Bitcoin Bumblebee

Buzzing about Bitcoin

Bitcoin’s UTXO model and its implications for user privacy

Bitcoin is a financial network that allows users to store and send value over the internet without a trusted central authority. In order to achieve this, Bitcoin relies on a transparent ledger of transactions shared between its users. The system is fully auditable, and every unit of value can be traced back to the block where it was first minted.

Bitcoin’s transparent model is very different from the account-based system banks use. This model needs to be thoroughly understood by users before they can appreciate its privacy trade-offs; unlike banks, Bitcoin can be used anonymously with the help of some tools and best practices, but ultimately the user is responsible for safeguarding their privacy.

Comparing Bitcoin and banks

Bitcoin differs fundamentally from traditional fiat money in that it does not require a third party to store money and make transactions. Bitcoin resembles cash more than bank deposits: it is kept in the custody of its users and transferred directly between them in peer-to-peer transactions.

Users of a bank must provide personal information in order to create an account. They have some financial privacy: for example their employer or other bank users cannot see their balances. However, their personal information and transaction history are at risk from hacks and are often shared with third parties including the local government.

On the other hand, Bitcoin is an entirely transparent and open network where every transaction is public and recorded on a distributed ledger. Using it does not require submitting any personal information, but a user may reveal his identity to a third party like an online merchant, or a centralized exchange. A user who does not understand the privacy model of Bitcoin does however risk losing their anonymity.

How does Bitcoin work?

As a thought experiment, imagine there was a base metal as scarce as gold but with […] one special, magical property: it can be transported over a communications channel.

Satoshi Nakamoto

Instead of keeping track of every user’s balances, the Bitcoin network represents money more like objects. These objects are called UTXOs (unspent transaction outputs). Each UTXO belongs to a public address, and can be sent to other public addresses by the owner of the corresponding private key. An address can receive multiple UTXOs — a practice known as address reuse, which is discouraged for privacy reasons. Wallets can generate new addresses as needed, and a user can create as many wallets as they want.

UTXOs can have any denomination. When UTXOs are used as inputs in a transaction, they are destroyed, recombined into new ones, and assigned to a new address. A UTXO cannot be partially used, therefore when a payment is made, an output is created for the ‘change’ and sent back to the user’s wallet. UTXOs are destroyed upon being spent — it can be useful to think of these ‘bitcoin pieces’ as being melted together in the transaction and cast into new pieces.

In this example, Alice’s wallet contains 4 different UTXOs for a total balance of 2.05 BTC.

Alice wishes to send 1 BTC to Bob. Her wallet picks 2 UTXOs for a sufficient amount, and uses them in a transaction that creates 2 outputs: one pays Bob his 1 BTC, and the other one goes to a ‘change address’ generated by Alice’s wallet.

The difference between the inputs and outputs of a transaction is the miner fee, which does not create a new UTXO. Instead, it is added to the coinbase transaction, which is spendable by the miner of the block and contains the block reward and the fees. Your transaction is more likely to be prioritized by miners and included in the next block when you attach a higher fee.

Exploring the ledger

Bitcoin’s open ledger is referred to as the Blockchain or Timechain. It can be browsed and queried using a block explorer such as mempool.space. Here are a few examples of Bitcoin transactions:

This UTXO is being spent into two outputs: one for payment and one for change.
The coinbase transaction contains the block reward and the fees. It can be spent by the miner of the block.
This transaction combines many UTXOs into one.

Bitcoin’s fully auditable model means that every UTXO can be traced back to the coinbase transaction(s) it originates from. When Alice pays Bob she is now able to observe all the subsequent transactions he makes with this UTXO. If he mixes it with the rest of his funds, Alice would be able to track a bigger part of Bob’s past and future transaction history, becoming a real threat to his privacy, as she would be able to find out how much bitcoin he owns and how he spends it.

Privacy in Bitcoin

When receiving or spending bitcoin, a user may have to reveal details about themselves — their name for tickets to an event, or home address for receiving delivery of goods. This information is then linked to the transaction history of the address. Here are a few tools and best practices that users of Bitcoin can implement in order to protect their privacy:

  • Avoid reusing addresses: the Bitcoin protocol allows multiple payments to be sent to the same public address. This should be avoided as it compromises the privacy of both the sender and receiver, and can cause security issues. Today most Bitcoin wallets generate a new public address for each payment, but address reuse still exists. Some exchanges require users to save and verify a public address for withdrawals, and sharing a public address is still a popular tool for donations or crowdfunding.
  • Use a wallet with ‘coin control’ features: some Bitcoin wallets automatically pick UTXOs to use in a transaction according to their coin selection algorithm, which can optimize for the lowest fee (minimum number of UTXOs), lower fees in the future (combining many UTXOs), or systems like ‘first in first out’ which spends the oldest coins first. Some more complex wallets allow for more granular control of UTXOs, allowing privacy-minded users to label and freeze certain outputs and select which ones to use in a transaction. Coin control features are available with Sparrow Wallet on desktop and Samourai Wallet on Android and were recently added to Trezor Suite and Ledger Live.
Sparrow Wallet displays the UTXOs that make up your balance, lets you label them, and flags instances of address reuse.
  • Be aware of change outputs: merging a change output with the rest of your funds compromises your privacy. You could pay the library with the change from the coffee shop, but outputs from more privacy-sensitive transactions should be managed more carefully, especially if your counterparty does not protect their privacy adequately. Donations to political causes, for example, could be made using a whole private UTXO, which will not return any change to your wallet.
  • Reusable payment codes or ‘PayNyms‘: proposed in the BIP47, PayNyms are a static code a user can use to receive payments. A new public address will be generated for each payment received to the PayNym. The code can therefore be shared publicly for recurring payments or donations, without compromising anyone’s privacy. PayNyms are a built-in feature of Sparrow Wallet and Samourai Wallet.
  • Buy bitcoin privately: for many users today, privacy issues materialize when buying Bitcoin from an exchange which requires submitting personal user information in a practice known as KYC or Know Your Customer. This information can be used by governments to surveil or intimidate users of Bitcoin, or by other criminals who can use stolen user data to commit identity theft, attempt scams, extortion, or blackmail. To eliminate the risks associated with KYC exchanges, privacy-minded users should use peer-to-peer exchanges when trading bitcoin with other currencies. These platforms offer matchmaking and escrow services and using them does not require submitting any private information. Popular private Bitcoin exchanges include Hodl Hodl, Bisq and RoboSats.
  • Use CoinJoins: a CoinJoin is a transaction where multiple users pool their UTXOs together to make it impossible to link the inputs with the outputs with certainty. Most analysis tools used to track the ownership of UTXOs rely on Common Input Ownership Heuristic: the assumption that all inputs in a transaction are from the same owner. However collaborative transactions, where multiple users cooperate to enter a transaction together in order to mix their inputs, completely negate this process. Participants can use CoinJoins to break the trail of ownership linking a UTXO to their identity. Please note that CoinJoin transactions can help improve your privacy moving forward. It cannot obfuscate your past transaction history, or hide the fact that you bought bitcoin on an exchange in the first place.
A CoinJoin transaction using Samourai Whirlpool
  • Use multiple wallets for different purposes, for example one for private funds in cold storage, another for daily spending, another one for online purchases, etc. This will ensure you don’t accidentally mix funds that don’t belong together.
  • Run your own node: Bitcoin wallets are connected by default to nodes run by the company or by trusted users, which are able to see your IP address and the transactions you send and receive. Using a public block explorer to lookup transactions could also damage your privacy. Running a Bitcoin node lets your broadcast transactions directly to the network, as well as verify and browse transactions using your own local copy of the blockchain. Anyone can run a node, visit bitcoin.org for more information.

Do Your Own Research

This article is intended to introduce the Bitcoin UTXO model and some of the tools available today to improve privacy on-chain. It does not cover the Lightning Network, which can be a tool for using Bitcoin more privately.

The field of Bitcoin privacy is constantly evolving as new tools and upgrades are developed and implemented. There is no perfect solution for privacy and users of Bitcoin need to do their own research to understand the level of privacy they need and how to manage their bitcoin.

Posted at block 785224

Bitcoin in 21 pictures

In this article we try to introduce some of the many aspects of Bitcoin in 21 images and captions. We attempt to…

Can Bitcoin help you escape fiat inflation?

The 20th century saw government currencies abandon the gold standard, instead pegging themselves to the gold-backed US Dollar until 1971, when the…

Loading…

Something went wrong. Please refresh the page and/or try again.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: