| 
									
										
										
										
											2015-11-30 16:40:31 -08:00
										 |  |  | <pre> | 
					
						
							| 
									
										
										
										
											2016-01-19 01:37:57 +00:00
										 |  |  |   BIP: 131 | 
					
						
							| 
									
										
										
										
											2016-11-30 09:45:33 +00:00
										 |  |  |   Layer: Consensus (hard fork) | 
					
						
							| 
									
										
										
										
											2015-12-04 14:32:24 -08:00
										 |  |  |   Title: "Coalescing Transaction" Specification (wildcard inputs) | 
					
						
							| 
									
										
										
										
											2015-11-30 16:40:31 -08:00
										 |  |  |   Author: Chris Priest <cp368202@ohiou.edu> | 
					
						
							| 
									
										
										
										
											2016-11-30 09:47:31 +00:00
										 |  |  |   Comments-Summary: No comments yet. | 
					
						
							|  |  |  |   Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0131 | 
					
						
							| 
									
										
										
										
											2015-11-30 16:40:31 -08:00
										 |  |  |   Status: Draft | 
					
						
							|  |  |  |   Type: Standards Track | 
					
						
							|  |  |  |   Created: 2015-11-30 | 
					
						
							| 
									
										
										
										
											2016-11-30 09:47:31 +00:00
										 |  |  |   License: PD | 
					
						
							| 
									
										
										
										
											2015-11-30 16:40:31 -08:00
										 |  |  | </pre> | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ==Abstract== | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | This specification defines a new type of transaction that supplements (not replaces) | 
					
						
							| 
									
										
										
										
											2015-12-04 14:32:24 -08:00
										 |  |  | normal "non coalescing" bitcoin transactions. | 
					
						
							| 
									
										
										
										
											2015-11-30 16:40:31 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | ==Motivation== | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-04 14:32:24 -08:00
										 |  |  | Normal "non-coalescing" Bitcoin Transactions have one large inefficiency: When you want to spend | 
					
						
							| 
									
										
										
										
											2015-12-02 14:44:26 -08:00
										 |  |  | from multiple inputs with the exact same scriptPubKey, you have to list each | 
					
						
							| 
									
										
										
										
											2015-12-04 14:32:24 -08:00
										 |  |  | input separately, along with the same signature multiple times, even though the signature expresses the same information. | 
					
						
							| 
									
										
										
										
											2015-12-01 13:14:55 -08:00
										 |  |  | This bloats the transaction size and makes it expensive to spend from small value inputs. | 
					
						
							| 
									
										
										
										
											2015-11-30 16:40:31 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | Because small value inputs are expensive to send, they remain in the UTXO pool | 
					
						
							|  |  |  | which full nodes have to keep around. It is believed that long term increase of the UTXO | 
					
						
							|  |  |  | set can have negative scaling consequences on the network. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-02 14:44:26 -08:00
										 |  |  | If maximum blocksize is made to increase *slower* than the actual number of transactions bitcoin users are sending | 
					
						
							|  |  |  | to the network, this problem is projected to get worse. In other words, as transaction | 
					
						
							|  |  |  | fees increase, the minimum economical value of a spending a UTXO will increase. | 
					
						
							| 
									
										
										
										
											2015-12-01 13:14:55 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-11-30 16:40:31 -08:00
										 |  |  | ==Specification== | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-04 14:32:24 -08:00
										 |  |  | === Redefinition of Transaction version === | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-04 14:34:53 -08:00
										 |  |  | First, this BIP redefines the version field on transactions. The first four bytes | 
					
						
							| 
									
										
										
										
											2015-12-04 14:32:24 -08:00
										 |  |  | are defined as the version number, while the last four bytes are defined as the | 
					
						
							|  |  |  | transaction type. Type "0000" denotes normal transactions, and "0001" defines | 
					
						
							|  |  |  | coalescing transaction. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | Examples: | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | version 1 transaction with normal inputs: | 
					
						
							| 
									
										
										
										
											2015-12-04 14:41:46 -08:00
										 |  |  |     version: 10000000 | 
					
						
							| 
									
										
										
										
											2015-12-04 14:32:24 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | version 2 transaction with normal inputs: | 
					
						
							| 
									
										
										
										
											2015-12-04 14:41:46 -08:00
										 |  |  |     version: 20000000 | 
					
						
							| 
									
										
										
										
											2015-12-04 14:32:24 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | version 2 transaction with coalescing inputs: | 
					
						
							| 
									
										
										
										
											2015-12-04 14:41:46 -08:00
										 |  |  |     version: 20000001 | 
					
						
							| 
									
										
										
										
											2015-12-04 14:32:24 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | Essentially the last bit in the version field is set to 1 to enable wildcard inputs for all | 
					
						
							|  |  |  | inputs present in the transaction. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-04 14:40:38 -08:00
										 |  |  | === Wildcard inputs === | 
					
						
							| 
									
										
										
										
											2015-12-04 14:32:24 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | A coalescing transaction is formulated the exact same way as a version 1 transaction | 
					
						
							| 
									
										
										
										
											2015-11-30 16:40:31 -08:00
										 |  |  | with one exception: each input is treated as a "wildcard input". | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-02 14:44:26 -08:00
										 |  |  | A wildcard input beings the value of all inputs with the exact same scriptPubKey | 
					
						
							| 
									
										
										
										
											2015-11-30 16:40:31 -08:00
										 |  |  | in a block lower or equal to the block the wildcard input is confirmed into. | 
					
						
							| 
									
										
										
										
											2015-12-02 14:44:26 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | == Changes needed to implement == | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-04 14:40:01 -08:00
										 |  |  | The bitcoin code needs to be modified in three places in order to handle Coalescing Transactions. | 
					
						
							| 
									
										
										
										
											2015-12-02 14:44:26 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-07 15:55:42 -08:00
										 |  |  | 1. <b>Full Node Coalescing validation</b> - When a full node receives a coalescing transaction, it has to | 
					
						
							| 
									
										
										
										
											2015-12-04 14:37:51 -08:00
										 |  |  | aggregate the value of all the UTXOs in the blockchain older than the input | 
					
						
							|  |  |  | with the same scriptPubKey. If this value is greater than or equal to the | 
					
						
							|  |  |  | amount of all outputs, then that coalescing transaction is valid and can be propagated. | 
					
						
							| 
									
										
										
										
											2015-12-02 14:44:26 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-07 15:55:42 -08:00
										 |  |  | 2. <b>Full Node Non-Coalescing validation</b> - When a non-coalescing transaction comes in, the code needs to be modified | 
					
						
							| 
									
										
										
										
											2015-12-04 14:37:51 -08:00
										 |  |  | to check if each input has not been spent by a coalescing transaction. If there exist any | 
					
						
							|  |  |  | coalescing transaction in the blockchain with the same scriptPubKey found in a block *after* that input, | 
					
						
							|  |  |  | then the UTXO has been spent and the transaction is invalid. | 
					
						
							| 
									
										
										
										
											2015-12-02 14:44:26 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-12-07 15:55:42 -08:00
										 |  |  | 3. <b>Wallet</b> - The user facing wallet portion of the reference client should notify | 
					
						
							| 
									
										
										
										
											2015-12-04 14:37:51 -08:00
										 |  |  | the user when their wallet contains many UTXOs that qualify it to benefit from | 
					
						
							|  |  |  | a coalescing transaction. Wallets should not simply replace non-coalescing transactions | 
					
						
							|  |  |  | with coalescing transactions in all instances. | 
					
						
							| 
									
										
										
										
											2016-01-16 08:02:18 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-14 15:16:51 -07:00
										 |  |  | == Isn't this BIP bad because it encourage address re-use? == | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-14 15:51:14 -07:00
										 |  |  | Address re-use comes in two forms: re-use by the ''sender'', and re-use by the ''receiver''. | 
					
						
							| 
									
										
										
										
											2016-03-14 15:16:51 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | Re-use by the sender is basically using the same address for the change output. This is generally considered bad | 
					
						
							|  |  |  | since people looking through your transaction history can determine who you do business with. When | 
					
						
							|  |  |  | you generate a new address for every change, your privacy is conserved as it is impossible to know which | 
					
						
							|  |  |  | output is a recipient, and which output is the change output. This BIP has '''no effect''' on re-use | 
					
						
							|  |  |  | by the sender. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | On the other hand, address re-use by the ''receiver'' occurs under completely different circumstances. | 
					
						
							|  |  |  | When you publish an address and have multiple people send to that address, you are engaging in address re-use | 
					
						
							| 
									
										
										
										
											2016-03-14 15:51:14 -07:00
										 |  |  | from the receiver. This activity has historically been considered bad because it leads to re-using a private key. | 
					
						
							|  |  |  | When you re-use a private key too many times, you run the risk of an attacker performing statistical analysis | 
					
						
							| 
									
										
										
										
											2016-03-14 15:16:51 -07:00
										 |  |  | on the multiple signatures, which can lead to an attacker finding out your private key. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-14 15:51:14 -07:00
										 |  |  | This BIP introduces a way to spend multiple inputs ''without'' re-using the private key. In a sense, this BIP | 
					
						
							| 
									
										
										
										
											2016-03-14 15:16:51 -07:00
										 |  |  | fixes the problem that makes address re-use bad for the receiver. After this BIP becomes implemented | 
					
						
							|  |  |  | and deployed, address re-use by the receiver will no longer be considered bad form. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-01-16 08:02:18 -08:00
										 |  |  | ==Copyright== | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | This document is placed in the public domain. |