I’m trying to make sure I understand the question: Why Do We Use Change Descriptors when Building Wallets?
Context: I work on the Bitcoin Development Kit, where one of our core types is the Wallet type. It has typically required 2 descriptors (an external descriptor and a change (internal) descriptor). This idea is standard practice and used widely in the industry, but when pressing myself to write about it in our documentation, I was left wondering if I really knew why this was the case. Furthermore, users that request the Wallet be usable with only one descriptor had strong opinions about how the practice of using 2 descriptors was maybe outdated and not required under certain circumstances. One user told us that it was a mistake to double down on the internal/external descriptor schism, and that it was a relic of the past of people that use electrum wallets.
As a library maintainer, this is the sort of thing I want to have a solid grasp on. I’m also leading our documentation efforts, and plan on including a page on this.
Here is my current understanding and questions.
Advantages of using 2 descriptors
- It potentially allows you accept 0-conf coins when they are coming to change addresses, because you must have been the one to initiate that transaction and will not double-spend yourself.
- Privacy when using a public electrum server: in cases where you might send a whole xpub to an electrum server, you’re better off not giving up your whole keychain but only half? (at this point it seems trivial to reconstruct transaction history but still, I guess not giving it out is better than doing it).
- Having only 1 descriptor forces you to keep track of addresses you’ve given out when building transactions, because otherwise your wallet might use an external address already given out as change, and if this address given out to someone ends up being used by them, you’ll double transactions at that address.
- In cases where a wallet is recovered, change addresses can still be labeled as change.
Questions I Still Have
- Are there other pitfalls users of single-descriptor wallets should be aware of in the case where wallets use more private sync tools like private Electrum servers and CBF, and using modern wallet practices that never give out repeat addresses?
- Does the “change” keychain come into coin selection at all in Core? For example, are there algos for coin selection where knowing if a UTXO is part of the change keychain rather than the external keychain matters? If so, how does it come into play?
- Any other historical info that’s good to know and take into consideration for builders of wallet would be appreciated.
Thank you!
