Question about transaction outputs.

[piuk]

When a bitcoin user sends an amount smaller than the size of their balance it is my understanding that two transactions are created and the remainder is sent back to the user. In a transaction such as this:

{
            "hash" : "6d124d67f4ebfd7a2b4e05852a86980b665f3e46903dd3177c12b3ebeb6ffbb6",
            "version" : 1,
            "lock_time" : 0,
            "size" : 259,
            "in" : [
                {
                    "prev_out" : {
                        "hash" : "5add561ad3d8e0e554809623509681101c85a666c5e48a5c3887c7c922e7841a",
                        "n" : 0
                    },
                    "scriptSig" : "3046022100b05a8751279e78c5096c536af528532f37e16c92ca9a4ac0f91e279f5f65990302210 0be87185a99bc6ace21209f13b148d44eaef2a2d7df6fda67bef84ab2e927b71701 04e6a2a199649366be01cabb1d9019ab755de0add011bfc2ea34c4c0243f1f80a708a2c2d53a91b f44bba215df1a4b1c8ebbe13480da35db73f080b425e05532ad"
                }
            ],
            "out" : [
                {
                    "value" : 18.44000000,
                    "scriptPubKey" : "OP_DUP OP_HASH160 1106a35156e021ac69bfb0fc0922a633447214e0 OP_EQUALVERIFY OP_CHECKSIG"
                },
                {
                    "value" : 0.01000000,
                    "scriptPubKey" : "OP_DUP OP_HASH160 b644b4754ea9a24ff7932b6d63e0878be63bd155 OP_EQUALVERIFY OP_CHECKSIG"
                }
            ]
 }

Is there anyway to determine which output was "real" and which one was returned to the original owner?

[piuk]

I guess it is not possible then? i.e. there is no relationship between prev_out hash and any of the out hashes?

[jackjack]

Nope, impossible to know because the output address is a pool key which never was used before

[samr7]

I guess it is not possible then? i.e. there is no relationship between prev_out hash and any of the out hashes?

Somebody who knows the source better than I can correct, but it looks like the output for "change" is inserted at a random position in the transaction.  See CWallet::CreateTransaction(), wallet.c:969.  So, there shouldn't be any deterministic clues.

[piuk]

Ok thanks.

[Forp]

Somebody who knows the source better than I can correct, but it looks like the output for "change" is inserted at a random position in the transaction.  See CWallet::CreateTransaction(), wallet.c:969.  So, there shouldn't be any deterministic clues.

From my point of view it is a correct reading of the source but an incorrectly drawn conclusion.

Example: Assume a transaction hat the outputs X and Y. Then usually ONE is the recipient of the payment and the OTHER is the original owner of the coins. Now assume that X is a well known bitcoin address (for example a donation address mentioned here in the forum). In this case you can safely conclude that Y belongs to the original owner of the coins.

[kjj]

You can guess based on the amounts and have a very good chance of getting it right.  The code looks for the smallest single transaction larger than the spend amount to redeem, if possible, and then the smallest group of transactions.

For better privacy, the client could attempt to make the spend and the change roughly equal in size, but that will churn the wallet and make you pay higher fees in the long run.

[piuk]

thanks for your help kjj and forp, I think i can come up with a pretty accurate guess using both those methods.

Another thing i'm confused about. How to I determine the address the block reward was sent to? e.g. is their some way to extract the address out of "scriptSig"?

[jackjack]

thanks for your help kjj and forp, I think i can come up with a pretty accurate guess using both those methods.

Another thing i'm confused about. How to I determine the address the block reward was sent to? e.g. is their some way to extract the address out of "scriptSig"?

Take the 65 bytes starting with 04, it's the public key
Then, do that: http://dl.dropbox.com/u/1139081/BitcoinImg/PubKeyToAddr.png