You might be surprised to find out that under some circumstances, using Bitcoin as a means of payment is actually a lot less anonymous than using good old cash. The transparency and accessibility of all transactions on a public ledger is a double-edged sword. On the one hand, it is an important feature for creating consensus among all network participants and to validate transactions, which creates trust. On the other hand, all the publicly broadcasted information can be aggregated and potentially used to attempt to uncover the identity of users behind wallet addresses.
If you’re actively using and spending your digital currencies, this is an important aspect that you need to be aware of. Before we dig in deeper, though, let’s first start with a basic question: what exactly is Bitcoin if it’s not anonymous? Bitcoin wallet address is a public key. In fact, it’s the hash of a public key to be precise.
It just means that you don’t need to use your real name in order to interact with other users in the Bitcoin system when sending or receiving your coins. What is published instead are the public key hashes that act as a sort of pseudo identities. That’s what computer scientists call pseudonymity. So, you now may wonder, if you’re using a pseudonym, and you can even create as many of these as you like, doesn’t that make you anonymous?
Well, the short answer is: not exactly. Conceptionally, anonymity is pseudonymity combined with unlinkability. That means, I am only truly anonymous if my interactions with the network that I do under my pseudonym cannot be tied to each other by someone else. That is not the case in Bitcoin. Bitcoin is pseudonymous and not anonymous.
Let’s talk about how Bitcoin transactions roughly work: all transactions are processed using public key cryptography. This just means that digital signatures are used as a way of proving ownership of your coins. The so-called chain of digital signatures means that each transaction is linked to the output of the previous one to verify that the user has enough funds to perform the new transaction.
What happens every time a new transaction is made, is that it is cryptographically signed by the user with his private key. Then, the transaction containing the input and output addresses and corresponding amounts is broadcasted to the network where other nodes can validate it. Therefore, if we think about it, the Bitcoin system essentially consists of two layers.
One that we call the application layer, which includes the information that is stored on the blockchain and the one that we call the networking layer, which is the peer to peer network in which messages are sent around. Both of these layers can be used to de-anonymize users.
Now that you understand that Bitcoin is pseudonymous and both the application layer, as well as the networking layer hold information that can be used to uncover the real-world identity behind users, let’s have a look at some techniques that make this possible.
Transaction graph analysis
At the application layer, someone might use a technique called transaction graph analysis to aggregate information and investigate how the money is moved around in the Bitcoin system among different addresses.
So, what’s interesting for example is that transactions with multiple input addresses reveal that they are owned by the same user. It means that by using a wallet software to pay for a cup of coffee, for instance, coins from several different wallet addresses are sourced if one of the addresses has insufficient funds.
This is what we call joint spending. In other words, joint spending is evidence of joint control, if you like, because it can be inferred that all the pooled addresses must belong to the same user. So, by transitively aggregating the addresses, clusters of linked addresses can be collected. Since all of the information is stored in the blockchain forever, it is possible to gain more information on the user’s activity by looking at these clusters over time. Likewise, spending patterns can then be revealing of the user’s identity.
Another way to infer the real-world identity from an individuals’ address clusters is by analyzing the interactions with clusters from already known service providers. So if you think of the coffee example again, your interaction with the coffee shop reveals an address that corresponds to you. This, in turn can be used by the other party to then tag your cluster.
Another important fact in this context is the high centralization in well-known large service providers, such as wallet providers or exchanges, for instance. Therefore, there is a high probability for individual users to interact regularly with one of those well-known clusters. Ultimately, this makes it possible to identify a transaction that ties the individual’s cluster with the well-known one of the service provider. Provided that the service provider e.g. an exchange, possesses some revealing information on his or her customers, an authority for instance, can demand access to that information e.g. by subpoena and use it to uncover the real-world identity of the user behind the individual address cluster.
The previous two examples mainly focused on techniques that can be applied to the Bitcoin application layer data for de-anonymization. But, as mentioned before, there is also the networking layer in the Bitcoin system. A potential method that can be applied to this layer to uncover the identity behind an address is entirely unrelated to clustering and using transaction graphs.
The idea here is to focus on the broadcasting process of the peer to peer network. The point is that a node is going to connect to many others whenever it wants to broadcast a transaction that it created. Therefore, several nodes who heard about the transaction could cooperate and try to figure out where the new transaction came from. So if they figure out which transaction is new and which node broadcasted the transaction, then this probably represents a direct link between a transaction and the IP address of the user who created the transaction. Given that an IP address is quite close to a real-world identity, this is a severe problem if you’re concerned about privacy.
Since this is mainly a problem of communication anonymity, though, and the field has received significant attention from the research community, tools like for example Tor have been developed to communicate anonymously.
You are now aware that there are a couple of tricks and methods that can be used to link different addresses or transactions to Bitcoin users, because the Bitcoin system is pseudonymous, rather than truly anonymous. What’s more, it does not stop here, but even uncovering real-world identities or IP addresses of Bitcoin users is a possibility.
Bear in mind that all transactions are stored in the Blockchain forever and if your address is ever linked to your identity, every transaction will be linked to you. So make sure to inform yourself about the recommended best practices when transacting in Bitcoin and other cryptocurrencies to keep your privacy as safe as possible. And the best practice is Bitcoin mixing.
You now know that Bitcoin transactions are not anonymous. But, they can be. To explain this, let’s have a more detailed look at how money is sent: Users have wallet addresses or public keys and each address has a balance. This balance consists of the sum of all transactions, but each transaction is stored on a public ledger.
This means every single move of Bitcoin can be seen by everyone and you are not really anonymous as your transactions are all publicly connected to one address. From a privacy standpoint that can be problematic.
Let’s say you want to keep your transactions private. For starters, you need take care of the address: it should not be connected to you as a person. Say someone sees a payment going from address A to address B. Well great, there is nothing they can do, as nobody knows that, let’s say Bob is owning address A.
Once there is a connection between Bob and address A, the protection is gone. This happens when you sign up for an exchange. Usually, they require you to provide KYC documents. KYC stands for Know Your Customer and it is enforced by law. As a result, your passport is now connected to your Bitcoin address.
The second level of protection works on the transaction itself. When A sends money to B, it is observable. The idea behind a Bitcoin mixer is that lots of people send money to it. In the mixer, these funds arrive and mix. Then, the mixer pays the target addresses. That way, nobody knows whose money arrived at which address. So, even if you know that Bob owns address A, you have no idea if he paid money to E or D.
On a technical level, there are a few different ways to implement this. The core feature obviously is anonymity. That’s why it is necessary to make sure the service is not compromised and analyzed. To gain trust, a lot of mixers choose an open-source structure. That way you can ensure your users that you are not going to steal their money. Those mixers are then also free. The only thing you need to pay is the transaction fee.
In the mixer model, transaction fees occur twice (sending to the mixer and from there to the target address). To increase this protection, you can connect mixers. So, your money goes from one mixer to the next and will eventually reach the recipient.
Another aspect is the amount. Say Bob sends 1.9754 Bitcoin into the mixer. Then Claire receives 1.9754 Bitcoin. It is easy to infer that these payments are connected. For further obfuscation, time and amount both need to be hidden. So, payments can be intentionally split up into smaller ones. They can also be delayed to hide the timestamp.
The Bitcoin ledger is public. Anyone can find out who owned some addresses because of the KYC regulations generally exchanges have to follow. With that, they could trace back transactions. If a mixer was used this becomes far more difficult.
Bitcoin mixers are technically interesting. They bring privacy and anonymity. Apart from Bitcoin mixers, one could use different currencies. Projects like DASH or Zcash have such mixer functionality built in. Monero has similar features built in.
But if you want to hide your Bitcoin payments, you need mixers.