Right now every wallet software does slightly different things with transaction preparation, which makes it possible for chain analysis to fingerprint transaction and detect which wallet is being used. It would be nice if at least we could have all P2PKH transactions look ‘the same’ so this isn’t possible.
I’m aware of the following variations:
- Tx version:
- Tx version=1 is the classic choice.
- Tx version=2 adds BIP68 support (inputs can define their own relative locktimes). Note though that this BIP68 capability is generally unused, and if it is used then the transaction will stick out.
- Signatures may be ECDSA or Schnorr
- ECDSA is the classic. HW wallets currently only support ECDSA.
- Schnorr is the up-and-comer. It adds efficiency that might one day be important in scaling. If widely used then it fancier things (multisigs, hidden smart contracts) to have a large anonymity set.
- Mixtures of ECDSA and Schnorr signed inputs are possible, but rare.
- Locktime of 0 is easy for a wallet to choose.
- Locktime = current block height was introduced to address the potential problem of ‘fee sniping’.
- Locktime = current block height - random(0,99) is used 10% of the time on Bitcoin Core-derived wallets.
- Locktime = current block height + 1 is apparently being used (at least on BTC) by some entity that is not setting sequence properly either, leading to an obvious fingerprint.
- Sequence numbers:
- 0 is a valid choice, and works fine even with tx version 2, but nobody uses it AFAIK.
- 0xFFFFFFFD (two-before-final) might appear in wallets forked from BTC, since it indicates RBF capability.
- 0xFFFFFFFE (one-before-final) is a common choice, which means ‘do not ignore the locktime’.
- 0xFFFFFFFF is a special case that marks a tx as final, meaning that the locktime is disregarded.
- Fees selection, especially when all txes are on the “1 sat/byte” floor.
- Wallets using Schnorr may try to save a slight amount on fees by allocating for these smaller signatures, but they face an issue with partially signed txes that might end up having ECDSA.
- Wallets may round off output amounts, resulting in random values being discarded as fees.
- Transaction input/output ordering: in normal txes the ordering doesn’t have any significance.
- Random shuffling is a good choice.
- BIP69 is an alternative that uses a deterministic sorting order.
- Other options besides these will inevitably leak unnecessary information about change addresses, coin selection strategies and such.
- Make a table of what various wallet softwares do.
- Scan the recent chain and observe the frequency of modern fingerprints. Observe mempool admittance to check for locktime settings.
The goal is to start converging on a standard form of transaction. If one form (or a few forms) gain significant dominance, then other minority wallets will feel compelled to follow for privacy reasons.