Satoshi's Privacy: Coin Control

A.I. agents analyze the bejeezus out of the blockchain. It’s true that they can find out a lot about you from a few breadcrumbs. Isn’t it ironic that Satoshi, lacking all the fancy techniques and tools, like coinjoin, still stays a mystery. How did Satoshi do it? He was quite clear about it. It’s high time we took a closer look at Satoshi’s advice for hiding in plain sight.

Coin Control

Satoshi Nakamoto’s technique may be summed up as ‘coin control’. The difference between someone who uses coin control and someone who doesn’t is like the difference between someone who makes sure she has multiple 50c, 20c, and 10c coins in her wallet, so that she can hand over the exact amount, and me, who always seems to be about 20c short.

In this article, I will talk about bitcoin (BTC), but note that coin control applies to any crypto which follows Satoshi’s ‘UTXO’ model closely, e.g. litecoin (LTC), bitcoin cash (BCH), dash (DASH).

“UTXO? What’s that?”

You don’t need to know, if you don’t already.

Gift card analogy

This topic can get very technical. I prefer to lay it out it without jargon like ‘UTXO’. I will use a crude analogy: a town where everybody uses gift debit cards.

Bumping into Jane in the town square, she wants to buy your ham sandwich. Jane offers you two gift debit cards, one of $5 value, plus one of $6 value. You reckon $11 is more than enough for your ham sandwich and take her up on the offer.

Now, you walk over to the hot dog vendor. $6 for a hot dog. Perfect! You just got a $6 gift card. You hand it over. A beer would be nice to go with it. You walk to the bar. Pint of beer: $4. You rummage in your wallet for a $4 card, but, no luck; you only have these three:

• $5
• $2
• $2

2 + 2 = 4, but instead of handing over the two $2s, you hand over the $5 card and say “keep the change.”

Why did you do that? Here is the first rule of coin control.

Rule 1: Do not add coins

Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner.

Satoshi Nakamoto¹

The word ‘unavoidable’ paints a bleak picture, doesn’t it? Not necessarily. Let me add my own emphasis:

‘Some linking is still unavoidable with multi-input transactions...’

I think he was meaning:

Avoid multi-input transactions when you can.

The ‘multi-input transaction’ means something analogous to adding gift cards together. When you hand over more than one gift card, you boost your traceability exponentially. Each card has a history. Each card, by itself, can’t say too much, but combined, can cut down the options. It’s like a detective investigating a crime, and he just has a set of footprints to go on. Things change dramatically when he finds a hair.

How does one avoid adding coins?

A good app does most of the work. You need to look for ‘coin control’. Here’s what the end result looks like:

On a more general level, it means that one must always have one prior payment of bitcoin more than the amount one wants to pay. If you haven’t dug into the details of bitcoin, then you might just be thinking of ‘coins’ or maybe ‘sats’.² Those are the units but they are never sent per unit. They are always signed over in a chunk. It’s more like how cheques work. If you recieve a cheque for $120, it’s not 120 little bits stuck together. You must deal with a single item. That single item is the thing you need to divide, and never add to another item to make a payment.

Rule 2: Never reuse addresses

As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner.

Satoshi Nakamoto³

We think of crypto numbers like debit card numbers, but the quote above shows that Satoshi never meant for them to be reused. The numbers are more like transaction IDs.

You might be a bit puzzled. Here’s where the gift card analogy comes up wanting. You hand over a gift card. The number on it necessarily stays the same. With bitcoin, there are no physical cards.⁴ There is just a transaction log. There are the sender’s address, the reciever’s address, and the amount, for each transaction. This leads to a deeper disanalogy. Time for a quick excursion.

Bitcoin addresses

A typical bitcoin (BTC) address looks like this:

bc1q62asl29g5a0khuygwyps0uuf6t0jchsxf8m2l8

It’s the equivalent of a debit card’s Primary Account Number (PAN), e.g.

4716 6864 7566 4093

I generated that Visa PAN at www.creditcardvalidator.org/generator. It’s a valid number, following the format, but doesn’t work anywhere in the real world. Visa, Mastercard, etc. card numbers are top-down. They are issued by an authorized financial institution. Here’s the big difference. With bitcoin, your app generates the number (used as an address), and it does work anywhere. So long as you follow the format strictly. There is nothing in the numbers which identifies you. Satoshi himself put it like this: ‘[Bitcoin addresses are] essentially random numbers with no identifying information’.⁵

Back to the rule

Now think: If it’s up to you to come up with your own recieving addresses, it’s silly not to come up with a new one every time you recieve bitcoin. It’s not like bitcoin will run out of new addresses. Everybody could generate millions of addresses per second and we’d still have plenty of possible addresses by the end of the 22nd century.

Why is this rule important? It’s easy to grasp. The same address makes an easy-to-track history. These are not bank accounts. These are transactions IDs. Even Visa doesn’t use the same transaction IDs again and again. Using the same transaction ID links you to other transactions and lets everyone see how much bitcoin you’ve been recieving.

Another way of putting it: When you use a brand new recieving address, the A.I. snoops don’t know whether you’re a new user or not— at least not without more data.

This rule is tricky for websites. How does one advertize a new address every time? There are options: paynyms, point-of-sales apps, OpenAlias, and more. I’ll cover these in a future post.

Rule 3: Never use a KYC’d exchange.

Thinking ahead to bitcoin’s future--money changing services that operate on a large scale and don’t practice KYC would indeed be illegal and would thus have to operate within the onionverse...

I-am-not-anonymous

Satoshi replied:

When there’s enough scale, maybe there can be an exchange site that doesn’t do transfers, just matches up buyers and sellers to exchange with each other directly, similar to how e-bay works.

Satoshi Nakamoto⁶

For all the canny ways of the A.I. agent, it still needs to tie one of your transactions back to a place with your driver’s license or bank statement.

No such place need exist. I mean, no place linked in any way to your crypto. KYC, ‘Know Your Customer’, whereby they are legally required to have your ID, is not a necessary part of using cryptocurrency. Indeed, strictly speaking, exchanges are optional. Satoshi never mentioned exchanges in the original idea of bitcoin. You can tell from the quote above that he was not very interested in exchanges, except that he wanted the direct, P2P method.

So, here are some tips:

• Choose non-KYC exchanges, e.g. nonkyc.io.
• The safest exchange is Robosats.
• If you do need a KYC’d exchange, choose one which lets you withdraw via the Lightning Network (BTC-LN).⁷
• In the future, simple, high-odds gambling sites might become common for getting KYC-free BTC, like with XMR at monerodice.pro; I have a hunch Satoshi would love such websites.⁸

Bonus Rule: Don't forward amounts

This one is for the high achievers.

If you really want maximum coin control, don’t just forward on a payment. Say you recieve 5,500 sats. Don’t just send it as 5,500 sats. That’s a pattern A.I. eats for breakfast. Sending the same amount of sats is common when one is sending between devices.

Single-use addresses sending different amounts suggests different people.

Summary

Here’s how it works. For simplicity’s sake, I will limit bitcoin addresses to 7 digits.

1. Jane wants to send you 5,500 sats.
2. You make a new BTC address: btc1qq5.
3. Jane sends 5,500 sats to btc1qq5.
4. No matter what Jane has done with her bitcoin, there is no history to the address ‘btc1qq5’.
5. A.I. agents do not know whether btc1qq5 is a new user of bitcoin or not.
6. You need to spend 3,000 sats on a hot dog.
7. You make sure that your app is not adding smaller amounts to make the 3,000. (Untick!)
8. You send the 3,000 sats from the address btc1qq5.
9. Ideally, you recieve the change to a new address, btc1ff4.
10. Otherwise, recieve the change of 2,500 sats back to btc1qq5.
11. You now have 2,500 at btc1qq5.
12. If you think Jane might send you some more BTC, give her a new address.

Caveat Emptor

Be aware: Satoshi did a lot more things to hide his identity. Coin control is just one weapon in the arsenal.

Too much work?

If Satoshi made a better hospital, you could hardly blame him for patients not washing their hands after taking a dump. Basic coin control is like hygiene.

To be honest, sometimes, I just use monero (XMR). Bitcoin apps still put too much work on the end user for coin control. By the time you read this, there’ll be at least three new, overhyped wallet apps with fancy defi features, but still no good coin hygiene.