The Bitcoin protocol is a pseudonymous system that provides transparency and privacy according to users’ needs. To maintain privacy in transactions, it is necessary to adopt some precautions.
In the common imagination, it is thought that Bitcoin is an anonymous system where it is impossible to trace the identities behind a transaction. However, the reality is quite different. Bitcoin, in fact, is a pseudonymous system where participants protect their identity through the use of addresses, which are strings of alphanumeric characters.
The privacy feature in the Bitcoin protocol is a crucial element, to the extent that it has a dedicated section in the white paper written by Satoshi Nakamoto.
The transparency of the blockchain
The Bitcoin blockchain is, among other things, a public and transparent transaction ledger. This feature is fundamental for the security of the protocol but can also entail compromises in terms of privacy.
Unspent Transaction Outputs (UTXOs), the ‘banknotes’ of Bitcoin, can be traced through the blockchain. Anyone can follow the path of a transaction and monitor the addresses.
For instance, if a certain amount of bitcoin is purchased on a centralized exchange, which requires documents and personal data, and later transferred to a personal wallet, the identity behind the UTXOs can become traceable. The documents provided to the exchange can be linked to the UTXOs deposited in the wallet, risking the disclosure of the identity of the owner of those bitcoins.
On the other hand, if no additional information is available, it is quite challenging to uncover the identity behind a specific UTXO.
KYC and Blockchain Surveillance
A crucial aspect of achieving privacy in transactions concerns the origin of funds. If bitcoins are purchased on peer-to-peer markets where UTXOs are hardly traceable to a specific identity, the situation is significantly different. However, it is essential to be cautious not to mix these funds with those from centralized exchanges.
Avoiding the KYC/AML process to purchase bitcoins is another way to protect one’s privacy. Thanks to these procedures, combined with additional data, there are companies that seek to trace all movements on the blockchain and discover the identities of bitcoin holders.
One such company in this category is Chainalysis, a firm that conducts blockchain analysis and provides data, research, and software to government agencies, exchanges, and financial institutions. The company has developed two proprietary software solutions for investigations into financial crimes, monitoring blockchains of various cryptocurrencies.
Other companies involved in blockchain surveillance include well-known names like Elliptic, Neutrino, and Ciphertrace.
Address Reuse and Coin Control
In Bitcoin, the balance of each address is visible on the blockchain. Therefore, if one were to consistently use the same address to receive payments, anyone aware of that address could verify the amount of associated bitcoin.
Every time you receive a bitcoin transaction, it is advisable to use a new address.
Since all transactions are publicly recorded on the blockchain, the approach to sending and receiving payments plays a crucial role in determining which information becomes accessible to external parties.
Gaining a basic understanding of Coin Control is essential to comprehend how to spend or receive funds and limit the information visible to entities keen on tracking spending behaviors and the bitcoin balance of their wallets.
Change handling
Another aspect to consider is the management of change. In the case of a transaction that does not spend the entire UTXO, the wallet generates a new address to allocate the change. In this context, the payment recipient might assume that the bitcoins not included in the transaction are still under the sender’s control.
CoinJoin
CoinJoin is a specific type of collaborative transaction designed to break the link between the past and future history of UTXOs. In CoinJoin, participants simultaneously send their UTXOs, which are mixed together, broken into pieces, and randomly distributed among participants. Naturally, each participant will receive the same amount of bitcoins sent, minus a small fee.
The use of CoinJoin makes it practically impossible to reconstruct the financial path that could be traced back to a specific identity. Several applications implement this protocol, including Join Market, Whirlpool, and Wasabi.
PayJoin
PayJoin involves a collaborative transaction between the user making a payment and the one receiving it. In practice, along with the inputs from the sender, one of the inputs from the recipient is included in the transaction, confusing any external observers.
A transaction of this kind could be interpreted as a regular transaction.
PayJoin disrupts the main heuristic used by blockchain surveillance companies, namely the common-input-ownership heuristic, which assumes that all inputs are controlled by the same user.
