The Privacy Shield: Avoiding Common Input Ownership Heuristics
18. The Privacy Shield: Avoiding Common Input Ownership Heuristics
In the world of blockchain analysis, spies use a technique called the Common Input Ownership Heuristic. The logic is simple: if a transaction has three inputs, the spy assumes that all three coins belong to the same person. By spending them together, you have linked those three addresses to a single identity. To combat this, the Bitcoin Core wallet includes a "Privacy Shield" in its selection logic. It tries to avoid mixing coins from different "Sources" unless absolutely necessary. It is the "Segregation of the Sovereign."
The Privacy Shield is a design philosophy that manifests as "Pre-Selection Filters." By keeping your "Streams of Wealth" separate, the wallet prevents you from inadvertently "Doxing" your entire history in a single payment.
Analyzing the Shield Logic: OutputGroupTypeMap
In the source code, we see how the wallet segregates coins by their OutputType (Legacy, SegWit, Taproot). By default, the wallet tries to "Pay with like coins."
/**
* This structure segregates coins by their script type to protect privacy.
*/
struct OutputGroupTypeMap {
// We maintain separate stacks for Taproot, SegWit, and Legacy coins.
std::map<OutputType, Groups> groups_by_type;
/**
* This function attempts to find a solution in ONE category first.
*/
util::Result<SelectionResult> AttemptSelection(...) {
for (auto& [type, group] : groups_by_type) {
// We try to pay using ONLY SegWit coins, for example.
if (auto result = ChooseSelectionResult(...)) return result;
}
// Only if we fail do we allow "Mixed" types.
if (allow_mixed) return ChooseSelectionResult(all_groups);
}
};
Explaining the Shield: The Colored Envelopes
-
OutputType: Imagine you have three envelopes. One contains "Legacy" cash, one contains "SegWit" checks, and one contains "Taproot" credits. If you pay for something using a Legacy bill AND a Taproot credit, anyone looking at the receipt can see you own both accounts. By trying to pay with only one type first, the wallet shields your other accounts from view. It is the "Privacy of the Category." -
allow_mixed: Sometimes, you do not have enough money in one single envelope to pay the bill. In this case, you "Must" mix. The wallet only does this as a "Last Resort." It prioritizes your privacy over simplicity. It is the "Reluctance to Mix." -
groups_by_type: This is the "Internal Organization" of the bank's desk. Instead of a messy pile, the computer sees orderly stacks. This order allows the strategy puzzles we studied earlier to be performed with precision. It is the "Intelligence of the Shield."
The "Sovereign's Responsibility": Labels
The automated shield is powerful, but it is not perfect. The computer does not know that two addresses belong to you if they are the same OutputType. This is why you must use Labels (Chapter 6). By labeling your coins, you can use "Manual Coin Control" to ensure that you NEVER mix coins from different sources (e.g., "From My Employer" and "From My Side-Hustle"). This "Manual Shield" is the ultimate act of financial sovereignty. You are the "Master of the Separation," ensuring your financial identities are as isolated as islands in a digital ocean.
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: