8 methods in which your change address can be identified

Transfers in Bitcoin are very similar to those of traditional banking, in both cases they are composed of inputs (income) and outputs (expenses). The difference lies in how the funds are moved. In the case of traditional banking, the exact amount that the user wants to pay is always sent (no change or return is generated), while in Bitcoin it is like paying with cash: Imagine that you buy with a $10 bill an item of $7, in that transaction the merchant will have to give you $3 of change.

In Bitcoin the payment address is the one you send the $7 to and the change or return address is where the $3 of my example is deposited. The change address serves as a clue to blockchain spies to obtain information on expenses, savings, and possibly the personal identities of Bitcoin users.

What happens if they find out what my change address is?

Change address detection allows your adversary to have a starting point to keep an eye on your future transactions. From that address, a spy can know how much savings you have, the amounts you spend, the exchange you use, if you have sent your coins to Coinjoin services and even what wallet you use. As you can see, an error when handling the change in a Bitcoin transaction can be enough to create a privacy loss problem.

Methods by which they identify your direction of change

1. Shadow heuristics (reuse of an address)

Its premise is that in every Bitcoin transaction in which it is observed that an address is reused (income from several transactions) that address is the payment address. Therefore, the address that does not present reuse is a change output.

This assumption is strong because wallet software automatically creates new addresses to receive changes. While payment addresses are chosen manually and sent between people, who out of ignorance or apathy can deliver an address already used.

How to combat it?

• Do not reuse addresses when receiving a payment.
• When making a payment, check before that the address given to you by your counterparty (recipient) has not been reused.
• Use a wallet that generates new public addresses every time you receive a payment.
• Do not use paper wallet or static addresses to receive payments or donations.

2. Wallet fingerprint

A spy can trace the fingerprint of the wallet that creates a transaction and use that information to detect the change output. Because different wallet software don't always create transactions in exactly the same way.

For example, a SegWit address (starts with "3") with a 2-of-3 multisig pay on a transaction with two outputs:

One output goes to a SegWit address (starts with "3") multisig 2-of-3 and the other goes to a SegWit address (starts with "3") multisig 2-of-2.

The (different) scripts of the outputs are a strong indication of what the change address is.

How to combat it?

• Avoid using unusual Script to make everyday payments. Use multisig just for your long-term savings.

3. Round numbers

Usually the amount of payments is in round numbers, therefore, the change will be a non-round number. This is potentially useful for finding the change output.

The amount can be a round number in another currency (fiat, altcoin)

How to combat it?

• Avoid making payments with round numbers (in terms of BTC or a fiat currency)
• Using wallets like Samorai Wallet that has PayJoin tools: Stonewall, StonewallX2 and Stowaway, these allow you to obfuscate the amount of your payments.

4. Mining fee increase (RBF/CPFP)

If you use RBF or CPFP to speed up the confirmation of a payment, your adversary can observe unconfirmed transactions, see your initial low fee transaction and the new high rate transaction (to be confirmed soon). The output with the reduced amount would be the change output.

How to combat it?

• Check the mempool before choosing the mining fee you will pay for your transaction.
• Use a wallet that allows you to choose the mining fee and shows you the approximate of how many blocks it will take to confirm (Samourai Wallet is a good option).
• Avoid using RBF the CPFP.
• Reducing the amount of both outputs (payment and change).
• Reducing only the payment amount (in a sender model pays CPFP).

5. Unnecessary Input Heuristics (optimal change heuristics)

If you use more than one entry to pay an amount that was settled with only one, then your adversary will know that the payment output is the one with the highest value and the change output is the one with the lowest value.

How to combat it?

• Add more inputs until the output change is higher than any input. Unfortunately, this costs more in miner fees and can only be done if the wallet actually owns other UTXOs.
• Use wallets that allow you coin control so that you choose the UTXO to spend according to the amount to be paid (spend the full UTXO as far as possible).
• Use a wallet like Samourai Wallet that by default generates transactions with the largest possible amount depending on what you need to pay. This causes the change output to be higher than the payment output and increases the plausible deniability of transactions.

6. Different scripts

Using a change address with a different script than the paid address makes it easier to know which output (address) is change.

How to combat it?

• Using an change address with the same format as the payment address, it allows you to hide which is the change output and the payment output.
• If you can't select the format of your change addresses, ask the payer (your counterparty) to give you a public address similar in format to your change addresses.
• Use wallets like Samourai Wallet which by default and automatically generates change addresses similar to the payment address.

7. Wallet errors

Some wallets handle change in a loose way:

• Placing the change address in the last place of the transaction.
• They do not support the three address formats available in Bitcoin (legacy "1", SegWit native"bc1" and SegWit "3" compatible).
• They add entries in the transaction until a set amount is generated for the change output.

How to combat it?

• Use wallets that support all three (3) address formats and allow you to choose the change address format.

8. CoinJoin of equal outputs

CoinJoin transactions with equal outputs reveal the change output, because it is the output that does not have the same value.

How to combat it?

• Using ConJoin tools where the change does not participate in the transaction (Samourai Wallet's Whrilpool is a good choice).

Reference:

Privacy - Bitcoin Wiki

Bitcoin Wiki

Don't trust, Verify.