Bitcoin Forum

Hi, I understand a little on how a determinist bitcoin wallet works. As far as I know, the master key allows to generate an infinity of different addresses, but these addresses cannot be linked back to a given wallet (= derivation principle). 
From reading some press articles (particularly about companies specializing in on-chain data analysis), I understand that some are able to link addresses together and know, for example, that address x and address y come from the same wallet (i.e. from the same seed).
Is this possible? How could it be done?
Thanks

It is not possible, you can possibly associate addresses to distinct users or a group of people but under normal circumstances you would not be able to link them to individual wallets. Addresses cannot be linked as the public keys and the addresses are not linked by any pattern, and thereby indistinguishable. The linkage you are talking about has to do with chain analysis of transactions.

For example, imagine that I have 3 addresses in a wallet and I have funds in all of them. If I were to spend all of them in one transaction, you can possibly deduce that the three addresses are linked to a single entity. Of course, there are scenarios where this may not hold true, but it can be accurate to a good degree.

It is possible for one to link different addresses to a particular wallet to the seed phrase, and it is impossible for anyone to guess correctly the seed phrase of anyone, if not a lot of people bitcoin will be missing. Your seed phrase is unique because it is gotten from a random word.

Different bitcoin wallet addresses can only be connected to a specific wallet owner, if those addresses are sending bitcoin to one particular wallet address often.

The problem is that people do not know how to have the privacy.

Assuming Mr A sent bitcoin to address 1, Mr B sent bitcoin to address 2 and Mr C sent bitcoin to address 3. All can not be linked if you have experience about how it can not be linked. But assuming you spent all the coins at ones, that will link all the addresses together. But if you use coin control to spend individually from the addresses in a way it can not be linked, it will not be linked.

But central server can be able to link your addresses together with your IP address even if you do not spend from the addresses and also if you use coin control. So for this reason, it is better to run your own node and use Tor with it.

How ??

This is not possible, to link addresses to a seed phrase. Just that addresses can be linked to belong to the same wallet and not to the seed phrase that generates the addresses. No one can even know if it is the same seed phrase that generates the addresses and you can not use addresses to know the seed phrase that generates the addresses.

Not possible Ruttoshi... Seed phrase are our wallet security, making it unique for anyone to guess or know

Super!

Question: when address 1 (which holds for example 1 BTC) of a wallet A sends 0.8 BTC to address 1 of a wallet B, do the remaining 0.2 remain on address 1 of A or are they assigned to a new virgin address (let's call it 2) on wallet A?

It depends on the wallet you are using and the settings and how you send the money. There are wallets that you can change in the settings to send the change the the address that you used to send the coin. But, by default, the change will be sent to a change address (which is another address). I am using Electrum for this example and that is how a good HD wallet should be.

Child key derivation uses HMAC-SHA512 function which doesn't leave any mark of the data and key to the result.
There's no way to tell that 'Address A' and 'Address B' came from the same seed, even if the third-party knows the addresses' private keys.

A bit off-topic but it'll be sent to another address on Wallet A which most of the case, to a "change address".
But that's mostly client-dependent so other clients (wallets) may not follow that standard.

By default, the remaining balance from the UTXO will go to a new address called a change address but you have the option to send back the funds to the origin address itself or only a specific change address depending on which kind of wallet you are using.

As everyone said, it is impossible for any expert to predict and prove address x and address y are coming from the same seed phrase even if you have the private keys of both addresses.

The most common tactic used by companies specializing in on chain data analysis is known as the "Common input ownership heuristic" which is described by Satoshi in the "Privacy" section of the whitepaper:


When viewing a transaction with multiple inputs, a generally accurate assumption is that all those inputs belong to the same wallet, even if those inputs come from different addresses. In order to break this tracking tactic, you use a specially designed wallet to group your inputs in the same transaction with other users, called a coinjoin. (https://bitcointalk.org/index.php?topic=5482818.0)


Yes, in a properly designed wallet, the remaining 0.2 BTC change will be sent to a new virgin address in wallet A to increase privacy. However, privacy is rarely gained by the change output in practice because its spending conditions will match the spending conditions of the inputs that created it. So, the change can often be distinguished from the recipient's output since wallet B's software will probably not match the exact same script type, lock time, version number, fee rate construction, and other fingerprints as the sender's wallet.

Technically, your wallet addresses hold UTXOs (unspent transaction outputs), not bitcoins. Say address 1 in wallet A has two UTXOs, each worth 0.5 BTC. If your software supports coin control, you can choose which UTXO to spend. Spend one, and the other UTXO at address 1 remains. Want to spend more than 0.5 BTC? Your transaction uses both UTXOs, creating two new ones: one for the destination and one for the "change address" (which could be back to your address 1, depending on your settings).