3
From question 3 in a project titled Blockchain: CSI (in what looks like a very cool class, run by University of Virginia!):
Problem 3. The Heuristic 1 (Section 4.3) used to detemine sets of public addresses owned by the same entity is based on the assumption that all inputs to a bitcoin transaction are controlled by the same entity. According to the paper, “the sender in the transaction must know the private signing key belonging to each public key used as an input, so it is unlikely that the collection of public keys are controlled by multiple entities (as these entities would need to reveal their private keys to each other).” Explain why this is not actually true. (A good answer will consider in more detail what is needed in the unlocking script to spend each input.)
How is this a flawed assumption?
And this principle is used in CoinJoin, which is specifically designed to improve privacy by thwarting the assumption in the question. – Pieter Wuille – 2015-11-11T09:45:16.467
Good point! It's still a fair assumption to make, isn't it? Ie how likely could it be that the partially signed Txs are not funded with inputs from immediately related parties/stakeholders? – Wizard Of Ozzie – 2015-11-11T09:47:18.123
@WizardOfOzzie If the transaction you are looking at is interesting enough to investigate, it's more likely that it was also more important for the sending party to try to anonymize it through CoinJoin as Pieter mentioned. – Jannes – 2015-11-11T10:02:29.447