Hi Bitcoin Developers,
### Problem
Wallet fingerprinting: Identifying the bitcoin wallet used to create the
transaction
### Previous research
A) 0xB10C wrote a [blog post][0] in 2020 about wallet fingerprinting.
Most transactions followed the fee rate recommendations provided by
Blockchain.com and had same characteristics, including
using P2PKH outputs, having either one or two outputs created, a transaction
version 1, and BIP-69 compliance.
Suggested solutions:
1. Randomness in fee rates
2. Broadening fingerprint
- Support receiving to and spending from different address types
- Time-lock some of the created transactions to the current block height
- Set a random transaction version when constructing the transaction
3. Spoofing
B) achow101 created a [tool][1] in 2022 to identify wallet from a bitcoin
transaction
This tool focused on 2 fingerprints (bitcoin core and electrum) although lot
of other bitcoin wallets are used.
It is good proof of concept which can be improved further by adding more
fingerprints in it.
C) I wrote a [blog post][2] about wallet fingerprinting based on nLocktime,
nVersion used by different wallets.
D) ishaanam wrote a [blog post][3] recently based on her research about wallet
fingerprinting which covers lot of things.
1. Fingerprints categorized into 4 types: Independent, Probabilistic,
Dependent, and Temporal
2. Observations based on 8 bitcoin wallets:
- Bitcoin Core (v. 25.0)
- Electrum (v. 4.4.5)
- Blue Wallet (v. 6.4.6 iOS)
- Exodus (v. 23.7.2 iOS)
- Trust Wallet (v. 9. 0 iOS)
- Coinbase Wallet (v. 28.53 iOS)
- Trezor Suite (v. 23.7.2)
- Ledger Live (v. 2.64.2)
3. Fingerprints [table][4]
4. [Wallet Fingerprint Detector][5]
Conclusion:
> There is no clear cut solution to the issues discussed here. While some
fingerprints would be trivial to eliminate,
> it will be difficult to eliminate fingerprinting entirely. Just because
something is a fingerprint does not
> automatically mean that it should not be done by a wallet. For
instance, all transactions of a wallet having a
> certain input order or change index should definitely be modified, but
things like anti-fee-sniping and the spending
> of taproot UTXOs are still worthwhile.
### Solution
A [tool][6] for spoofing wallet fingerprint. It is a proof of concept which can
be improved further if everyone finds it useful.
It supports nLocktime, nVersion and BIP 69 ordering for 2 bitcoin wallets
(electrum and blue). Users can enter PSBT and spoof its
wallet fingerprint based on the option selected in dropdown list.
### Rationale
- As protocol developers continue to introduce changes that impact user
privacy, such as the upcoming version 3 transactions,
identifying wallets based on transaction becomes easier.
- All wallets will never have same fingerprint.
- For users who prioritize privacy, spoofing presents a viable solution.
- While similar techniques have been applied in the context of browser
fingerprinting, they can also be adapted for bitcoin
transactions.
Comparison with browser fingerprinting:
A browser fingerprint typically comprises various things such as the user
agent, IP address, canvas fingerprint, WebGL information,
installed fonts, timezone, screen resolution, cookie data, system info etc. In
contrast, a wallet fingerprint for bitcoin transactions
includes RBF signaling, transaction version, BIP 69 ordering, fee rate, change
position and type etc.
If a tool can effectively spoof a browser fingerprint, same concept could be
applied to bitcoin transactions as well. [Tor browser][7]
protects against fingerprinting by making fingerprints of all users same
irrespective of their device or OS. It's important
to note that existing tools attempting to identify wallets from transactions
include lot of false positives, and the introduction of
spoofing could further increase their prevalence. This increased uncertainty
in identifying wallet can make chain analysis difficult,
ultimately enhancing privacy. Some privacy-focused wallets may even consider
implementing this feature in wallets.
### Acknowledgement
0xB10C, achow101, ishaanam, pythcoiner and statusquont
[0]: https://b10c.me/observations/03-blockchaincom-recommendations/
[1]: https://github.com/achow101/wallet-fingerprinting
[2]: https://consentonchain.github.io/blog/posts/fingerprinting/
[3]: https://ishaana.com/blog/wallet_fingerprinting/
[4]: https://ishaana.com/blog/wallet_fingerprinting/fingerprints_final.png
[5]: https://github.com/ishaanam/wallet-fingerprinting
[6]: https://gitlab.com/1440000bytes/goldfish
[7]:
https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead/
/dev/fd0
floppy disk guy
Sent with Proton Mail secure email.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
