Thinking of sending a bitcoin transaction that you would prefer to stay private?
Are you wondering what steps you can take to make sure your transactions is not traceable?
You’ve come to the right place.
In this article, we will cover everything you want to know about the state of bitcoin traceability in 2023.
Let’s read on…
Let’s get the simple question out of the way: are bitcoin transactions traceable in 2023?
The short answer is: (mostly) yes.
Bitcoin transactions are thought by many to be anonymous, but this is not entirely true.
Bitcoin is designed with a pseudonymous system, using public addresses to mask the identity of users.
Due to the public nature of its blockchain, transactions can still be traced, and in some cases, identities can be revealed.
However, you CAN have mostly private bitcoin transactions if you are willing to take some precautions.
Below we will cover how bitcoin transactions are traced today and what you can do to protect yourself.
Analyzing transaction patterns is a technique used by blockchain analysis companies, researchers, and law enforcement agencies to trace Bitcoin transactions by identifying patterns in transaction data.
Analysts like these pour over the blockchain to find the identities behind the transactions.
Below are some assumptions used by these professionals to trace your bitcoin transactions.
By understanding what the assumptions are and why they are made, we can act in ways that break them.
We can also create new technologies that make them obsolete and unreliable.
Almost none of the assumptions and techniques listed below could, by themselves, be used to determine your identity. But...taken together, they can paint a very descriptive picture of who you are.
The Common Input Ownership Assumption (CIOA) is a widely-used assumption in Bitcoin transaction analysis that helps to link addresses and transactions to a single user or entity.
The assumption is based on the idea that if a transaction has multiple inputs, all those inputs are likely owned by the same user.
When a user wants to make a Bitcoin transaction, they need to use one or more of their unspent transaction outputs (UTXOs) as inputs for the new transaction.
In many cases, a single UTXO might not be enough to cover the desired transaction amount, so the user needs to combine multiple UTXOs as inputs.
According to the CIOA, since all these UTXOs are being used in the same transaction, they most likely belong to the same user.
For example, let’s say Alice wants to send 1.5 BTC to Bob, but her wallet contains three UTXOs with 0.6 BTC, 0.7 BTC, and 0.5 BTC.
To send the desired amount, Alice’s wallet would create a transaction using the 0.6 BTC, 0.7 BTC, and 0.5 BTC UTXOs as inputs (totaling 1.8 BTC) and send 1.5 BTC to Bob’s address. The remaining 0.3 BTC would be sent back to a new address controlled by Alice as change.
By applying the CIOH, an analyst can assume that the addresses associated with the 0.6, 0.7, and 0.8 BTC UTXOs belong to the same user (Alice) since they were used as inputs in the same transaction.
This assumption states that the change output in a transaction is the output that has the lowest value, or the output that creates a new address not seen in the blockchain before.
By identifying the change address, analysts can separate transaction outputs into recipients and change, which can provide valuable insights into transaction patterns and user behavior.
Taking the example above, analysts may use this assumption to guess that the change address that received the remaining 0.3 BTC from Alice also belongs to Alice.
This assumption assumes that the first time an address is seen on the blockchain, it is controlled by the sender of coins that this address received them from.
This can help analysts link addresses to specific users and trace transaction chains.
Coin age refers to the time elapsed since a particular coin (UTXO) was last spent.
This assumption is based on the assumption that users tend to spend newer coins before older ones.
By analyzing coin age, blockchain analysts can make inferences about user spending habits and potentially identify connections between transactions.
The Round Amounts Assumption is another assumption used in Bitcoin transaction analysis to identify potential connections between transactions, addresses, and users.
This assumption is based on the idea that users often send round amounts of Bitcoin when transacting, which can be a clue to associate certain transactions with the same user or entity.
When analyzing Bitcoin transactions, round amounts often stand out as they represent more “natural” numbers that people are accustomed to using in everyday transactions, such as 1 BTC, 0.5 BTC, or 0.1 BTC.
Users tend to choose round amounts for various reasons, such as convenience, ease of calculation, or familiarity.
By identifying transactions with round amounts, analysts can potentially link related transactions or addresses.
For example, if a user consistently sends transactions in round amounts like 0.1 BTC or 1 BTC, this pattern could be used to associate seemingly unrelated transactions with the same user.
This assumption is based on the idea that related transactions tend to occur close together in time.
By examining the time difference between transactions, analysts can identify potential links between addresses or transactions that may be associated with the same user or entity.
This assumption involves grouping addresses that are likely to be controlled by the same user or entity based on various factors, such as transaction patterns, inputs, and outputs.
Address clustering can help analysts get a better understanding of user behavior and trace transactions more effectively.
This approach involves analyzing connections and relationships between users, entities, and addresses based on data from social networks, forums, and other online sources.
By correlating on-chain transaction data with off-chain information, analysts can uncover additional links between transactions, addresses, and users.
“Dust” refers to very small amounts of cryptocurrency that are uneconomical to spend due to transaction fees.
This assumption states that dust outputs are created as a deliberate technique to obfuscate transaction trails.
By identifying dust outputs, analysts can potentially uncover attempts to conceal transaction patterns or user behavior.
This assumption is based on the idea that users or entities may have specific preferences for transaction fees, either consistently choosing low fees to save on costs or high fees to prioritize transaction confirmation times.
By analyzing fee patterns, it may be possible to link seemingly unrelated transactions to the same user or entity.
This assumption identifies patterns and characteristics unique to specific wallet software or services.
Different wallet software may generate transactions with specific structures, metadata, or address formats.
By recognizing these fingerprints, analysts can potentially link addresses or transactions to specific wallet providers or software, narrowing down the pool of possible users.
As I stated before, none of the above methods of tracing your bitcoin transaction are likely to dox your identity.
It’s when they are taken together that they cause problems for you.
With that in mind, you want to break as many of these assumptions as possible.
Let’s talk about how we can do that today:
CoinJoin is a privacy-enhancing technique used in Bitcoin and other cryptocurrencies to improve the anonymity of transactions.
The main idea behind CoinJoin is to combine multiple transactions from different users into a single transaction, making it more difficult to link specific inputs to outputs and trace the flow of funds.
This process effectively “mixes” the coins, obscuring the relationship between senders and recipients.
By using CoinJoin, the transaction inputs and outputs become intermingled, making it significantly harder for blockchain analysis tools and techniques to link specific inputs to outputs.
This provides an increased level of privacy and anonymity for users compared to regular transactions.
However, it is important to note that CoinJoin is not a perfect privacy solution.
Advanced blockchain analysis techniques may still be able to uncover patterns or associations between users in some cases.
Tor, short for The Onion Router, is a privacy-focused network that enables users to browse the internet and communicate online without revealing their IP addresses.
By using Tor, you can enhance the privacy of your Bitcoin transactions and make it more difficult for blockchain analysts and other parties to trace your activities.
All you have to do to use Tor is to use a wallet that supports tor routing for transaction broadcasting out of the box.
Electrum is a great option as well as Bitcoin Core.
These are also good options because they support Taproot, full nodes, and address re-use prevention - all of which we will talk about below.
Taproot is an upgrade to the bitcoin protocol that can make complex transactions appear indistinguishable from simple transactions, improving privacy.
Taproot addresses begin with “bc1p”.
Use them whenever they are available is it will never hurt you to do so.
Anyone can see all of the transaction history of a particular address.
For this reason, it is best to always generate a new address whenever requesting that someone sends you bitcoin.
This is easy to do with any modern bitcoin wallet and most wallets will do this for you automatically.
That said…this can become a bit more tricky if you are trying to receive donations in bitcoin because you don’t know when someone wants to send you coins.
There are solutions for this today using software called BTCPayServer.
You host the BTCPayServer client and connect it to your full node.
Then, anytime someone wants to send you coins, they can go on your site and BTCPayServer will generate a one-time-use address just for them.
One added benefit of BTCPayServer is that they already implemented Payjoin (explained below in the next section) into their client, so you don’t need to wait for it to be implemented into Bitcoin Core.
In short, Payjoin helps break the Common Input Ownership Assumption.
Operating a full node allows you to verify your transactions independently, reducing reliance on third parties that might expose your privacy.
Remember that whenever you send or receive bitcoin, that transaction must be broadcast to the network.
Someone’s full node must do that broadcasting. If it’s not yours, it’s someone else’s (usually the maker of your wallet).
This is a nice, free service the wallet producer provides, however, you are relying on them to:
Just run a full node and you won’t need to worry about it.
If building your own feels a little daunting, you can buy one from a manufacturer like the Nodl.
Using tools like an OpenDime can enable off-chain transactions.
These transactions are impossible to trace because there is no public record of the change in ownership.
All you do is transfer some coins to the open dime, then give the open dime to whoever you want to have totally anonymous coins.
The Lightning Network is a second-layer solution built on top of the Bitcoin blockchain that enables fast, low-cost, and scalable off-chain transactions.
It achieves this by creating a network of payment channels between users, which allows funds to be transferred without the need to record every transaction on the main Bitcoin blockchain.
This off-chain nature of the Lightning Network transactions provides several advantages in terms of privacy and makes it harder to trace bitcoins compared to on-chain transactions.
Off-chain Transactions: Lightning Network transactions are not recorded on the main Bitcoin blockchain, which means that they are not publicly visible and cannot be analyzed using standard blockchain analysis techniques.
Onion Routing: The Lightning Network uses a routing mechanism called “onion routing” that is similar to Tor’s routing approach. When a payment is made on the network, it is routed through several nodes, with each node only knowing the previous and next nodes in the route. This obfuscates the transaction path and makes it challenging to trace the source and destination of a payment.
No Address Reuse: Lightning Network transactions do not use traditional Bitcoin addresses. Instead, they use one-time payment hashes, which prevent address reuse and make it more difficult to associate transactions with specific users.
HTLCs (Hashed Time-Locked Contracts): The Lightning Network uses HTLCs to secure transactions, which further adds to the privacy of the network. With HTLCs, the payment recipient must provide a cryptographic proof within a specified time frame to claim the funds. This adds another layer of privacy, as the payment and its conditions are not publicly visible on the blockchain.
Private Channels: Users can create private channels on the Lightning Network, which are not announced to the entire network. This allows users to transact privately with selected parties, making it even harder to trace transactions.
Despite these privacy-enhancing features, the Lightning Network is not a perfect privacy solution. Network analysis and other techniques might still reveal patterns and associations between users in some cases. However, the Lightning Network offers a significant improvement in transaction privacy compared to on-chain Bitcoin transactions and, when combined with other privacy techniques, can help make tracing bitcoins more difficult.
Several innovative proposals and technologies are being developed to improve Bitcoin’s privacy:
CoinSwaps are arguably a better alternative CoinJoins that offer enhanced privacy.
Instead of simply combining transactions that require a centralized coordinator, CoinSwaps use atomic swaps to exchange coins between participants.
This means that the coins effectively “swap” ownership without ever being linked on the blockchain.
The readme for the protocol characterizes it this way:
Imagine a future where a user Alice has bitcoins and wants to send them with maximal privacy, so she creates a special kind of transaction. For anyone looking at the blockchain her transaction appears completely normal with her coins seemingly going from address A to address B. But in reality her coins end up in address Z which is entirely unconnected to either A or B.
CoinSwaps provide stronger privacy than CoinJoins because:
Technically, you can use CoinSwaps today using MercuryWallet.
However, be aware that MercuryWallet uses Statechains (explained below) to do Coinswaps, which are not exactly trustless, so this is still not a truly decentralized implementation.
PayJoin (also known as Pay-to-EndPoint or P2EP) is a privacy-enhancing technique for Bitcoin transactions that builds upon the CoinJoin concept.
In a standard Bitcoin transaction, it is generally easy to distinguish between the sender’s and recipient’s outputs. However, with PayJoin, both the sender and recipient contribute inputs to the transaction, which makes it harder for an observer to determine the transaction’s flow.
By involving both the sender and recipient in the transaction inputs, PayJoin transactions make it more difficult for blockchain analysis tools to determine which inputs and outputs belong to the sender and which belong to the recipient.
This breaks the common-input-ownership assumption, which assumes that all inputs in a transaction belong to the same user.
PayJoin transactions have some additional benefits:
While Silent Payments are not typically thought of as privacy tech, there is a use case in which they do protect the privacy of senders specifically.
Previously, we discussed BTCPayServer as a way of avoiding address reuse while soliciting donations.
One issue with BTCPayServer is it requires the person receiving the donation to run a server.
Not always so easy for normal non-technical people.
But there is another downside for the sender of the donation - that is, the person receiving your donated coins knows your address (even if they don’t know you).
With Silent Payments, the person receiving the donated coins simply posts a static address.
Then, you (as the donator) use that to address (known as a ‘silent payment address’) to create “…a public key from one of [your] chosen inputs for the payment, and [use] it to derive a shared secret that is then used to tweak the silent payment address.”
Because of this, the static address posted by the recipient is not actually the address that will receive the funds.
This allows the sender to break the link between their IP address and the address generated by BTCPayServer.
This would be very similar to generating a BTCPayServer payment address while using Tor.
Bulletproofs are a type of non-interactive “zero-knowledge proof” that is designed to be more efficient and compact than traditional zero-knowledge proofs.
Bulletproofs (and all zero-knoweldge proofs) allow users to prove that a statement is true without revealing any information about the statement itself.
For example, proving you know a code to a locked door without revealing the code for others to test themselves.
In the context of confidential transactions, Bulletproofs enable bitcoin senders to hide transaction amounts while still allowing the network to verify that the transaction is valid.
This is particularly important for bitcoin, since we need to be able to verify no new coins have been created out of thin air while still proving one has the coins they are trying to send.
If you can prove you have enough coins to cover your transaction without telling the network how many coins you are sending, that is a very useful feature.
For more on Bulletproofs, ieee.org has a great summary.
Dandelion++ is a network-level privacy enhancement proposal for Bitcoin and other cryptocurrencies that aims to reduce the risk of transaction origin identification by adversaries monitoring the peer-to-peer (P2P) network.
Dandelion++ builds upon the original Dandelion proposal, improving its robustness and efficiency.
The main goal of Dandelion++ is to make it more difficult for an adversary to link transactions to specific IP addresses by changing the way transactions are propagated through the network.
There are apparently still issues to be solved involving DDoS attack vulnerability, so it may be awhile before this becomes widely available to users.
While Bitcoin transactions can be traced to some extent, there are numerous steps users can take to protect their privacy.
Current tools and techniques, along with future developments, are continually evolving to enhance the privacy of Bitcoin transactions.