Published on: 2015-06-15T21:42:14+00:00
Kristov Atlas has written a draft of a BIP to standardize the sorting of transaction inputs and outputs for privacy and security reasons. He has received feedback from colleagues privately but is now looking for feedback from a wider audience before assigning a BIP number and having it accepted into https://github.com/bitcoin/bips. Rusty Russell has modified his implementation to match Kristov's proposal, which can be found at https://github.com/rustyrussell/bitcoin/tree/bip-69. BIP 79 has been implemented in the latest release of Electrum, version 2.3.2. Kristov Atlas made a pull request to add this as an informational BIP 79 to the bips directory. The purpose of BIP 79 is to establish a deterministic order for transaction input and output values so that transactions can be more easily verified by nodes. It applies to all transactions where the order of inputs and outputs does not matter and SIGHASH_ALL is used. In the case where SIGHASH_ANYONECANPAY or SIGHASH_NONE has been used, compliant software should still emit transactions with sorted inputs and outputs, even though they may later be modified by others. Future protocol upgrades introducing new signature hash types should apply the lexicographic ordering principle analogously. In 2015, Kristov Atlas made a pull request to add an informational BIP 79 to the bips directory. Peter Todd suggested that the use-case of SIGHASH_SINGLE was highly specialized and that it would be better to stick to the use-cases where the need is clear and there exist running code. Todd advised presenting the BIP in terms of a generic statement with a focus on the fact that the spirit of what the BIP is about is applicable, and future standards should be developed. Todd also recommended removing the "handling input/output deps" section. As for the actual ordering algorithm, Todd suggested sorting txids as little-endian byte arrays and outputs by largest/smallest amount first. Additionally, he stated that amounts are 8 bytes, while P2PKH scriptPubKeys are 25 bytes.Kristov Atlas has made requested changes to the BIP and sample code in response to Peter Todd's feedback. The discussion between the two revolved around the applicability of SIGHASH_SINGLE, with Todd suggesting that it is better to present the BIP in terms of a generic statement, while Atlas updated the language accordingly. Todd also recommended removing the "handling input/output deps" section. Additionally, Todd suggested simplifying the ordering algorithm by sorting txids as little-endian byte arrays using the bytearr_cmp() function, and sorting outputs by output amount instead of P2PKH locking script. He also pointed out an error in the statement about the number of bytes in amounts and P2PKH locking script.In an email exchange between Kristov Atlas and Peter Todd on June 8, 2015, they discussed the applicability of a BIP (Bitcoin Improvement Proposal) that covers all transactions where the order of inputs and outputs do not matter. They agreed to simplify the language in the proposal to state that such use cases are out of scope for the BIP since there are numerous possible scenarios that cannot be predicted. The BIP applies to transactions where SIGHASH_ALL is used, with the exact input and output order committed to by signatures. In the case of SIGHASH_ANYONECANPAY or SIGHASH_NONE, compliant software should still emit sorted inputs and outputs, although these may later be modified by others. If new signature hash types are introduced in the future, the lexicographic ordering principle should be applied analogously. Protocols requiring a specified input/output order should consider adapting the goals of this BIP to their specific needs.Regarding a patch implementing deterministic transaction ordering for Bitcoin Core, Todd offered to take care of it since he is a frequent code committer, but if no one else does, Atlas will do it. Todd also suggested changes to the actual ordering algorithm, recommending that txids be sorted as little-endian byte arrays instead of with the hex-based algorithm and that scriptPubkeys be used instead of locking scripts.In this context, the author Kristov has removed a certain part of the discussion regarding IsStandard() rules and soft forks. The latest version of the discussion can be found on the provided link to the GitHub repository where the BIP-LI01 document is located. It is suggested to leave the discussion on these topics out for now.In this email thread, Peter Todd provides feedback on a Bitcoin Improvement Proposal (BIP) related to transaction ordering. He questions the mention of SIGHASH_SINGLE and suggests focusing on generic statements rather than speculating too much on future uses. He recommends presenting the BIP in terms of a generic statement that specifies two common cases in detail. The updated language is provided for the BIP.
Updated on: 2023-08-01T13:03:29.878353+00:00