Bitcoin Privacy Scoring: Assess Transaction Privacy

How Bitcoin Transaction Privacy Is Scored

Every Bitcoin transaction is permanently recorded on a public ledger. Chain analysis firms like Chainalysis, Elliptic, and Crystal Blockchain exploit structural patterns in transactions to cluster addresses, identify wallet software, and link on-chain activity to real-world identities. Understanding how these heuristics work is the first step toward evaluating and improving your own transaction privacy.

Privacy scoring assigns a quantitative measure to how resistant a transaction is to deanonymization. The most rigorous framework is Boltzmann analysis, which calculates the entropy (number of possible interpretations) of a transaction's input-to-output mapping. A transaction with zero entropy has a single deterministic interpretation: an analyst knows exactly which input funded which output. Higher entropy means more ambiguity, making clustering harder.

Chain Analysis Heuristics

Chain analysis relies on a set of well-documented heuristics. Each exploits a different structural weakness in how wallets construct transactions. The following table summarizes the major heuristics, their mechanism, and their reliability.

Common Input Ownership Heuristic

The Common Input Ownership Heuristic (CIOH) is the foundation of nearly all chain analysis. When a transaction has multiple inputs, the heuristic assumes that all inputs belong to the same wallet. This assumption holds for standard wallet behavior: when a single UTXO is insufficient to cover the payment amount, the wallet automatically selects additional UTXOs from the same keychain.

CIOH enables address clustering at scale. Chainalysis Reactor and similar tools build massive cluster graphs by following input merges across thousands of transactions, eventually linking clusters to known entities (exchanges, merchants, darknet markets) where KYC data exists.

The heuristic breaks down for CoinJoin transactions, where multiple independent users contribute inputs to a single transaction. PayJoin (BIP 78) specifically exploits this weakness: the receiver contributes an input to what looks like a normal payment, making CIOH produce incorrect clusters. For a deeper analysis of PayJoin mechanics, see our PayJoin privacy research.

Change Detection and Output Analysis

After identifying input ownership, analysts try to determine which output is the payment and which is change returning to the sender. Several sub-heuristics contribute to change detection:

• Script type matching: if all inputs are P2WPKH (native SegWit) and one output is P2WPKH while the other is P2TR (Taproot), the P2WPKH output is likely change (wallets tend to send change to the same script type)
• Round number analysis: a payment of exactly 0.05 BTC with a remainder of 0.03847291 BTC makes the round output the likely payment
• Fresh address heuristic: an output sent to an address with no prior transaction history is more likely to be change (generated by the sender's HD wallet)
• Unnecessary input heuristic: if a transaction could have been constructed with fewer inputs, the "extra" input suggests the smaller output is change being consolidated

Each heuristic alone is probabilistic, but combining multiple signals produces high-confidence change identification. Effective coin control and deliberate output construction can defeat these heuristics.

Address Reuse and Wallet Fingerprinting

Address reuse is the single most damaging privacy mistake a Bitcoin user can make. Approximately 50% of all Bitcoin transactions still involve reused addresses, down from over 75% in 2013. When an address is reused, every transaction involving that address is trivially linked: no heuristic is needed, the connection is deterministic.

Wallet fingerprinting adds another layer of deanonymization. Different wallet software produces transactions with distinct structural signatures: Bitcoin Core uses a different fee estimation algorithm than Electrum, Sparrow orders outputs differently than BlueWallet, and each wallet has unique input selection behavior. Analysts can identify the wallet software that constructed a transaction purely from these on-chain artifacts, which narrows the search space for linking transactions to specific users.

Broadcasting transactions through onion routing (Tor) prevents network-level observers from correlating your IP address with your transaction. Without Tor, a node operator or ISP-level observer can link the first relay of a transaction to the broadcaster's IP. Bitcoin Core supports Tor natively, and several mobile wallets offer optional Tor routing. For more on network-level privacy, see our onion routing privacy analysis.

Privacy Anti-Patterns and Countermeasures

The following table maps common privacy mistakes to their impact and the specific countermeasure that addresses each one.

For a comparison of tools that implement these countermeasures, see our Bitcoin privacy tools comparison.

Scoring Your Transaction Privacy with Boltzmann Analysis

Boltzmann analysis, created by LaurentMT of OXT Research, provides the most rigorous quantitative framework for evaluating transaction privacy. The core metric is transaction entropy, calculated as E = log2(N) where N is the number of possible interpretations of which inputs funded which outputs.

A standard two-input, two-output transaction where both outputs are the same amount has an entropy of 1 bit: there are two equally valid interpretations. A CoinJoin with 50 equal-amount participants can achieve entropy above 5 bits. A simple one-input, two-output transaction with clearly distinguishable amounts has entropy of 0: only one interpretation is possible.

Boltzmann also produces a Link Probability Matrix (LPM) that scores the probability of each input-output pairing. A deterministic link (100% probability) means the analyst can be certain which input funded which output. Probabilistic links below 50% introduce meaningful ambiguity. The OXT blockchain explorer at oxt.me integrates Boltzmann scores directly into transaction pages, making it accessible for quick privacy audits.

Practical rule of thumb: if your transaction has only one possible interpretation (entropy = 0), an analyst can fully trace the payment flow. Aim for transactions with entropy above 1 bit, which requires at least two equally plausible interpretations.

Privacy Tools: Current Status (2026)

The landscape of Bitcoin privacy tools has shifted significantly since 2024 due to regulatory enforcement actions. Understanding what is available and operational matters for anyone building a privacy strategy.

• CoinJoin via Wasabi Wallet: zkSNACKs shut down its centralized coordinator on June 1, 2024, citing US regulatory pressure. The wallet remains open-source and users can connect to third-party community coordinators
• Whirlpool (Samourai Wallet): founders arrested in April 2024 and sentenced in November 2025 (5 and 4 years respectively). The service is no longer operational
• JoinMarket: remains functional as a decentralized maker/taker CoinJoin implementation without a central coordinator
• PayJoin v2 (BIP 77): merged in 2025, enabling asynchronous PayJoin without requiring the receiver to run a server. Implemented by Bull Bitcoin and Cake Wallet
• Silent Payments (BIP 352): merged May 2024, updated to v1.1.0 in March 2026. Supported by Cake Wallet and BitBox. Enables receiving to a static address without address reuse
• Coin control: available in Bitcoin Core, Electrum, Sparrow, and most power-user wallets. The most accessible privacy tool with no regulatory risk

For a broader view of Bitcoin privacy techniques including Lightning Network privacy properties, see our Bitcoin privacy techniques research and Lightning Network privacy analysis.

Building a Privacy Checklist

Transaction privacy is not binary: it exists on a spectrum. The following checklist, ordered by impact and accessibility, provides a practical framework for improving your Bitcoin privacy score:

1. Never reuse addresses. Use an HD wallet that derives a fresh address for every receive. Consider adopting Silent Payments for static payment codes that avoid reuse
2. Enable coin control. Manually select which UTXOs to spend so you never accidentally merge coins from different contexts. See our UTXO management guide for strategies
3. Route transactions through Tor. Configure your wallet or node to broadcast transactions over Tor to prevent IP correlation
4. Avoid round payment amounts when possible. If you must send a round amount, consider using PayJoin to obscure the payment structure
5. Freeze dust UTXOs. Do not spend small outputs received from unknown sources: they may be dust attacks designed to force CIOH clustering
6. Use Taproot addresses (P2TR). Taproot key-path spends all look identical on-chain regardless of the underlying spending conditions, reducing wallet fingerprinting surface
7. Consolidate UTXOs during low-fee periods using coin control. Merge coins that already share the same identity to reduce future input count without leaking new information
8. Consider layer 2 for routine payments. Lightning Network transactions are not recorded on the base chain, and protocols like Spark enable off-chain transfers that leave no UTXO trail for chain analysts to follow

Frequently Asked Questions

Can Bitcoin transactions be traced?

Yes. Bitcoin transactions are recorded on a public blockchain and can be analyzed using chain analysis heuristics. Companies like Chainalysis (serving over 10 US federal agencies) and Elliptic (covering 97% of crypto market value) specialize in tracing transaction flows and linking addresses to identities. However, the degree of traceability depends on the user's behavior: proper use of coin control, address hygiene, and privacy tools like CoinJoin or PayJoin can significantly increase the difficulty and cost of analysis.

What is the Common Input Ownership Heuristic?

The Common Input Ownership Heuristic (CIOH) assumes that all inputs to a Bitcoin transaction belong to the same entity. Since wallets automatically select multiple UTXOs when a single output is insufficient, this assumption is correct for most standard transactions. Chain analysis firms use CIOH to build address clusters that can contain thousands of addresses, all attributed to one wallet. CoinJoin and PayJoin transactions break this heuristic by combining inputs from multiple independent users.

What is Boltzmann analysis for Bitcoin transactions?

Boltzmann analysis is a framework developed by OXT Research that quantifies transaction privacy using information theory. It calculates transaction entropy (E = log2(N)) based on the number of valid interpretations of a transaction's input-output mapping. An entropy of 0 means the transaction has one deterministic interpretation (no privacy). Higher entropy means more ambiguity. The analysis also produces a Link Probability Matrix showing the likelihood of each input-output pairing. You can check Boltzmann scores for any transaction on the OXT blockchain explorer.

How does address reuse affect Bitcoin privacy?

Address reuse is the most damaging privacy practice in Bitcoin. When you receive multiple payments to the same address, all transactions are trivially linked on the public blockchain with no heuristic analysis required. Approximately 50% of Bitcoin transactions still involve reused addresses. The fix is straightforward: use an HD wallet (BIP 32/44/84) that generates a new address for every receive, or adopt Silent Payments (BIP 352) which allows publishing a single static payment code while receiving to unique addresses on-chain.

What happened to Samourai Wallet and Wasabi Wallet?

Both major CoinJoin implementations faced regulatory action in 2024. Samourai Wallet's founders were arrested in April 2024 and sentenced in November 2025 to 5 and 4 years in prison for operating an unlicensed money transmitting business. The Whirlpool CoinJoin service is no longer operational. Wasabi Wallet's coordinator (zkSNACKs) shut down voluntarily on June 1, 2024, citing US regulatory pressure. Wasabi remains available as open-source software with community-run coordinators. JoinMarket continues to operate as a decentralized alternative.

What are Silent Payments and how do they improve privacy?

Silent Payments (BIP 352), merged in May 2024, allow a receiver to publish a single static payment code. Senders use this code combined with their own keys to derive a unique on-chain address for each payment. The receiver can detect incoming payments by scanning the blockchain, but no outside observer can link the static code to any specific on-chain address. This eliminates address reuse without requiring interaction between sender and receiver. Cake Wallet and BitBox currently support Silent Payments.

Does using the Lightning Network improve on-chain privacy?

Lightning Network transactions are not recorded on the Bitcoin base chain, which removes them from on-chain analysis entirely. The channel open and close transactions are still visible, but the individual payments routed through the channel are not. This makes Lightning inherently more private for routine payments than on-chain transactions. Layer 2 protocols like Spark extend this further by enabling off-chain transfers that leave no on-chain footprint until final settlement.

This guide is for informational purposes only and does not constitute legal or financial advice. Privacy tools and their legal status vary by jurisdiction. Chain analysis capabilities and privacy techniques evolve rapidly. Always verify current tool availability, regulatory status, and best practices before implementing a privacy strategy.