Editors Note: This article comes fromCarbon chain value (ID: cc-value)Editors Note: This article comes from
Bitcoin is neither completely anonymous nor completely transparent. The Bitcoin privacy conundrum lies in a gray area: Exposure to users financial activities ultimately depends on the competence of investigators and the sophistication of the tools users choose. There is no perfect privacy solution for any activity on the Internet; and in many cases, there is no one-size-fits-all solution, which means that privacy-focused choices often come with a balance of cost and ease of use. Moreover, privacy is never static, but is constantly evolving, echoing the struggle between groups who build privacy-preserving and privacy-destroying tools.
foreword
secondary title
Unless we take a clear stand now and help platforms and protocols embed user privacy and decentralization in their minds, mass surveillance and social credit systems will be our inevitable future.
main points
secondary title
main points
Blockchain analytics firms work to de-anonymize bitcoin activity and sell the data to corporations and law enforcement.
Understanding how the Bitcoin system works, mastering the use of tools such as Tor, coin control, and coin combiners, and avoiding the reuse of addresses is crucial to protecting your identity information and transaction information from being exposed important.
secondary title
Why should you care about cryptocurrencies?
The degree to which cryptocurrencies enable privacy is by no means trivial or binary—it can vary widely based on individual user choices of core and assistive technologies, usage patterns, and attacker capabilities and sophistication.
We can observe that the acceptance rate of cryptocurrencies, especially Bitcoin, is growing in countries where the economic freedom of residents is limited, such as Venezuela. While cryptocurrencies have significant advantages in building censorship-resistant transaction networks and monetary policy that is immune to various forms of government sabotage, these advantages are of little utility as long as authoritarian regimes can de-anonymize user information and prosecute relevant users at will. This issue needs our attention.
secondary title
Introduction to Bitcoin Privacy
The Bitcoin protocol has evolved over time, which has led to dramatic changes in its privacy characteristics. Changes in the core protocol are not limited to a simple choice between privacy and transparency, but are often accompanied by changes in security, scalability and transparency, and backward compatibility of software. Historically, the Bitcoin community has preferred the feature of privacy over transparency, but the former has been more conservative than the privacy-focused cryptocurrencies.
Therefore, people considering using Bitcoin to escape the surveillance of authoritarian governments or corporations need to understand what type of traces they leave on Bitcoin when they use it, and whether Bitcoins privacy properties are sufficient for their needs. However, achieving this level of understanding requires some effort.
track transactions
When you transact on the Bitcoin network, you leave two kinds of traces. They can be categorized as on-chain information and off-chain information. On-chain information does not directly link your identity to transaction information, but it reveals information that can link your transaction information to others. It is the second type of off-chain information that associates your identity information with transaction information.
secondary title
off-chain information
When you transact on the Bitcoin network, you sometimes send/receive bitcoins to/from people who know you. The latter will have off-chain information linking your identity information to transaction information.
When you combine the above facts with the fact that information about your transactions can be linked to others, the result is that entities with ulterior motives can sometimes make it clear how you use your bitcoins, how much you own and who you are dealing with. trade this information.https://www.maxmind.com/Even when youre not transacting with someone who knows you, there are countless ways to associate information about you with a transaction, because Bitcoin transactions are usually carried out on the network in unencrypted packaged form, and the source IP address Can be traced in several ways. When transacting through a full node such as Bitcoin Core, some triangulation or detection of target traffic is required in order to estimate the source IP address, while other light wallets such as mobile wallets (Mycelium, blockchain wallets, Coinbase Wallet) is usually done through a server operated by the company, which can directly see your IP address and complete transaction history.
Geolocation IP address databases can usually provide a rough estimate of your physical location via IP address. You can use this link (
) to test it yourself, enter your coordinates in an interface such as Google Maps. Whats more, your IP address exposes your Internet Service Provider (ISP), which knows the real-world identity of the IP owner, and the ISP is often legally obliged to store this information for several months.
Even if youre using public WiFi to transact, its still possible to accidentally connect your real identity to the websites you visit and the background services your device is connected to. When you boot up your laptop, your Dropbox app happily connects it to a company server, which causes your IP address to be associated with your Dropbox account in the companys server logs. Even if you do not visit any personal website accounts, the cookie information stored on your laptop can reveal your identity to the websites you browse by linking you with cookie information from previous browsing history. Many websites allow third parties to track such users for analysis purposes—Google alone estimates that they track users on 80% of sites across the web.
You may also be associated with the latter for using web-based tools to search for Bitcoin addresses and transaction information, because no one but you is searching for relevant information on the Internet for no reason.
By far the most well-known method of hiding your source device and IP address when you search for transactional information or make a transaction is through the Tor stealth service. Many wallets, including Bitcoin Core, include it as an option, while some have it built-in. The Tor browser can be a useful tool for your web-based bitcoin-related activities, as it not only hides your IP address, clears cookie information every time you log out, blocks third-party cookies, and is immune to most browsers The impact of device fingerprint recognition technology.
secondary title
Information on the chain
We can use a block explorer to gradually understand the type of information revealed by the Bitcoin blockchain. To put this into practice, we will use the open source block explorer blockstream.info.
The latest block as of this writing (March 8, 2019, block #563899) contains 2122 transaction information. Lets see what a random selection of transaction information reveals.
Transaction information includes input and output values and is identified by a transaction ID (visible at the top of the image above). If your Bitcoin wallet initiates a transaction, each transaction will be associated with a similar identifier.
From a high-level perspective, the information it reveals is as follows:
Approximate time when the transaction was mined (calculated from the block header)
Lets take a look at each part of the above transaction one by one here (https://blockstream.info/)。
time
secondary title
Transactions are not timestamped, but blocks are. Block timestamps are not necessarily correct, but given that the vast majority of miners report their times truthfully, all block timestamps should be correct within a few hours. They will be correct for blocks mined by honest miners. This does not mean that block timestamps have to be accurate to within a few hours of the transaction broadcast time, as sometimes it takes longer to include transactions into blocks. Some block explorers provide a more accurate view of when a transaction was broadcast by showing when it first saw a transaction on the network.
The time when the above transaction was packaged into the block can be obtained by looking at the block header (in our case block #563899, its timestamp is 2019-02-20 14:45 UTC)
secondary title
1: 32Z63LVtUERdEEwz275JHt3o4cewPfE8YC 0.26119849 BTC
2: 31w3iWUN5EMJMW2YRCc5m4RFqm3zN61xK2 0.2214705 BTC
The address and amount of bitcoins being transferred
The receiving address in this transaction is:
An address is more than it seems, and its not always just a pointer to a users key. The address is actually a descriptor of the spending rules for the next time someone wants to transfer bitcoins.https://blockstream.info/For example, if you send a bitcoin to the address 37k7toV1Nv4DfmQbmZ8KuZDQCYK9x5KpzP, the configuration of the address is such that instead of spending the bitcoin to the owner of a particular private key, you release the coins to anyone with the same SHA-1 hash And be able to provide spending rules for people with two different sets of strings (meaning the SHA-1 function fails, which happened in 2017 - so dont send any bitcoins to that address). Its worth noting that since many of the address formats used today are hashed when we send bitcoins to them, we often dont know what the spending rules are until after someone transfers bitcoins from the address , because they need to disclose the hashed content in order to achieve their goals.https://blockstream.info/In our transaction example, the blockchain shows that bitcoins have been spent from two addresses, so the spending rules for these addresses are known. In transaction f491dfe9867c36e85950116a90a6128060d6070866ad0f (
), 3598d70d146750162f32Z63LVtUERdEEwz275JHt3o4cewPfE8YC (https://blockstream.info/Similarly, 31w3iWUN5EMJMW2YRCc5m4RFqm3zN61xK2 (
) is a frequently used 2/3 multi-signature address, which holds about 2,700 BTC ($10.6 million) at the time of writing. More advanced blockchain tools like oxt.me can even graph wallet balances over time and show, with approximate accuracy, the periods of time it saw the most activity.
image description
Historical balance and activity at address 31w3iWUN5EMJMW2YRCc5m4RFqm3zN61xK2 | Source: oxt.me
18:00-22:00UTC is the time period when the address is least active, and a reasonable assumption is that this period corresponds to 01:00-05:00 or 02:00-06:00 local time of the person who controls the address. Considering the active time period, transaction volume and multi-signature settings of the changed address, it can be guessed that the address belongs to the time zone located at GMT+7/8.
If you have a good privacy hygiene habit, never reuse a bitcoin address, this will help you disconnect transactions. This is also a good idea for users of all P2SH addresses (all addresses starting with 3 and 62 characters starting with bc), because when you disclose the spending rules for the address, you have already sent a new Bitcoins were sent from a hashed address with unknown spending rules.
HD wallets can generate multiple addresses but only need a backup seed to reach funds. These wallets automatically generate a new address every time you receive a new transfer.
Now lets look at the transaction again to see what else we can decipher from the sent tokens.
Bitcoin transaction results are usually directed to two addresses, one of which is the actual payment and the other, called a change output, is returned to the sender. This is similar to when you pay $5 for a $3 item, which creates two payments: one of $3 going to the item, and another $2 of change going back to the payer.
In general, different bitcoin wallets behave differently and leave different traces on the blockchain — similar to how a browser displays information about itself when browsing the web. Therefore, it may sometimes be possible to identify certain transactions as coming from a specific Bitcoin wallet application.
If your investigators know which wallet app you are using, this will help them link your identity to transaction information, weakening your privacy. Every piece of information helps him understand who you are and what you do.
Source of transaction funds
In Bitcoin transactions, the funding source always comes from other unspent transactions, more precisely, unspent transaction outputs (UTXO). In the block explorer, what you see is a combination of decoded raw blockchain data and derived data. A block explorer might display transactions like this:
image description
via Bitcoin.com
The reason why Blockstream doesnt show transaction funding sources as addresses is because addresses arent strictly a part of the transaction input, and its not always possible to deduce the originating address of a transaction. In addition, because address reconstruction is not encouraged, it can break the publics psychology in the traditional payment system, and no longer show the senders address of the transaction to make users mistakenly think that the funds can be returned to the receiver.
First of all, lets analyze it technically. If you run a full node (or use a trusted Internet), you can go to the local copy of the Bitcoin blockchain to view the raw data of transaction decoding. As shown below:
image description
e70c2ed31c05fbf2865a15a696a7ca0cb8f3afef92c34f4e41051dc2356827c8 decoding
593e2d5c65b3505d897a13033741037d6c59e683b3345314a58253a8f1572758 is vout: 0, which is the first output of the transaction (vout: 1 means the second output of this transaction, and so on). This unspent transaction output (UTXO) is the source of funds.
At this point, it can be clarified that the funding source is neither an address nor a transaction, but a specific expenditure of a specific previous transaction. If you understand this clearly, it will help you protect your privacy when using Bitcoin, which we will explain in the following chapters.
image description
Source of funding for e70c2ed31c05fbf2865a15a696a7ca0cb8f3afef92c34f4e41051dc2356827c8.
The other two hexadecimal strings in .txinwitness are just signatures that satisfy the 2-of-3 multiple conditions.
Now that we have defined the source of funds, we can see that in this example, there was an output of 0.48298999 BTC, even though the amount paid was only a fraction of $1000. This has an undesirable consequence: imagine a scenario where a friend pays you $10, but the transaction reveals that he has $1 million and has permission to send the full amount immediately, which isnt particularly good for privacy of. If you are concerned about revealing your wealth when sending a Bitcoin transaction, you should pay attention to which inputs are used in your transactions.
secondary title
splice information
Since a transaction always needs to provide a source of funds, the transactions are all linked together, resulting in the so-called transaction graph. If you send bitcoins to your friend, your friend will see your funds input in the transaction, but at the same time you can also see when your friend sent those coins and to which addresses they were sent .
Some bitcoin addresses are well known, such as Bitfinex cold wallets or seized Silk Road tokens. An address is known by the fact that it is an entity, such as a company or a charity, because they publish the receiving or donation address on promotional websites or inadvertently reveal it through forum posts and law enforcement records. Blockchain analysis companies will regularly scour the web to gather such information.
cluster analysis
Let’s go back to the transaction e70c2ed31c05fbf2865a15a696a7ca0cb8f3afef92c34f4e41051dc2356827c8 listed earlier. Now we can immediately see where this transaction was funded, our transaction (red dot) has all been used to fund a third transaction (blue dot).
image description
In particular, the transfer-out of the second transaction and the transfer-out of the first our transaction were included in the financing of this transaction, which were previously sent to the following two addresses respectively: 3Qt1YaJwQwtHMb4mjJ41DZVawWXih9LGMq32Z63LVtUERdEEwz275JHt3o4cewPfE8YC
From the interface, this appears to be two separate addresses, each with only one seemingly unrelated transfer-in and transfer-out transaction. But because their private keys can all sign bluedot transactions, these addresses now belong to the small cluster (including the other 407 addresses the transaction was transferred to), and we can assume they belong to the same user. This heuristic has been called many different names in the past, the latest being the common-input-ownership-heuristic.
image description
Blue dot transaction f491dfe9867c36e85950116a90a6128060d6070866ad0f3598d70d146750162f atlas
Many blockchain analysis companies get information about transactions directly from their users, such as cryptocurrency exchanges. But two leading analytics firms, Chainalysis and Elliptic, have stated that they do not trace back the transaction information of any individual they obtain, but only from exchanges or other commercial entities.
It only needs to deanonymize one address in the cluster to deanonymize the entire cluster.
secondary title
Anti-cluster analysis
At present, we can see that user identities can be associated with Bitcoin addresses and transactions in various ways, and Bitcoin transactions can also be related to each other in various ways. These leaked information, if combined, will reveal all of our financial privacy.
Some bitcoiners are intentionally trying to hack the methods used by these analytics companies, using tools and techniques to make analysis more difficult. Some techniques can reduce the effectiveness of analysis by distorting behavior, while others try to avoid being analyzed. Bitcoin wallets can help users by automating these techniques or making them available on their user pages.
Here are some of these initiatives:
When creating a transaction, randomize the order of rollouts to reduce the precision of change rollout detection.
PayNym is a publicly sharable ID that allows you to receive payments at different unrelated addresses that are known to both the sender and you. PayNym allows for each transaction to derive a new address without actually having to create a new address every time, which is very helpful if you want to go online to receive bitcoin donations.
Token selection/token control. Wallets could be designed to prioritize addresses with less cluster analysis where possible by more carefully picking the income in transactions, or allow users to manually select transactions to transfer in to avoid leaking ownership of certain tokens.
image description
A more cutting-edge technology that improves privacy protection is CoinJoin. CoinJoin is a scheme that adds some funds inputs from different users to a joint transaction before broadcasting the transaction.
In our example, we can see how a transactions funds transfer in refers to a specific transfer out of a previous transaction, rather than the entire transaction:
Funding source of e70c2ed31c05fbf2865a15a696a7ca0cb8f3afef92c34f4e41051dc2356827c8.
But the funds input and output of each transaction do not affect each other in any way; as long as the amount of bitcoins input is sufficient to cover the amount output, the transaction is valid.
image description
The transfer of funds here is divided into many small pieces of equal amount, so it is impossible to determine any invested funds and paid fees. As a result, there will be many sources and sending places of funds in one payment, making it difficult for people to distinguish. Technically, there is no need to hide the source and destination of funds for transactions, but because they have been mixed and disrupted, it is difficult to prove which address initiated the transaction and which users bitcoins flowed to which address.
Another interesting aspect of these types of transactions is that they can complicate the notion of heuristic co-input ownership. These transfers of funds are all marked as belonging to the same owner, but that is not the case in this transaction. These images show error clusters of independent payments generated using currency mixing techniques.
image description
The mixed currency transaction ID of Wasabi wallet is 72046c65fa25724f11c91f35799f69b66072bc07b2b4e3fc363852c2506b2b90, d7a428a8e3d69f236519cb999dbcb47b3b2835488 from left to right 75371da567259be806e35ea, 20cf4fa2f685167f46682dd30c7720a06618656939fadbd1f20e3d471d08dfbb (oxt.me).
Because these transactions have an odd-looking equivalent amount of money out, these transactions are easier to spot and can be more easily removed from cluster analysis tools. When the user wants to confuse the source of the payment and the destination of the payment to the outside world, the mixed currency transaction of the same amount can be understood as an obfuscator.
This transaction is not obfuscated too much, but it will falsely trigger common input ownership heuristics. More importantly, when it is triggered, it will not leave clues to the analysis company that the capital input is not suitable for aggregation (the analysis company needs this clue to avoid false positives). If mixed transactions are commonly used, the false co-input ownership will be so large that the heuristic itself is unreliable, which will be a huge blow to blockchain analysis companies.
lightning network
secondary title
lightning network
The Lightning Network is a beta technology developed on top of the Bitcoin protocol to facilitate low-cost instant payments. Lightning Network is currently available to Lightning Network Wallet users. Lightning transactions differ from base-layer transactions in many ways, and they are more advantageous from a privacy perspective.
Lightning transactions are not stored on a public ledger:
Lightning Network transactions use onion routing, but the final payee is not broadcast to the rest of the network.
Lightning transactions do not scramble funds out and do not cluster together.
The Lightning Network is a channel system that requires liquidity; merchants and users currently accepting Lightning Network payments are a small fraction of Bitcoin users, not all payments (especially huge payments) can be transmitted through the Lightning Network, after a period of time Should improve. This also means that while the Lightning Network can provide better privacy protections for transactions in its channels, these channels still need to be funded by regular Bitcoin transactions, which in turn suffer from the privacy issues described in this article.
When you operate a Lightning Network node, you should assume that your channel balances are known and that they will connect to your IP address. Therefore, operating a Lightning Network node on Tor is a good choice for privacy protection.
The Lightning Network is currently in a period of rapid development, and many properties will undergo dramatic changes in the not-too-distant future.
secondary title
Protocol Innovation
Here are some privacy-enhancing techniques developed from the underlying Bitcoin protocol:
Schnorr signature:
A signature scheme that, among other improvements, makes multi-signature addresses indistinguishable from single-signature addresses.
Taproot:
A technique that cannot distinguish between transactions of various types of spending rules.
Summarize
secondary title
