What are utxos and how can their intelligent management complicate the life of surveillance firms like chainalysis?
Address, public key and UTXO
Your wallet addresses are not little boxes containing BTC. These actually exist in the form of utxo (Unspent Transaction Output) jealously guarded by the nodes.
A utxo is a small “script”, i.e. a code that locks an amount of BTC (a number) to a public key. Unlocking the BTC requires signing the script with the private key corresponding to the public key.
The two keys are two very large numbers linked by a “one-way” mathematical function. This is called asymmetric cryptography (public key cryptography).
Clearly, it is impossible to calculate the private key from the public key. Without this invention that we owe to Ronald Rivest, Adi Shamir and Leonard Adleman (1977), Satoshi Nakamoto could not have designed Bitcoin.
The wallets therefore do not contain BTC strictly speaking, but private keys. Wallets sign transactions and propagate them to nodes before landing in the “mempool” waiting for miners to insert it into a block.
Once the transaction is confirmed, the old utxos are erased and new ones linked to new addresses are created.
By the way, addresses are public key encodings. Some old utxo are directly tied to public keys. The most recent are linked to “addresses” which are simply obtained by hashing the public keys with the SHA-256 and RIPEMD-160 algorithms. This saves space in particular since a hash takes up less space.
Bitcoin “dust”
The balance of a wallet is the sum of the utxos to which its addresses are linked. Knowing that an address can be linked to one or more utxo.
During a transaction, the wallet is faced with a large choice of utxo. Ultimately, the selection depends on the desired objective. There is no universal selection method. Do you want more anonymity or less expense?
The “naive” approach consists of finding the smallest utxo whose value is greater than the amount of the transaction.
Systematically proceeding in this way unfortunately leads to fragmentation. Ultimately, the wallet finds itself littered with bitcoin “dust” in the form of utxo that cannot be spent because they are lower than the transaction costs.
The result is an expansion in the overall amount of utxos that clog nodes and threaten network decentralization. Here is for information the evolution of the number of utxo (105 million):
That said, it’s only natural that one wallet would end up controlling multiple smaller utxos. It is therefore preferable to combine them in a single transaction. However, the more utxo a transaction contains, the larger it is, which will cost more in transaction fees.
If your priority is to reduce your transaction costs, you should favor a transaction containing as little utxo as possible.
UTXO and Privacy
It is very rare that the utxos of a wallet make it possible to build a transaction containing exactly the amount to be sent. You almost always have to send more.
The consequence is that change must therefore be made during the same transaction via the creation of an additional utxo at the output. Unfortunately, this greatly facilitates the work of monitoring firms like Chainalysis.
In theory, when there are several utxos at the exit of a transaction, it is not obvious which belongs to the one who pays and which belongs to the one who receives the money. It is however possible to discover it because of this returned currency
If one of the two output utxos works with the same type of script as the input utxo, it is the utxo used to give change. It is then possible to distinguish the recipient from the sender.
Indeed, as Bitcoin developed, many address formats (and therefore as many types of scripts) were introduced. Different types of Bitcoin network addresses:
However, it is possible to mess up the surveillance techniques a bit. For example, by arranging for not having to give change.
This is possible with the Wasabi wallet. The latter will look for a combination of utxo to find an amount very slightly higher or lower than the desired amount. The goal is that no utxo is created to give change. This makes it harder to tell the receiver from the sender.
The “original settings” of the Bitcoin core wallet?
The Bitcoin Core wallet proceeds according to this protocol for each transaction:
-If a single utxo exactly matches the amount of the transaction, it will be used (very rare).
-If the sum of all small utxo exceeds the target amount, they will be used.
-If this sum does not exceed the target amount, the smallest utxo above the target amount will be used.
-If the change to be returned can be considered as BTC dust, it is given to miners.
The logic followed by Bitcoin Core is to reduce the number of tiny utxos. Is this the “best” or the “right” selection technique?
Yes if the goal is to minimize the number of utxos in a common effort to relieve knots. No if you place more importance on privacy or low transaction fees.
Some wallets like Wasabi have manual selection options for advanced users. Wasabi writes on his blog :
“Since the launch of Wasabi 2.0, the wallet has had an intelligent utxo selection algorithm that prioritizes privacy. With Wasabi 2.0.3, users now have the best of both worlds. A smart selection of default utxos and optional controls for advanced users. While beginners benefit from default privacy, advanced users retain the ability to change the selection. »
Wasabi also offers COINJOINS to completely anonymize your bitcoins.
Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of daily and weekly so you don’t miss any of the essential Tremplin.io!
