilter into coinselection.h (Karl-Johan Alm) 173e18a utils: Add insert() convenience templates (Karl-Johan Alm) Pull request description: This PR adds an optional (off by default) `-avoidpartialspends` flag, which changes coin select to use output groups rather than outputs, where each output group corresponds to all outputs with the same destination. It is a privacy improvement, as each time you spend some output, any other output that is publicly associated with the destination (address) will also be spent at the same time, at the cost of fee increase for cases where coin select without group restriction would find a more optimal set of coins (see example below). For regular use without address reuse, this PR should have no effect on the user experience whatsoever; it only affects users who, for some reason, have multiple outputs with the same destination (i.e. address reuse). Nodes with this turned off will still try to avoid partial spending, if the fee of the resulting transaction is not greater than the fee of the original transaction. Example: a node has four outputs linked to two addresses `A` and `B`: * 1.0 btc to `A` * 0.5 btc to `A` * 1.0 btc to `B` * 0.5 btc to `B` The node sends 0.2 btc to `C`. Without `-avoidpartialspends`, the following coin selection will occur: * 0.5 btc to `A` or `B` is picked * 0.2 btc is output to `C` * 0.3 - fee is output to (unique change address) With `-avoidpartialspends`, the following will instead happen: * Both of (0.5, 1.0) btc to `A` or `B` is picked (one or the other pair) * 0.2 btc is output to `C` * 1.3 - fee is output to (unique change address) As noted, the pro here is that, assuming nobody sends to the address after you spend from it, you will only ever use one address once. The con is that the transaction becomes slightly larger in this case, because it is overpicking outputs to adhere to the no partial spending rule. This complements bitcoin#10386, in particular it addresses @luke-jr and @gmaxwell's concerns in bitcoin#10386 (comment) and bitcoin#10386 (comment). Together with `-avoidreuse`, this fully addresses the concerns in bitcoin#10065 I believe. Tree-SHA512: 24687a4490ba59cf4198ed90052944ff4996653a4257833bb52ed24d058b3e924800c9b3790aeb6be6385b653b49e304453e5d7ff960e64c682fc23bfc447621 # Conflicts: # src/Makefile.am # src/bench/coin_selection.cpp # src/wallet/coincontrol.h # src/wallet/coinselection.cpp # src/wallet/coinselection.h # src/wallet/init.cpp # src/wallet/test/coinselector_tests.cpp # src/wallet/wallet.cpp # src/wallet/wallet.h # test/functional/test_runner.py
Munkybooty
pushed a commit
to Munkybooty/dash
that referenced
this pull request
Jun 24, 2021
… in coin select 232f96f doc: Add release notes for -avoidpartialspends (Karl-Johan Alm) e00b469 clean-up: Remove no longer used ivars from CInputCoin (Karl-Johan Alm) 43e04d1 wallet: Remove deprecated OutputEligibleForSpending (Karl-Johan Alm) 0128121 test: Add basic testing for wallet groups (Karl-Johan Alm) 59d6f7b wallet: Switch to using output groups instead of coins in coin selection (Karl-Johan Alm) 87ebce2 wallet: Add output grouping (Karl-Johan Alm) bb629cb Add -avoidpartialspends and m_avoid_partial_spends (Karl-Johan Alm) 65b3eda wallet: Add input bytes to CInputCoin (Karl-Johan Alm) a443d7a moveonly: CoinElegibilityFilter into coinselection.h (Karl-Johan Alm) 173e18a utils: Add insert() convenience templates (Karl-Johan Alm) Pull request description: This PR adds an optional (off by default) `-avoidpartialspends` flag, which changes coin select to use output groups rather than outputs, where each output group corresponds to all outputs with the same destination. It is a privacy improvement, as each time you spend some output, any other output that is publicly associated with the destination (address) will also be spent at the same time, at the cost of fee increase for cases where coin select without group restriction would find a more optimal set of coins (see example below). For regular use without address reuse, this PR should have no effect on the user experience whatsoever; it only affects users who, for some reason, have multiple outputs with the same destination (i.e. address reuse). Nodes with this turned off will still try to avoid partial spending, if the fee of the resulting transaction is not greater than the fee of the original transaction. Example: a node has four outputs linked to two addresses `A` and `B`: * 1.0 btc to `A` * 0.5 btc to `A` * 1.0 btc to `B` * 0.5 btc to `B` The node sends 0.2 btc to `C`. Without `-avoidpartialspends`, the following coin selection will occur: * 0.5 btc to `A` or `B` is picked * 0.2 btc is output to `C` * 0.3 - fee is output to (unique change address) With `-avoidpartialspends`, the following will instead happen: * Both of (0.5, 1.0) btc to `A` or `B` is picked (one or the other pair) * 0.2 btc is output to `C` * 1.3 - fee is output to (unique change address) As noted, the pro here is that, assuming nobody sends to the address after you spend from it, you will only ever use one address once. The con is that the transaction becomes slightly larger in this case, because it is overpicking outputs to adhere to the no partial spending rule. This complements bitcoin#10386, in particular it addresses @luke-jr and @gmaxwell's concerns in bitcoin#10386 (comment) and bitcoin#10386 (comment). Together with `-avoidreuse`, this fully addresses the concerns in bitcoin#10065 I believe. Tree-SHA512: 24687a4490ba59cf4198ed90052944ff4996653a4257833bb52ed24d058b3e924800c9b3790aeb6be6385b653b49e304453e5d7ff960e64c682fc23bfc447621 # Conflicts: # src/Makefile.am # src/bench/coin_selection.cpp # src/wallet/coincontrol.h # src/wallet/coinselection.cpp # src/wallet/coinselection.h # src/wallet/init.cpp # src/wallet/test/coinselector_tests.cpp # src/wallet/wallet.cpp # src/wallet/wallet.h # test/functional/test_runner.py
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Jul 4, 2021
…output groups 23fbbb1 wallet: sum ancestors rather than taking max in output groups (Karl-Johan Alm) Pull request description: This is pointed out in bitcoin#12257 (comment). Basically, the ancestors gives an indication as to how many ancestors the resulting transaction will have, which is more precise when summing up the values, rather than taking the maximum, since all the coins in the group will become ancestors if selected. Tree-SHA512: 0588c4b6059669650614817e041526a2ab89dda8c07fca8e077c7669dca1fed51cd164f7df56340840ab60285d48f3b140dcee64f64bf696b2dd4ab16d556a13
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Jul 4, 2021
…ranted 18f690e wallet: shuffle coins before grouping, where warranted (Karl-Johan Alm) Pull request description: Coins are randomly shuffled in coin selection to avoid unintentional privacy leaks regarding the user's coin set. For the case where a user has a lot of coins with the same destination, these will be grouped into groups of 10 *before* the shuffling. It is unclear whether this has any implications at all, but this PR plugs the potential issue, if there ever is one, by shuffling the coins before they are grouped. Issue brought up in bitcoin#12257 (comment) Tree-SHA512: fb50ed4b5fc03ab4853d45b76e1c64476ad5bcd797497179bc37b9262885c974ed6811159fd8e581f1461b6cc6d0a66146f4b70a2777c0f5e818d1322e0edb89
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Jul 6, 2021
…output groups 23fbbb1 wallet: sum ancestors rather than taking max in output groups (Karl-Johan Alm) Pull request description: This is pointed out in bitcoin#12257 (comment). Basically, the ancestors gives an indication as to how many ancestors the resulting transaction will have, which is more precise when summing up the values, rather than taking the maximum, since all the coins in the group will become ancestors if selected. Tree-SHA512: 0588c4b6059669650614817e041526a2ab89dda8c07fca8e077c7669dca1fed51cd164f7df56340840ab60285d48f3b140dcee64f64bf696b2dd4ab16d556a13
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Jul 6, 2021
…ranted 18f690e wallet: shuffle coins before grouping, where warranted (Karl-Johan Alm) Pull request description: Coins are randomly shuffled in coin selection to avoid unintentional privacy leaks regarding the user's coin set. For the case where a user has a lot of coins with the same destination, these will be grouped into groups of 10 *before* the shuffling. It is unclear whether this has any implications at all, but this PR plugs the potential issue, if there ever is one, by shuffling the coins before they are grouped. Issue brought up in bitcoin#12257 (comment) Tree-SHA512: fb50ed4b5fc03ab4853d45b76e1c64476ad5bcd797497179bc37b9262885c974ed6811159fd8e581f1461b6cc6d0a66146f4b70a2777c0f5e818d1322e0edb89
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Jul 6, 2021
…output groups 23fbbb1 wallet: sum ancestors rather than taking max in output groups (Karl-Johan Alm) Pull request description: This is pointed out in bitcoin#12257 (comment). Basically, the ancestors gives an indication as to how many ancestors the resulting transaction will have, which is more precise when summing up the values, rather than taking the maximum, since all the coins in the group will become ancestors if selected. Tree-SHA512: 0588c4b6059669650614817e041526a2ab89dda8c07fca8e077c7669dca1fed51cd164f7df56340840ab60285d48f3b140dcee64f64bf696b2dd4ab16d556a13
UdjinM6
pushed a commit
to UdjinM6/dash
that referenced
this pull request
Jul 6, 2021
…ranted 18f690e wallet: shuffle coins before grouping, where warranted (Karl-Johan Alm) Pull request description: Coins are randomly shuffled in coin selection to avoid unintentional privacy leaks regarding the user's coin set. For the case where a user has a lot of coins with the same destination, these will be grouped into groups of 10 *before* the shuffling. It is unclear whether this has any implications at all, but this PR plugs the potential issue, if there ever is one, by shuffling the coins before they are grouped. Issue brought up in bitcoin#12257 (comment) Tree-SHA512: fb50ed4b5fc03ab4853d45b76e1c64476ad5bcd797497179bc37b9262885c974ed6811159fd8e581f1461b6cc6d0a66146f4b70a2777c0f5e818d1322e0edb89
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds an optional (off by default)
-avoidpartialspendsflag, which changes coin select to use output groups rather than outputs, where each output group corresponds to all outputs with the same destination.It is a privacy improvement, as each time you spend some output, any other output that is publicly associated with the destination (address) will also be spent at the same time, at the cost of fee increase for cases where coin select without group restriction would find a more optimal set of coins (see example below).
For regular use without address reuse, this PR should have no effect on the user experience whatsoever; it only affects users who, for some reason, have multiple outputs with the same destination (i.e. address reuse).
Nodes with this turned off will still try to avoid partial spending, if the fee of the resulting transaction is not greater than the fee of the original transaction.
Example: a node has four outputs linked to two addresses
AandB:AABBThe node sends 0.2 btc to
C. Without-avoidpartialspends, the following coin selection will occur:AorBis pickedCWith
-avoidpartialspends, the following will instead happen:AorBis picked (one or the other pair)CAs noted, the pro here is that, assuming nobody sends to the address after you spend from it, you will only ever use one address once. The con is that the transaction becomes slightly larger in this case, because it is overpicking outputs to adhere to the no partial spending rule.
This complements #10386, in particular it addresses @luke-jr and @gmaxwell's concerns in #10386 (comment) and #10386 (comment).
Together with
-avoidreuse, this fully addresses the concerns in #10065 I believe.