Bitcoin transaction graphs have a variety of observable patterns, with wallet clustering being the most important. Some of these patterns have been studied and used in both theory and practice to link coins from the same wallet.
All transactions consist of a list of inputs (where SAT is used) and an output (where the input SAT is distributed). input See the output of previous transactions, such as transaction connections. output Locks some bitcoin with certain expenditure terms (i.e. “address”, public key, or output script). Linking coins means identifying entities that control keys to a collection of transactional output, used, or spending collections.
The links are briefly explained in Section 10 of the Bitcoin White Paper, “Privacy.”
“You must use a new key pair for each transaction to prevent linking to a common owner.”
If the same public key controls multiple coins, these coins are trivial links, as they are only supposed to be entities that should know the private key.
However, reusing addresses is not the only concern. The paper continues:
“In multi-input transactions, some links are still inevitable. This inevitably reveals that their input is owned by the same owner.”
This is often referred to as a “general input ownership heuristic.” callor “multi-input heuristic”. Unlike the meaning of the quote above, it is heuristic because there is a rebuttal. It’s not always true, but often so.
Over the years, more sophisticated methods for clustering have been developed. For example, using a larger structure of change output from payments and transaction graphs than individual transactions. Some of these have been explained in academic research, while others remain unique. An improved method can link to more coins or avoid so-called “cluster collapse.” There, coins belonging to different users are incorrectly connected. Commercial goods often benefit from additional sources such as KYC data. They don’t necessarily rely solely on privacy leaks that occur with the Bitcoin protocol, but clustering remains a central theme.
This motivates the hostile framing of privacy. In privacy, a secondary attack attempts to allocate coins to a cluster. From this perspective, defending privacy means it makes it more difficult for the enemy to succeed in correctly assigning coins to the cluster. The most notable examples are included in building collaborative transactions, whether it is difficult to guess, like Coinjuin, secretly, or perhaps most noticeable, like pay magazines, or perhaps most prominently, in the construction of collaborative transactions. In all cases, simple assumptions of common ownership collapse and require more nuanced analysis.
Hostile framing makes it clear that different enemies have different abilities. It has an appropriate adversity model depending on the user’s threat model. Are you more concerned about oppressive government surveillance and transaction counterparty snooping?
It was originally published on Spiral Sacak.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
