Advantage of coin control, response to Mike Hearn

[Rothgar]

That is indeed a useful thing, but coin control is the wrong way to do it (which is what I've been getting at all along).

Automatically defragmenting wallets are something that has been discussed, at least on IRC, quite a few times.  As long as miners are willing to bias their priority calculations towards transactions that reduce the size of the UTXO set it can make sense. Not only when you create new payments, but for example at night time if your wallet is open (or on an always-on device like an android).

My point about coin control is that whatever problem you're solving with it, you can usually see a better solution that works for more people.

I agree with you Mike that having a smart algorithm that consolidates dust while making payments would be the way to go for the average user.  I personally have no complaint about the current situation as Armory does what I like.  Heck, even blockchain.info has coin control, they just call it custom transactions.  So the current situation is more than sufficient for my purpose.  I wouldn't want to use a wallet that does consolidating transactions with out asking me and requiring a password.  I think the defragmenting could be incorporated into the payments that are sent by normal use by the user.  Such defragmenting may make the advantage of coin control not as great.  Either way I still would want coin control and I have it. 

I really appreciate the hard work of all the developers. 

[christop]

Have fun explaining change addresses to granny.  And reminding her to take note of how much change was created, so she can manually update her documentation to make sure she knows how much each key has.

Does change *have* to be sent to a different address from any of the inputs? I see nothing in the protocol that prohibits this. The reference client just happens to send change to a different address for some reason.

In a minimal client that was proposed above, Granny could send money from address A, which she controls, to address B, which she does not control, and then sends change back to address A.

Also, remember that Granny can keep track of her balance(s) with a "watch only" wallet client. She doesn't have to trust anyone but her own full client for that information.

[Rothgar]

Does change *have* to be sent to a different address from any of the inputs? I see nothing in the protocol that prohibits this. The reference client just happens to send change to a different address for some reason.

No change is not required to go to a different address.  The client does this to preserve privacy of the user.  Bitcoinspinner is an example of a one address wallet.  I think users should remove coins and then get a new address every once and a while to preserve privacy.  I would still keep a backup for fun.

Imagine years from now inspecting all the old wallets and finding 0.01 BTC of a tip or mistake that was sent to you.  That would be fun!

[coqui33]

In a minimal client that was proposed above, Granny could send money from address A, which she controls, to address B, which she does not control, and then sends change back to address A.

Precisely so.

Also, remember that Granny can keep track of her balance(s) with a "watch only" wallet client. She doesn't have to trust anyone but her own full client for that information.

Precisely so.

The client does this to preserve privacy of the user.

If granny prefers the elegant simplicity (of looped-back change) to "privacy" at the cost of complexity (figuring out where her change is going), she will buy the former and the latter will rot on the shelf.

[Rothgar]

The client does this to preserve privacy of the user.

If granny prefers the elegant simplicity (of looped-back change) to "privacy" at the cost of complexity (figuring out where her change is going), she will buy the former and the latter will rot on the shelf.

Woah,  quite an extreme there.  How about Granny gets the former and I get the latter. 

[coqui33]

Woah,  quite an extreme there.  How about Granny gets the former and I get the latter. 

LOL! NP.

[thezerg]

Clearly a user might not want UTXOs to be consolidated b/c that could break privacy.  And personally I think that private keys are a great way to make paper wallets so I don't see them disappearing any time soon.  Many articles have been written abt how paper may actually be a more robust long-term storage then electronic formats (try to read that 8" floppy... do you even know that they existed?) so whether you agree w/ this or not it is clear that many people will.

So, how about the wallet by default does UTXO consolidation, etc, and generally allows you to access it exactly as you do today,  but there is an option that allows you to create a new "wallet section" (this sort of gets you into an "expert" mode without forcing the explicit request onto you).  If you create a new section (and name it something else), then private keys, UTXOs, etc do not cross the section.  Also, you can select which wallet section to pay out of.  You might ask why not just pop up 2 copies of the client... but there is the issue then of 2 blockchains on fully validating clients, and also why does firefox give you tabs, why do all doc programs let you open multiples at the same time.  There is clear value.

[justusranvier]

Clearly a user might not want UTXOs to be consolidated b/c that could break privacy. 

The best of both worlds would be to invent a protocol for trustless P2P mixing that would allow a user to consolidate UTXOs as part of the mixing process.

[nimda]

Coin control is pretty much the only way to spend dust transactions. E.g. SatoshiDICE dust can be pruned if it is added to a large input and then spent.
Coin control is pretty much the best way to avoid associating addresses that should stay separate.

As for the first one, finding the optimal transaction is (I think) NP-complete. Assuming it can be brute-forced (throw every input-combination together, select best one), I think these would be my priorities, in order:

• Lowest fee
• Use most dust inputs (dust is hard to spend, pruning is good)
• Use youngest coins (aged coins are a resource)
• Smallest size

Currently I just use createrawtransaction and pick a good-looking set of inputs.

[gmaxwell]

As for the first one, finding the optimal transaction is (I think) NP-complete.

There are efficient integer linear programming solutions for most problem cases, at least for some sensible objectives (like "minimize priority subject to meeting the free relay criteria").

Actually deciding what you want to be your objective is AI-complete though.

[Bitsky]

I second the expert mode. Pop up a big scary warning message when a user enables it, but let the user decide.

For me, coin control is mostly a privacy thing. You're always told not to reuse addresses, but if you then make a payment a bunch of different addresses are combined for the input. Everybody can see that those belong to the same wallet then. Parse the blockchain and one can group those addresses by the wallets. If one address of those can be mapped to a user, all others are automatically mapped too.

It's like having accounts with three or four different banks and while you can define which account receives funds you're unable to say which bank(s) will pay a bill.

As for change, there could be some default/expert options:
1. directly back to the source
2. if several source addresses are used, offer a drop-down list
3. offer a list with all your addresses
4. generate a random new address

[phelix]

[...]
Great idea! I would definitely pay good money for a simple, single-purpose bc spender that enables:

(1) import a privkey
(2) spend from it
(3) delete the privkey

Nothing more. Everything else is superfluous complication that stops my granny from using bc. It need not even show the balances in my privkeys, since I can easily get this information on the web.

Three functions: import, spend, delete.

The only reason you call this utter simplicity "expert mode" is because you cannot resist throwing in many other functions that few uninterested-in-bitcoins end-users care about. Again, import, spend, delete. Do that--and nothing but that--and you can charge $30 a copy (especially if you make Android, Mac, and Windows versions.)

ever tried http://brainwallet.org? Thanks for the $30. 
(not sure if it is safe, though)

I second the expert mode. Pop up a big scary warning message when a user enables it, but let the user decide.

For me, coin control is mostly a privacy thing. You're always told not to reuse addresses, but if you then make a payment a bunch of different addresses are combined for the input. Everybody can see that those belong to the same wallet then. Parse the blockchain and one can group those addresses by the wallets. If one address of those can be mapped to a user, all others are automatically mapped too.

It's like having accounts with three or four different banks and while you can define which account receives funds you're unable to say which bank(s) will pay a bill.

As for change, there could be some default/expert options:
1. directly back to the source
2. if several source addresses are used, offer a drop-down list
3. offer a list with all your addresses
4. generate a random new address

quoted you here: https://bitcointalk.org/index.php?topic=163757     
"Addresses Linked by Default - Potential Privacy Risk in Standard Client & Others"

[kjj]

Bitcoin already has an expert mode, and has had it for a while now.

[ShadowOfHarbringer]

Bitcoin already has an expert mode, and has had it for a while now.

It does ?

I dont't see an "EXPERT MODE" button with a big, red, scary warning (YOU MIGHT LOSE UR MONIES !!!!!!!!!) anywhere.

How do I enable it ?

[nimda]

Bitcoin already has an expert mode, and has had it for a while now.

It does ?

I dont't see an "EXPERT MODE" button with a big, red, scary warning (YOU MIGHT LOSE UR MONIES !!!!!!!!!) anywhere.

How do I enable it ?

Debug console. The warning is replaced by the fact that using it is hard.

[kjj]

Bitcoin already has an expert mode, and has had it for a while now.

It does ?

I dont't see an "EXPERT MODE" button with a big, red, scary warning (YOU MIGHT LOSE UR MONIES !!!!!!!!!) anywhere.

How do I enable it ?

Debug console. The warning is replaced by the fact that using it is hard.

This indeed.  Documentation can be found here.

[ShadowOfHarbringer]

Bitcoin already has an expert mode, and has had it for a while now.

It does ?

I dont't see an "EXPERT MODE" button with a big, red, scary warning (YOU MIGHT LOSE UR MONIES !!!!!!!!!) anywhere.

How do I enable it ?

Debug console. The warning is replaced by the fact that using it is hard.

This isn't exactly what i was suggesting.

Expert mode can still have a reasonably nice GUI, like CoinControl.

[kjj]

http://www.youtube.com/watch?v=U74s8nFE7No

[Dabs]

I actually like Coin Control, so I can play SatoshiDice using only one address, and using only the inputs from that address, to make the bet, to set the change address to the same, to win or to lose (and collect dust), to bet again (consolidates dust) ... Of course, if you play that way, unless you wait long enough for the required blocks to achieve high priority and have a large number of coins for that purpose, you might end up always paying the transaction fee.

[phelix]

• Use youngest coins (aged coins are a resource)

Why would you care if the coins are old or young?  Why are aged coins a resource?

free to send

no taint