Monitors in the blockchain?

We have previously written an article about the various aspects that influence the level of privacy a bitcoin user enjoys. In this article, we will focus more specifically on two different heuristics that enable deanonymization.

Spending together

Bitcoin transactions consist of one or more inputs and one or more outputs . Simply put, the output of one transaction is the input of another transaction. In this way, all transactions are linked to each other. Graphically, this looks like this in a simple transaction:

In this transaction, Alice sends one whole bitcoin from her address (A) to two different addresses: Bob’s address B and Carol’s address C. Alice splits the bitcoin she sends into two equal parts of 0.5 bitcoins. Bob and Carol can then forward these bitcoins to other addresses.

At this point, we can’t glean much information from the transactions: Alice knows Bob and Carol’s addresses, but Bob and Carol only know that address A is Alice’s. Things get interesting when we add a follow-up trade:

In the transaction from address B, two inputs are merged into a transaction to a single address. At the moment, some information can be obtained through the shared-spending heuristic.

Alice knows that the 0.5 bitcoins from address B belong to Bob and can see that these 0.5 bitcoins are forwarded together with 0.25 bitcoins from another address. We as outsiders know this too, except that it is not known to us that address B belongs to Bob: to us this is an unknown entity. Because the 0.5 from address B and 0.25 bitcoins from address ? both serve as inputs for the same transaction do we know that address B and ? (most likely) belong to the same person; in this case Bob:

Whose last receiving address receiving 0.75 bitcoins (?) is remains unknown, except for Bob. With this information we can already start to map the entity Bob: we know that address B1 and B2 belong to the same entity. This means that we can try to derive more information from the transaction to and from these addresses; who knows, we can link even more addresses to the same identity.

Fresh change

Watch the scenario below. Bob has a total of 0.75 bitcoins. Bob received these bitcoins in the form of two different outputs to his addresses: one output of 0.5 bitcoins and one output of 0.25 bitcoins.

Bob now wants to send 0.7 bitcoins to a third party. To do this Bob will need to concatenate his outputs as in the example just given; After all, with a single output, Bob does not have enough bitcoins to complete the payment of 0.7 bitcoins. As we now know, doing this will reveal Bob’s information about his addresses, but in this scenario, we might find out some additional information. A transaction with two inputs and two outputs is created:

The two outputs that arise are: one output for 0.7 bitcoins to Dave and one output for 0.05 bitcoins. The output of 0.05 bitcoins in this case is the change output: it is the ‘change’ that Bob sends back to himself. After all, Bob had to use a total of 0.75 bitcoins as input to enable the transaction of 0.7 bitcoins, Bob sends the remaining money back to himself in the transaction.

In this example we pretend that Dave is an exchange, a cluster of addresses that are already known to us. Because we know that the entity Bob has made a transaction of 0.7 bitcoins to exchange Dave, we now also know that the address that received 0.05 bitcoins is again (most likely) Bob’s. We can now also add this address to the cluster of addresses associated with ‘entity Bob’.

If Bob didn’t use a fresh bitcoin address to send his change to, even more information can now be found by looking at the transactions to and from the change address. Bob’s cluster of addresses now consists of three addresses: B1, B2, and the newly added B3. We could now look further into the transactions that take place to and from these addresses to add even more addresses to the cluster. Clustering addresses in this way is called the fresh-change-address heuristic.

Just a start

The two heuristics we have described in this article are part of a larger arsenal of research methods to discover information about entities in the blockchain. None of these heuristics provide 100% certainty in all cases, but they do provide a strong indication of possible relationships. Blockchain analysis tools use such heuristics to find out which transactions belong to which entity, for example to track down a criminal. Because the blockchain is public, anyone can perform this analysis; hence, privacy matters and will continue to be an area of improvement for bitcoin going forward.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2024 Cryptocoin