Deterministic Wallets - Reading Assignment

Hi Grant,

Examples of BitLaundry anonymity set and HD wallets anonymity set are not connected well in my head.

Let’s imagine Alice wants to sent Bob some Bitcoin and she has two choices: 1) BitLaundry; 2) Bitcoin HD wallet. Bob uses HD wallet and gives Alice his freshly generated new public address.

In case of BitLaundry Alice sets Bob’s freshly generated address into BitLaundry as an output address and BitLaundry sends this Bitcoin to Bob in some random period of time.

In case of HD wallet Alice sets Bob’s address in wallet sending form and HD wallet transmit this transaction immediately.

Why then in case of BitLaundry anonymity set is less than in case of HD wallet?

I started to realize that BitLaundry was way before HD wallets and at that time it was normal to reuse same public address and thus Bob -> address link was something obvious to others… But still in bitcoin white-paper Satoshi mentioned that every new transaction would require new address to be generated… so the anonymity set was same as with HD wallets, no? HD wallets just made it easier to backup your wallet since you just need to do it once and all new public addresses are derived from master private key.

So, BitLaundry was a way to overcome complexity of creating new public addresses with new private keys, which needed to be backed up thus making it possible to reuse same public address again and again and use services like BitLaundry to break up a link between sender and receiver?

Hence, if we know that address belongs to Bob and we know that another address belongs to Alice and we just need to hide connection between Bob and Alice in the form of transaction between them, then I see why anonymity set is in a range of blocks before or after Alice transaction to BitLaundry.

However, it we know Bob’s public address than HD wallet does not add anything to anonymity set. Even without HD wallet Bob may create new public address and send it to Alice so she will send Bitcoin to his new address. Then no difference from HD wallet anonymity set, right?

1. What’s the advantage of using a Deterministic Wallet, as opposed to generating many different keypairs?
   It allows you to back up your wallet with QR - or seed words to maintain all future addresses at once.

2. What advantage does a Type-2 wallet have over Type-1?
   Type-2 allows you to split the secure master_private_key and continue to generate public keys

3. What is the anonymity set for a receiver using a Deterministic Wallet?
   Public addresses can be changed after each transaction to help maintain a veneer of anonymity

HD wallets just made it easier to backup your wallet since you just need to do it once and all new public addresses are derived from master private key.

Exactly! Here’s an overly-detailed example just in case.

BitLaundry: Alice sends BTC to BitLaundry at 4:20pm on Monday. It’s forwarded to Bob at 10:50am on Tuesday. The max delay period is 24 hours, and 5 other people transact with BitLaundry in the past 24h. So Bob’s CIA agent sees a transaction coming from BitLaundry. Agent looks at the deposits to BitLaundry and see Alice’s address, and 4 other addresses, and isn’t sure which one sent their BTC to Bob. Here, his anonymity set is 5.

HD Wallets: Bob gets a fresh address from his HD wallets and sends it to Alice. Alice sends 1 BTC to Bob’s new address at 10:50am on Monday. So while Bob’s CIA agent watches Bob’s known address, ANY other Bitcoin transaction (for which the CIA doesn’t recognize the address) could be Bob’s. Here, his anonymity set is every unknown transaction.

1. It’s a wallet which you can backup once and it stays backed up forever because all future addresses are determined in advance. It can also be stripped down to a very small size which could be easily backed up on paper (QR code or seed phrase).
2. The advantage of the type-2 is that you can separately secure the Master_private_key, but still generate new addresses.
3. The anonymity set is the number of all the wallets that have unknown owners.

1. What’s the advantage of using a Deterministic Wallet, as opposed to generating many different keypairs?
Easier backup – no need to store many private keys for many addresses

2. What advantage does a Type-2 wallet have over Type-1?
You can separately secure the private key but still generate new addresses with the public key - ie. Public addresses are can be changed for every tx.

3. What is the anonymity set for a receiver using a Deterministic Wallet? (hint: to someone who knows another of Bob’s addresses, how many other unknown addresses on the blockchain might be Bob’s?)
The anonymity set is very large as it would be made up of all unknown addresses

1. It’s a wallet that you back up once and stays backed up forever.
2. Type-2 has the ability to generate addresses without access to private keys.
3. The public addresses are changeable after every transaction.

1. What’s the advantage of using a Deterministic Wallet, as opposed to generating many different keypairs?

You can backup once and it stays backed up forever because all future addresses are determined in advance.

2. What advantage does a Type-2 wallet have over Type-1?

Separately secure the Master_private_key, the parent private key, but still can generate new addresses.

3. What is the anonymity set for a receiver using a Deterministic Wallet? (hint: to someone who knows another of Bob’s addresses, how many other unknown addresses on the blockchain might be Bob’s?)

The anonymity set is the number of all the wallets that have unknown owners.

This concept is important to get right - scroll up and find my answer to #3

Done. Sorry I was sleepy.

1. The advantage of using a Deterministic Wallet is that you can backup once and it stays backed up for ever, as all future address are determined in advance. You can also strip it down to a small size which could easily be stored on a piece of paper (e.g with a QR code).

2. With Type-2 Wallet you can separatly secure the private key and still be able to generate new addresses from it.

3. For each transaction we have a unique address, so the anonymity set is very very high.

What is the advantage of using a deterministic wallet, instead of generating many different key pairs?
The backing once of it and that can be stored on paper.

What advantage does a type 2 wallet have over type 1?
the master private key can be stored separately and if someone violates the server or the machine where I have my wallet, they will not be able to access the funds.

What is the established anonymity for a recipient who uses a deterministic wallet? (hint: for someone who knows another of Bob’s addresses, how many other unknown addresses on the blockchain could be Bob’s?)
Since it generates at least 1000 addresses and only stores certain ones, so maintain anonymity

1. What’s the advantage of using a Deterministic Wallet, as opposed to generating many different keypairs?
   A. you can use different addresses rather than reuse the same one over and over again and have a single forever backup rather than non-deterministic wallets which larger and harder to backup over time.

2. What advantage does a Type-2 wallet have over Type-1?
   A. With type-2 you have a master private key generating fresh public addresses and can be stored separately.

3. What is the anonymity set for a receiver using a Deterministic Wallet? (hint: to someone who knows another of Bob’s addresses, how many other unknown addresses on the blockchain might be Bob’s?)
   A. If Bob uses new addresses each time, he should remain unseen as a reused address should reveal previous tx’s seen on the block explorer.

1. You can backup once and it stays backed up forever because all future addresses are determined in advance. It can also be stripped down to a very small size which could be easily backed up on paper (e.g. with a QR code). This is in contrast to the current non-determinstic wallets where the keys are random but are precomputed ahead so that you’re safe only if you backup at least every 100 get addresses or sends, and which grow large and harder to backup on paper over time.
2. The advantage of the type-2 is that you can separately secure the Master_private_key, but still generate new addresses with
   Publickey(type,n) = Master_public_key + H(n|S|type)*point.
3. It could be anyone using the blockchain. The anonymity set is all unknown addresses.

1: The wallet can backed up once as all the future addresses are already generated. itbcan also be reduced to a very small size possibly a QR code
2: the possibility separately securing the Master_private_key and still be able to generate new addresses.
3: A new address can be created for new TRX while being linked to the samw wallet

What’s the advantage of using a Deterministic Wallet, as opposed to generating many different keypairs?

From my understanding, the Deterministic wallet is better than just generating different keypairs is because the deterministic wallet can be backed up just once and stays that way forever because all future address are determined in advance. also it can be stripped down to a very small size can be easily backed up on paper. VS. generating many different keypairs which can lead to confusion and making hard to organize, along with it taking up alot of storage when trying to back up the address.

when we say that the wallet is backed up, where is it backed up to? also another question, when we say future address are determined, are we saying there not yet created? And are we saying that future address from the original are hashed from the original address, so the original address is hashing the future creations of the address? almost like a blockchain of address?

What advantage does a Type-2 wallet have over Type-1?

it seems to me the advantage of a Type-2 wallet over a Type-1 wallet is the fact that the type to hides access to the private keys, the public key is shown and a seed i also imagine is visible but the private key is hidden where as in Type-1 all that’s switched around is a different value for the address being used but only storing the address and only keeping a set amount of address to be stored.

What is the anonymity set for a receiver using a Deterministic Wallet? (hint: to someone who knows another of Bob’s addresses, how many other unknown addresses on the blockchain might be Bob’s?)

It seems like only 1 set used, and that 1 set of keys used can be switched up incredibly often and the public keys change after every transaction. does it change on its own? or do i have to manaully change the address after every use?

1 What’s the advantage of using a Deterministic Wallet, as opposed to generating many different keypairs?
You only need to back-up once and that would be saved indefinitely as future addresses are determined in advance. Also the data could be shortened into a QR code.

2 What advantage does a Type-2 wallet have over Type-1?
The type-2 explanation has the advantage over type-1 as you could possibly separate the master Private key eliminating any chance of a hacker stealing your funds whilst still able to generate new addresses.

3 What is the anonymity set for a receiver using a Deterministic Wallet? (hint: to someone who knows another of Bob’s addresses, how many other unknown addresses on the blockchain might be Bob’s?)
This question has really penetrated my brain, but, wouldn’t it be dependent on how many change addresses there were regarding the UTXO outputs?, so effectively from 1 to however many??

1. The advantage of using a deterministic wallet is that it can be backed up once as all future addresses are determined in advance. It stays backed up forever once done. Storing a backup is simpler.
2. A Type 2 wallet has the advantage over a Type 1 wallet in that it can generate public keys without exposing the master private key.
3. As a new address is generated for each transaction the anonymity set is all unknown addresses on the blockchain.

1. A deterministic wallet you can backup once and it stays backed up forever because all future addresses are determined in advance.
2. you can separately secure the Master private key, but still generate new addresses with
   Public key.
3. Public addresses are changable after every transaction.