LaurentMT LaurentMT

## gist:e758767ca4038ac40aaf
This document is an attempt to define metrics quantifying the degree of privacy provided by a bitcoin transaction.


Objectives

Definition of metrics measuring the resistance of a transaction to a set of attacks against users privacy.

Attacks considered in the scope of these metrics are:
- Merged Inputs Heuristic: methods identifying the inputs controlled by a same entity
- Coinjoin Sudoku: methods identifying the links existing between the inputs and outputs of a transaction

## gist:e8644d5bc903f02613c6
Context

This third part is about known and potential attacks against the privacy provided by tools like coinjoin.


Known attacks & weaknesses

- Linkability of inputs and outputs

A good illustration of this attack is Coinjoin Sudoku (see (1) for details).

## gist:d361bca6dc52868573a2
Context

In part 1 of this document, we've defined the entropy of a transaction.
This metric is a first good proxy to qualify the degree of privacy provided by a transaction but it fails to detect privacy leaks occuring at lower levels (1).
In this second part, we define 2 complementary fine-grained tools/metrics: the Link Probability of 2 utxos (LP) and the Link Probability Matrix (LPM) of a transaction.


Link Probability of 2 UTXOs

We call Link Probability of a tuple (tx input, tx output) the probability that a link exists between the 2 utxos.

## gist:d2b8cd50e346f681eb67
Back to home. As promised, here are some elements about the growth of activity observed during the last months.
I apologize in advance for the long text and my crappy english.

A bit of context: I've been working on the development of OXT (an analytics platform dedicated to the bitcoin blockchain) during the last 12 months. It means that I've spent a part of this time observing charts to check if they make sense, are useful...
During this process I've learned one thing: bitcoin is still a small economy and therefore it's still possible that the activity of a single actor/service has a visible impact at global level.
For instance, some of these observations are related to well known events like the growth of #txs in 2012 (related to Satoshi Dice).
Some others are less known like this pattern in the growth of the utxo set which is likely to be caused by a small number of faucets doing weekly payments (https://bitcointalk.org/index.php?topic=1055594.msg11394989#msg11394989)
At last, some cases remain very myste

## longchain_604531341.csv
depth;block;txid;receiver;amount_sent;amount_remaining;
0;400590;e26fa07a279f7d89ccb3f1a06a0e48ae0352c7eb4569eeef485f0370da075f73;;2049224;86979660465;
1;400590;49a3906606a37d7cd80ea35ab0f776f20e334306e2baf89929ad92f3bcc40a0b;ANON-543454272;2049224;86977581241;
2;400590;73fea04aaa60bdef18fd33e20f1738cba8f936a238c876669af0ba9743e62ff7;;10246122;86967305119;
3;400590;d8fb997145aae91ff7f8d2f9c3755e8d2b42d4af16447e4ed18b5ac1d0fd3b81;ANON-543454272;630819571;86336455548;
4;400590;6b020df2effde11fd8dba37d7757fe5e209cf38e8431801bc22c4e9535b48577;;53621371;86282804177;
5;400590;cba27ca7dac95ffc75ccc0be7b350f62e5910dba52362b7a2326abac6fde2c63;ANON-604635767;33129127;86249645050;
6;400590;dbdec93c617dad201cbcc5116aec5c15c2c3a58c9b50c255dca37648f4b664b0;;20833781;86228781269;
7;400590;44424153548ea72cd37bd13d568cbc8618d4073cb17a12d87bbd89812f9501a2;ANON-543454272;19126094;86209625175;
8;400590;8053b20f31d28e5ed3d95c1f7a57f70750751e39c2a5d34cb90df26221ec1916;ANON-543454272;11612271;86197982904;

## cold_wallet_related_addr_txs.txt
Addresses from alleged cold wallet
----------------------------------
1HyYMMCdCcHnfjwMW2jE4cv9qVkVDFUzVa
1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB
1MhgmGaHwLAvvKVyFvy6zy9pRQFXaxwE9M
1ECUQLuioJbFZAQchcZq9pggd4EwcpuANe
1J9Fqc3TicNoy1Y7tgmhQznWrP5AVLXj9R


Addresses found with the merged inputs heuristic (no transitivity)

## 1JZJA_spending_txs.txt
TXS WITH AN INPUT CONTROLLED 1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP
-----------------------------------------------------------------------------------------
  ['117049c3eee4d0da5742738c084b83f2e1c467b461ce0dff6d4e612021e82fcd']
  ['b9cb6053f1c642b0f2aba6e3b21a954807f329edad62571c51e412d33b0d1af1']
  ['025189637c6519406d3f7a44d3338f84e3a698ee1fb9a6383437ebaf024cf092']
  ['2a1cb790f04a52d96a41753ff074de526154b3b827d924299964a1bf33f15b2e']
  ['a8520331a3fc0112b803d50609bf154ec2d6c036116fd25082aa572e318617ed']
  ['29ebaaa955a6c2e70fb369a464500a21bdf8a4fd5640403372b0f688e175a2b3']
  ['e0150e9e3c833001ffd107f4756096f2ef67acad9059f6dd8469e3a8a6a38ac4']
  ['2c88f50d126ee27836840ac47d6c33eeab1fe97fa61305230a53c33ce246d7f9']

## 1JZJA_related_addresses.txt
Addresses having an output spent with an output controlled by 1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP
-------------------------------------------------------------------------------------------------
  ['1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP']
  ['1MhgmGaHwLAvvKVyFvy6zy9pRQFXaxwE9M']
  ['1J9Fqc3TicNoy1Y7tgmhQznWrP5AVLXj9R']
  ['1ECUQLuioJbFZAQchcZq9pggd4EwcpuANe']
  ['1HyYMMCdCcHnfjwMW2jE4cv9qVkVDFUzVa']
  ['1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB']
  ['1JTE7BiMW8isT2nA3j5RMb2EPY4eiuHphw']
  ['1K9iWhJxXb9HPWPjeNtCYKe4T4nAUcwxrG']

## Wallet ANON-1725327308
3GWdttsNNZhujgR76nr9Y712njMUnRSMpV
3Kb1NQMA65jCKn61cuayMtzhpjNYmXSf3B
38fVmFdYjxaKcRNAT2on3kju6sCVf9XN1f
3C2fdFyqgvr5xCYVPZ3846jnh8DNiDZRwE
3Pg6z6TXLke1MUsVpUp5YHmoX278DyQNtu
34G1H4QLHddtj4zeJXJJBd7Nva9pYAybbe
3DsKxefZnGDcNpRRX46Tbfv1ZSXNRBTrjz
33HjoA3BiAJrEjD3Bvbg1wNUCcEamXLy9p
37YLkeBZd6uMZgW8V3gJpBDVqWFsDevptQ
3J5ZGTUQPDjUrcHwJWfhkyJEYEjDZYh3Fg

## Steganographic Transactions, Deception Tools and Asymmetric Games

1/ About the nature of Payjoin Transactions and Deception Tools

I'm used to describe Payjoin Transactions as Steganographic Transactions but they can also be described more generally as "Deception Tools" (https://medium.com/@laurentmt/hi-ilya-e72ddda60b35).

In my humble opinion, the use of deception tools is a legit and effective strategy for improving on-chain privacy but it's important to keep in mind that the deception game has its own rules and these rules are very different from others approaches (like "privacy backed by maths" tools).

An important principle of this deception game is that it must introduces and preserves some kind of morphism between interpretations. It should be absolutely impossible for an analyst to distinguish between one form and the other.

For instance, we have:
	This document is an attempt to define metrics quantifying the degree of privacy provided by a bitcoin transaction.


	Objectives

	Definition of metrics measuring the resistance of a transaction to a set of attacks against users privacy.

	Attacks considered in the scope of these metrics are:
	- Merged Inputs Heuristic: methods identifying the inputs controlled by a same entity
	- Coinjoin Sudoku: methods identifying the links existing between the inputs and outputs of a transaction
	Context

	This third part is about known and potential attacks against the privacy provided by tools like coinjoin.


	Known attacks & weaknesses

	- Linkability of inputs and outputs

	A good illustration of this attack is Coinjoin Sudoku (see (1) for details).
	Context

	In part 1 of this document, we've defined the entropy of a transaction.
	This metric is a first good proxy to qualify the degree of privacy provided by a transaction but it fails to detect privacy leaks occuring at lower levels (1).
	In this second part, we define 2 complementary fine-grained tools/metrics: the Link Probability of 2 utxos (LP) and the Link Probability Matrix (LPM) of a transaction.


	Link Probability of 2 UTXOs

	We call Link Probability of a tuple (tx input, tx output) the probability that a link exists between the 2 utxos.
	Back to home. As promised, here are some elements about the growth of activity observed during the last months.
	I apologize in advance for the long text and my crappy english.

	A bit of context: I've been working on the development of OXT (an analytics platform dedicated to the bitcoin blockchain) during the last 12 months. It means that I've spent a part of this time observing charts to check if they make sense, are useful...
	During this process I've learned one thing: bitcoin is still a small economy and therefore it's still possible that the activity of a single actor/service has a visible impact at global level.
	For instance, some of these observations are related to well known events like the growth of #txs in 2012 (related to Satoshi Dice).
	Some others are less known like this pattern in the growth of the utxo set which is likely to be caused by a small number of faucets doing weekly payments (https://bitcointalk.org/index.php?topic=1055594.msg11394989#msg11394989)
	At last, some cases remain very myste
	depth;block;txid;receiver;amount_sent;amount_remaining;
	0;400590;e26fa07a279f7d89ccb3f1a06a0e48ae0352c7eb4569eeef485f0370da075f73;;2049224;86979660465;
	1;400590;49a3906606a37d7cd80ea35ab0f776f20e334306e2baf89929ad92f3bcc40a0b;ANON-543454272;2049224;86977581241;
	2;400590;73fea04aaa60bdef18fd33e20f1738cba8f936a238c876669af0ba9743e62ff7;;10246122;86967305119;
	3;400590;d8fb997145aae91ff7f8d2f9c3755e8d2b42d4af16447e4ed18b5ac1d0fd3b81;ANON-543454272;630819571;86336455548;
	4;400590;6b020df2effde11fd8dba37d7757fe5e209cf38e8431801bc22c4e9535b48577;;53621371;86282804177;
	5;400590;cba27ca7dac95ffc75ccc0be7b350f62e5910dba52362b7a2326abac6fde2c63;ANON-604635767;33129127;86249645050;
	6;400590;dbdec93c617dad201cbcc5116aec5c15c2c3a58c9b50c255dca37648f4b664b0;;20833781;86228781269;
	7;400590;44424153548ea72cd37bd13d568cbc8618d4073cb17a12d87bbd89812f9501a2;ANON-543454272;19126094;86209625175;
	8;400590;8053b20f31d28e5ed3d95c1f7a57f70750751e39c2a5d34cb90df26221ec1916;ANON-543454272;11612271;86197982904;
	Addresses from alleged cold wallet
	----------------------------------
	1HyYMMCdCcHnfjwMW2jE4cv9qVkVDFUzVa
	1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB
	1MhgmGaHwLAvvKVyFvy6zy9pRQFXaxwE9M
	1ECUQLuioJbFZAQchcZq9pggd4EwcpuANe
	1J9Fqc3TicNoy1Y7tgmhQznWrP5AVLXj9R


	Addresses found with the merged inputs heuristic (no transitivity)
	TXS WITH AN INPUT CONTROLLED 1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP
	-----------------------------------------------------------------------------------------
	['117049c3eee4d0da5742738c084b83f2e1c467b461ce0dff6d4e612021e82fcd']
	['b9cb6053f1c642b0f2aba6e3b21a954807f329edad62571c51e412d33b0d1af1']
	['025189637c6519406d3f7a44d3338f84e3a698ee1fb9a6383437ebaf024cf092']
	['2a1cb790f04a52d96a41753ff074de526154b3b827d924299964a1bf33f15b2e']
	['a8520331a3fc0112b803d50609bf154ec2d6c036116fd25082aa572e318617ed']
	['29ebaaa955a6c2e70fb369a464500a21bdf8a4fd5640403372b0f688e175a2b3']
	['e0150e9e3c833001ffd107f4756096f2ef67acad9059f6dd8469e3a8a6a38ac4']
	['2c88f50d126ee27836840ac47d6c33eeab1fe97fa61305230a53c33ce246d7f9']
	Addresses having an output spent with an output controlled by 1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP
	-------------------------------------------------------------------------------------------------
	['1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP']
	['1MhgmGaHwLAvvKVyFvy6zy9pRQFXaxwE9M']
	['1J9Fqc3TicNoy1Y7tgmhQznWrP5AVLXj9R']
	['1ECUQLuioJbFZAQchcZq9pggd4EwcpuANe']
	['1HyYMMCdCcHnfjwMW2jE4cv9qVkVDFUzVa']
	['1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB']
	['1JTE7BiMW8isT2nA3j5RMb2EPY4eiuHphw']
	['1K9iWhJxXb9HPWPjeNtCYKe4T4nAUcwxrG']
	3GWdttsNNZhujgR76nr9Y712njMUnRSMpV
	3Kb1NQMA65jCKn61cuayMtzhpjNYmXSf3B
	38fVmFdYjxaKcRNAT2on3kju6sCVf9XN1f
	3C2fdFyqgvr5xCYVPZ3846jnh8DNiDZRwE
	3Pg6z6TXLke1MUsVpUp5YHmoX278DyQNtu
	34G1H4QLHddtj4zeJXJJBd7Nva9pYAybbe
	3DsKxefZnGDcNpRRX46Tbfv1ZSXNRBTrjz
	33HjoA3BiAJrEjD3Bvbg1wNUCcEamXLy9p
	37YLkeBZd6uMZgW8V3gJpBDVqWFsDevptQ
	3J5ZGTUQPDjUrcHwJWfhkyJEYEjDZYh3Fg

	1/ About the nature of Payjoin Transactions and Deception Tools

	I'm used to describe Payjoin Transactions as Steganographic Transactions but they can also be described more generally as "Deception Tools" (https://medium.com/@laurentmt/hi-ilya-e72ddda60b35).

	In my humble opinion, the use of deception tools is a legit and effective strategy for improving on-chain privacy but it's important to keep in mind that the deception game has its own rules and these rules are very different from others approaches (like "privacy backed by maths" tools).

	An important principle of this deception game is that it must introduces and preserves some kind of morphism between interpretations. It should be absolutely impossible for an analyst to distinguish between one form and the other.

	For instance, we have: