Change (utxo) address type output should match the spend address type

trezor / trezor-suite

Trezor Suite Monorepo

https://trezor.io/trezor-suite

Other

706 stars 247 forks source link

Change (utxo) address type output should match the spend address type #3168

Closed ghost closed 3 years ago

ghost commented 3 years ago

Is your feature request related to a problem? Please describe.

This creates privacy issue. It allows to clearly distinguish the change from the amount spend.

Describe the solution you'd like

Match change address type with spend-to address type.

Describe alternatives you've considered

I don't see any.

Additional context

For example Samurai Wallet has this feature called: Receive change to like-typed output turned ON by default.

prusnak commented 3 years ago

This unfortunately violates BIP44 standard :-/

This will be eventually sorted out when all switch to Bech32 addresses

ghost commented 3 years ago

Thank you for info. Do I understand it coreectly, that Samouri is violating standard but it "just works"?

Edit:

I am reading through BIP44 and I see this

Constant 0 is used for external chain and constant 1 for internal chain...

This means the change and payment are defined by its output position.

This itself is quite bad for privacy? Do I understand it correctly?

prusnak commented 3 years ago

Thank you for info. Do I understand it coreectly, that Samouri is violating standard but it "just works"?

I am not sure they even claim they are BIP44/BIP84 compatible wallet. Do they?

This itself is quite bad for privacy?

Why do you think so?

ghost commented 3 years ago

When I know which output is the spend and which is the change I can determine with 100% accuracy, that multiple spends were made by the very same person (wallet owner).

Lets assume I have 1 BTC at address A.

I will buy a beer.

A ---->

Beer spend: 0.0001 -> to address B
Change: 0.9999 (minus fee) -> to address C.

Now by BIP44 I can be sure that both addresses A and C are owned by same person.

I can be sure that future spends from C address are made by same person who did the "to address B" spend.

prusnak commented 3 years ago

You misunderstood. The constants 0 and 1 are for BIP32 derivation, not position of the outputs. Outputs are sorted via BIP69 (by their script).

ghost commented 3 years ago

Cool, thank you for explanation and sorry for the confusion.

However the issue with address types is still there.

I would object, that waiting for all wallets to use correct format would be never-ending waiting.

prusnak commented 3 years ago

Well, you can always send coins to native segwit address from native segwit account and to p2sh-segwit address from a p2sh-segwit account. I don't think there is a better solution without violating standards describing discovery of the accounts (bip44, bip49, bip84).

I am closing this as this is a non-actionable issue at the moment.