Single "Multiple Inputs Tx" vs Multiple "Single Input Tx"

by Vijay Chavda   Last Updated February 11, 2019 07:27 AM - source

Alice owns three addresses A1, A2, A3. She decides to collect the coins held by these addresses into a single coin so she generates a fresh new address A4 for that.

She has the following two options:

1. Single transaction

+--------------+ |A1 A4| |A2 -> | |A3 | +--------------+

2. Multiple transactions

+--------------+ |A1 A4| +--------------+

+--------------+ |A2 A4| +--------------+

+--------------+ |A3 A4| +--------------+

She does not want people to know that A1, A2 and A3 are owned by her. And she does not intend to use any mixing services. She also don't mind paying more transaction fees as in option 2.

Option 1

A1, A2 and A3 can be linked together assuming she did not use any Coin Join technique.

Option 2

It can be seen that A4 is reused to receive payments. However A4 has never been seen before this transaction.

Questions on Option 2:

  1. Can someone observing the Blockchain deterministically figure out A1, A2 and A3 belong to same user?

  2. If Alice now spends A4 to Bob (sends all amount, she never uses A4 again), can Bob ever figure out that A1, A2 and A3 belonged to Alice?

  3. What privacy will Alice (or someone down the trail, like Bob) lose if she goes for option 2?

  4. Is reusing addresses to only receive payments and spending that address only once okay?

Answers 1

With option 2, most analyses will conclude that Alice owned A1, A2 and A3, because the transactions which spent them have no change address. Typically, you assume that the amount you have held in a TXO never exactly matches the amount you're making as a payment, so transactions usually have change outputs too.

I think you have a little misunderstanding about where bitcoins are held. Bitcoins are not stored in addresses. You don't "spend an address." You spend one or more UTXOs. Each transaction in option 2 creates a separate TXO, even though they share the same address for spending. This means, when the coins associated with A4 get spent in full, the individual TXOs are each inputs for the new transaction, which makes it look more like option 1 (multiple inputs, one output) when spent, like this.

|A4 (txo1)         B1|
|A4 (txo2)   ->      |
|A4 (txo3)           |

Bob can of course, look at each of these inputs and see which transaction they came from, but he can't necessarily determine whether the addresses actually belonged to Alice, or whether it is just likely that is the case. Without some more evidence from further back in the history of the coins, you cannot prove whether Alice owned them initially or received them from somebody else.

Mark H
Mark H
February 11, 2019 07:09 AM

Related Questions

Privacy: How should I handle UTXO's?

Updated June 28, 2019 23:27 PM

How Bitcoin wallets avoid address re-usability?

Updated March 01, 2018 13:27 PM