|
Actually, I think the suggestion in the report is correct. I think that what they are getting at here, is the following scenario: Imagine that you have several addresses, with different balances, in the same wallet. If you do a payment using the normal client, which requires the total balance from all those addresses, this will create a transaction with all those addresses as inputs. In the Bitcoin protocol this provides unambiguous proof that the input addresses are all controlled by the same user. (With some provisos: obviously wallet services overlaid on the network complicate this; as do some other more sophisticated uses of the protocol; but in general, at a protocol level, this is true). So, that then shows any passively listening third party that all those addresses were under control of a single user. This knowledge can then be applied transitively, to consolidate ownership of large quantities of accounts. (We tried explain this in our paper: http://arxiv.org/pdf/1107.4524v2.pdf Fig 1.6) What the report is probably getting at, is that an alternative thing to do, would be to instead send all the payments to a new account, in separate transactions. This would introduce a lot more ambiguity for a passive attacker - passive ownership assumptions become a lot less clearcut. You can still try make deductions, but its going to be much larger to do at large scale, and require more statistical assumptions. Its not completely obvious that this is what the paper is suggesting, but thats my reading of it, and I think that makes sense. |
Don't take it to extremes - this can clearly be stretched to include running the whole process through mixers and back to a single address while improving anonymity. It doesn't say that. In principle, is combining addresses better for anonymity than not?