Home > software > Bitcoin and Anonymous Transactions

Bitcoin and Anonymous Transactions

August 13th, 2011 Leave a comment Go to comments

Previous: Bitcoin Transaction Speed vs. Double-Spending

Note: I do not endorse use of Bitcoin for any illegal activities. Like many, I regret the neccessary tradeoff between freedom, privacy and legitimate legal enforcement.

One of the much touted advantages of Bitcoin is its anonymity. The full record of all transactions is by the very nature of Bitcoin completely public. However, transactions move coins between a set of incoming addresses and a set of outgoing addresses, and the addresses are not tied to any particular entity; an address may belong to anyone and Bitcoin includes no way to tell.

The problem, of course, is that there might be ways to tell outside of Bitcoin, especially if you are legal authority (or good at finding security holes; or a Google user). Let’s say someone gives a donation (from address X) to an illegal free speech organization in Burma, and you want to figure out if it was a Burmese resident – and his address, in that case. The organization uses anonymous donation-specific addresses dnum. It wants to purchase a stock of paper for leaflets delivered to a conspirational address, without tipping off the secret police.

Let’s assume the secret police captured a computer of another supporter of dissidents. They retrieved the source address used for donations (address C) and now they look at where the coins went. A complicated bead net of addresses that merge and split coins among each other unrolls. The trouble is if it is possible to identify some of the addresses in the net. By government order, all incoming payments to the paper store are transferred from order-specific address p? to a single police-registered address P. The first order was paid at address p0, the second would be paid at p1.

The police can now clearly see the coins from address C, transferred to donation address d0, have been used to pay for paper and they will inquire in the store about customer of the address p0. But they can also see that other money have been used for this purchase as well. The trail goes through addresses X, xb, xa, xx, all unknown to police, but arrives to xx from M, the main coin store address of the local Bitcoin exchange. The authorities inquire at the exchange and get bank account number associated with the outgoing payment. The bank happily provides the address and the police is on its way. Does the bank account owner also own the address xx? And what about xa, xb and X, are these her addresses (used for keeping order in the books or to muddle the tracks) or someone else’s? Whose and why did the money go there? The case is not proven yet, but a person is already questioned at the secret police office and in a totalitarian regime, the burden of proof is effectively on her. The paper paid for at p1 will never arrive, but several black cars will.

(The xx-xa-xb-X split can be improved by sending parts of the amount to different addresses, then sending coins between them, and so on, but AFAIK this does not really help anything much as the coins are still being passed within a closed subgraph. Also, the dissident organization might try to avoid mixing independent sources in payments, but this may be difficult if you live from small donations.)


So, all is lost and hopeless, back to good old cash? Well, not necessarily. There are various approaches to combat the problem.

Solve part of it outside the box. Launder coins abroad. Spend them on legitimate-looking puppet causes while staying sure they either return to you or get sent the right way. Repeat and rinse several times. Preferably include real people with googleable Bitcoin addresses early in this chain to completely dissociate yourself from the coins in the public record. Of course, you need some real-world cooperation and friends worldwide. Similar approaches like dissociation by re-selling goods may be considered, but they seem very cumbersome, error-prone and likely losing money (or needing large investments and much time). This all could become a lot easier when paying with bitcoins in person becomes commonplace.

An obvious scheme to muddle the tracks is a mixin service (an escrow service might do this as a side-effect). Many people send in coins, they are all included in a single transaction and this transaction has many outgoing addresses for each user sending in money. It will split large pile of possibly suspect money to many small piles that can be used separately, and in the transaction it will be completely unclear which of the many source addresses is the source of the coins. Repeat few times with different sets of co-mixers and you have pretty much perfectly fogged the origins of the money.

It sounds great but it is fraught with many practical issues. Most obviously, you need to trust the service with your money; you send it in, it might arrive back or maybe not (they are scammers, or maybe just have technical trouble or got hacked). It should definitely be set up in some “safe” country. And still, you need to trust it is not logging anything, nor is its ISP, and nor is your country’s Great Firewall (i.e., use tor). Your government in fact secretly running this service would be a masterstroke. And of course, you absolutely need the “many people” part as well, so that you are actually mixing the coins with others. But these “many people” should be mainly honest persons with legal coin targets, there is not that much point in mixing if you are mixing just with crooks. For the same reason, “many honest people” will be reluctant to get into the trouble needlessly and mix with the crooks and you. An escrow service with mixing as a side-effect could alleviate this issue somewhat.

But what about a more elegant way? When making a transaction, you can pay a transaction fee, mainly to ensure speedier inclusion in a block. The transaction fee goes to whoever mines the block that includes the transaction. There is no upper bound to a transaction fee. We will spill coins in the fees.

The idea is similar to a mixin service; but instead of requiring voluntary participation, we use the txfees and the whole block chain as a mixin platform. In exchange, we concede that we cannot have all the money, but only some large fraction (a third? a half?). We will produce dummy transactions that move all the coins to the txfee, then collect part of it back in block generation payouts. This is completely legitimate and automatic; blocks generated by us and by other solo miners (pools are easily identifiable) are indistinguishable. Some of the money will return as clean laundry while the rest goes to support the Bitcoin system.

The practical implementation is simple. First, one needs to choose the ratio. The smaller the ratio, the harder to track the most common destination of the spillage, but the less money you get, obviously. Then, you create many small fee-spilling transactions transactions. (More means better laundered for further use, but take more time to get.) You keep part of them for your own blocks and broadcast the rest for other miners to pick up. You can get very smart about this, scanning the p2p network to broadcast to solo miners preferentially (you will be better masked), do some probabilistic modeling on the blocks you create, and so on. The big catch is being able to produce blocks at sufficient pace. The answer is either making a huge investment and building a massive solo rig, or just renting one! There are good rigs for rent. It is again important to rent abroad and make sure you cover your tracks well when paying rent. Of course, this is more practical for the accepting organization than the individual donator.


This proposal is far from perfect, but it should work and I have not seen it mentioned yet. My main point is that there may be more tricks like this and the anonymity discussion might yet get interesting.

Categories: software Tags: ,
  1. Pamela Brown
    August 18th, 2011 at 18:17 | #1

    Note: I do not endorse use of Bitcoin for any illegal activities. Like many, I regret the neccessary tradeoff between freedom, privacy and legitimate legal enforcement.

    Let’s say someone gives a donation (from address X) to an illegal free speech organization in Burma

    Let’s assume the secret police captured a computer of another supporter of dissidents.

    If I were you, I would remove the disclaimer at the beginning of this fine post. On the one hand, you say you agree that there needs to be a trade off between ‘legitimate law enforcement’ and people’s rights, but then talk of ‘dissidents’ and ‘illegal free speech organizations’ the latter being almost an oxymoron.

    Technical articles should be separated from political sentiment. Its the best way to remain neutral and to get your point across cleanly.

  2. pasky
    August 23rd, 2011 at 01:19 | #2

    @Pamela Brown

    That’s certainly a good advice. I suppose I chose this approach here since the point of the article was two-fold – to point out a possible anonymization approach, but also to showcase why anonymity is important and how can it be compromised using external sources of information.

    I agree that maybe the mix does not work too well, next time I’m doing something like this, I will split it to two articles, one political, another technical.

  3. March 14th, 2017 at 09:06 | #3

    It’s an remarkable post in support of all the web visitors;
    they will get advantage from it I am sure.

  4. May 15th, 2017 at 10:34 | #4

    Hello every one, here every person is sharing these familiarity, therefore
    it’s good to read this web site, and I used to pay
    a visit this web site daily.

  5. June 28th, 2017 at 09:39 | #5

    Greate pieces. Keep writing such kind of information on your site.
    Im really impressed by it.
    Hi there, You have done a great job. I’ll definitely digg it and individually recommend to my friends.
    I’m confident they’ll be benefited from this website.

  6. August 24th, 2017 at 22:12 | #6

    Quality articles or reviews is the important to invite
    the people to visit the web page, that’s what this web
    site is providing.

  7. July 26th, 2019 at 17:56 | #7

    Hi everyone, it’s my first visit at this website, and
    paragraph is truly fruitful in favor of me, keep up posting these types of content.

  8. August 5th, 2019 at 21:44 | #8

    اگر عرض بيشتري مورد نياز است بايد از لنگه هاي بيشتري استفاده شود در درب ضد سرقت .عرض بازشوي درب ضد سرقت نيايد بيشتر از 115 سانت باشد
    source – منبع
    درب ضد سرقت

  9. October 1st, 2019 at 22:16 | #9

    Greate pieces. Keep writing such kind of information on your site.
    Im really impressed by it.

  10. February 10th, 2020 at 12:02 | #10

    Greate pieces. Keep writing such kind of information on your site.
    Im really impressed by it.

  11. September 14th, 2020 at 07:47 | #11

    روش کاشت مو SUT در مقایسه با تکنیک های دیگر از قبیل FIT و FUT روش جدیدتر و موفق تری است که تمامی مراحل آن، از برداشت تا کاشت فولیکول‌ های مو، توسط دستگاه های اتوماتیک صورت می‌گیرد. از آنجایی که در کاشت مو SUT تمامی مراحل توسط دستگاه انجام می گیرد، میزان تخریب ریشه مو، درد و خونریزی کم است.
    کاشت موی SUT

  1. August 14th, 2011 at 00:00 | #1
  2. August 17th, 2011 at 01:39 | #2
  3. November 15th, 2019 at 13:00 | #3


4 × = twenty four