No Branch/Tag Specified
chat
custom_themes
danger
dev
duke
importviewkey
master
no_mining_until_synced
old_duke
onryo
recurring
0.4.0
0.4.1
0.4.2
0.4.3
0.5.0
0.5.1
0.5.10
0.5.11
0.5.3
0.5.4
0.5.5
0.6.0
0.6.1
0.6.10
0.6.11
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.9
1.4.2
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.2
v0.5.2
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.9.0
v0.9.1
v0.9.2
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.4.2
Labels
bounty up to 500 HUSH 2001-5000 bounty
bounty between 2001 and 5000 HUSH 501-2000 bounty
bounty between 501 and 2000 HUSH arm
something doesn't work on arm beginners
for new developers bug
may or may not be a bug build
problems building documentation
not enough information feature
new feature high priority
high priority i2p
related to i2p low priority
low priority medium priority
medium priority question
something is not clear release
release label or issue related to it tor
related to tor translation
translation update windows
related to windows wontfix
this won't be fixed
Apply labels
Clear labels
0-500 bounty
bounty up to 500 HUSH 2001-5000 bounty
bounty between 2001 and 5000 HUSH 501-2000 bounty
bounty between 501 and 2000 HUSH arm
something doesn't work on arm beginners
for new developers bug
may or may not be a bug build
problems building documentation
not enough information feature
new feature high priority
high priority i2p
related to i2p low priority
low priority medium priority
medium priority question
something is not clear release
release label or issue related to it tor
related to tor translation
translation update windows
related to windows wontfix
this won't be fixed
No Label
0-500 bounty
2001-5000 bounty
501-2000 bounty
arm
beginners
bug
build
documentation
feature
high priority
i2p
low priority
medium priority
question
release
tor
translation
windows
wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Assign users
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.
No due date set.
Dependencies
This issue currently doesn't have any dependencies.
Reference in new issue
There is no content yet.
Delete Branch '%!s(MISSING)'
Deleting a branch is permanent. It CANNOT be undone. Continue?
No
Yes
SD/SDX GUI wallet currently does not automate the shielding of coinbase funds. Users must figure out or be told to right click on a zaddr to shield funds to it.
We could have a feature where coinbase funds are shielded automatically
Just noting there is a 600 DRGX and 600 HUSH bounty being offered for this from a DRGX user. Unless shielding to a default z-addr automatically after a block is found, I think it could work similar to zsweep where it only needs an enable/disable option and address. Maybe allow setting an interval for how often it runs. Smaller miners don't need to shield as often.
We never added zsweep settings in GUI and settings only live in config so #88 and #90 can probably be done at the same time depending on who ends up working on it.
I want to document some details about the privacy implications of shielding coinbase funds, because I don't think I have ever seen them described and documenting them here is better than nothing. They will help us decide how we want to implement this feature.
The current way the Mining tab works is that every new block mined is mined to a new taddr, which is inherited from and exactly how Bitcoin works. This is best for privacy, because if you set
-mineraddress
to mine all blocks to the same taddr, that leaks metadata. Specifically, it leaks the fact that multiple different blocks were mined by the same person and it also leaks how much hashrate that miner had at the time those blocks were mined. Not the exact hashrate, but a "lower bound" (minimum) hashrate. To understand this, think about a miner mining every block to the same address. Then a 3rd party looks at a block explorer and sees that "this address mined 10 blocks in this 100 block time period". That means the miner had at least 10/100=10% of network hashrate in that time period. It's a lower bound because they simply could have been unlucky in that time period and maybe had a slightly larger % of nethash.So it is better for privacy to mine every block to a new address and it does not slow down the wallet nor cost any more fees than mining them all to the same address. This is why the mining GUI does not allow mining everything to the same address, it was more code to write and also hurts privacy. Now let us think about what happens when these coinbase funds are shielded.
If a miner has mined all blocks to the same address, then the metadata has already leaked and spending all these coinbase funds and sending them to a zaddr does not leak any metadata. But if a miner has mined every block to a new address, then the transaction that shields them does leak metadata. Specifically, it "links" together the ownership of all the different mining addresses and says "all of these different addresses that mined these different blocks are owned by the same person". That is because all coinbase inputs to a transaction must come from the same wallet.dat . With that information a 3rd party can also estimate how many unique miners are mining, because they can say "all these addresses here are actually the same miner".
So now we can see that shielding coinbase funds which were mined to different addresses does leak metadata and this new autoshieldcoinbase feature has some options to either minimize metadata leakage or minimize transaction fees, but not both at the same time.
Shielding coinbase funds one at a time is the best for privacy (no metadata leakage about different blocks being mined by the same person) but it maximizes fees and also bloats the wallet. The default (and current way the manual shielding in the GUI works) is to shield up to 50 coinbase at once, which means up to 50 addresses are linked together as having the same owner. This is 1/50th (2%) of the fees versus shielding ever coinbase individually and does not bloat the wallet. It is also possible to give
z_shieldcoinbase
a custom amount of coinbase inputs to shield so you can shield more than 50 at a time. The only thing that limits how many you can shield at one time is maximum transaction size limits. I believe that it's possible to shield a few hundred at a single time before hitting that limit. Shielding the maximum amount at once pays the least fees and bloats the wallet the least, but it leaks the most metadata, potentially leaking the fact that hundreds of addresses are owned by the same miner and also leaking data about that miners hashrate.@fekt given the above details, do you have ideas or preferences on how we should implement autoshieldcoinbase?
I would prefer to not leak meta data. For miners finding many blocks quickly, I think it could create problems where a shielding operation is running too frequently if setting limit to 1 utxo. Miners are already leaking meta data currently by shielding default 50 utxos at a time.
Maybe defaulting the limit to 50 as it is now and having an option to allow users to change it to a different value is the best solution?
That way users have control over how many utxos they want to shield at once and how much meta data they want to leak. Would need some tooltip explaining this. It would likely need some upper limit in GUI to prevent ridiculously high values that would fail. I've definitely shielded around 150-200 utxos before as long as it was under max tx size, but even setting upper limit as 50 or 100 would probably be a good idea.
Just thoughts. Not sure what others think.
Related to fees, we could let users set 0 or default fee. We know a custom fee is another form of likability, but 0 is safer than some random custom fee if enough users shield or send with 0 fee.