A BIP, or a Bitcoin Improvement Proposal, is a suggested amendment to improve Bitcoin's code. Any user can put forward proposals of this kind, and after being discussed and approved by the community, they can be adopted and implemented. BIPs usually contain proposals for substantial updates (bugs and similar updates are not submitted for large-scale discussions).
We will look at one specific BIP containing the serial number 0069 and see why it's essential. This update aims to improve the security of Bitcoin transactions by making them more resistant to analysis.
What data is subject to analysis?
To understand precisely what BIP 0069 is proposing, we need to understand how assets are transferred on the Bitcoin network. Each transaction has inputs and outputs, though it's important to note that nothing flows through them. They essentially record where bitcoins are being sent to and from. Inputs represent links to the outputs of previous transactions, which are called unspent transaction outputs (UXTOs). This may sound a bit complicated, so we'll provide an example.
Let's compare transactions in Bitcoin with payments in paper money. For example, you want to buy something from your friend for 15 BTC. Before this, you received two transactions of 10 BTC each, and you have two banknotes, each with a face value of "10" in your wallet. The source where you received them is written in pencil on each "banknote." These are the inputs for your new transaction. Since there are two banknotes, there are also two inputs.
You can now take these banknotes, write "to Peter from Charlie" on them, and give them to your friend. This message becomes the first output of the transaction. Since your friend has to return the change to you, he takes 5 BTC out of his wallet, writes "change for Peter from Charlie" – creating another output for the change – and hands it to you.
We have massively simplified the process, and just three banknotes are involved in the transaction. You might receive your 20 BTC in "small change, "meaning there will be a flurry of minor transactions rather than two larger ones. This would, therefore, create many more inputs and outputs.
The security issue
The problem lies in the way in which inputs and outputs are sorted. There is no standard for recording this data; each wallet can use its ordering method. Some list spending inputs first and then outputs for change given, allowing observers to obtain information about funds in sender and recipient wallets. Others sort inputs by the date they were added to the wallet, and the list continues. This means that data analysis can be used to identify patterns that are specific to a particular wallet or service.
There is another potential problem with crypto wallet development. Kristov Atlas, the author behind BIP 0069, has proposed a hypothetical scenario where an attacker with access to a wallet's code (a developer, for example) modifies it so that the inputs and outputs are ordered based on the bits of the private key. This modification would allow the attacker to find the private key just by tracking the transactions, and this "implant" would be very difficult to detect.
How can the problem be solved?
The vulnerability can be overcome if the transactions' inputs and outputs are ordered so that no patterns can be found. BIP 0069 proposes a nondeterministic approach to sorting, i.e. one that cannot be determined from a given input. Moreover, this doesn't require complex algorithms; you only need to arrange the data lexicographically (in ascending alphabetical order).
Tangem Wallet already uses this approach. Yes, it's available for iOS and Android devices.