Bitcoin Privacy Glossary

Key terms and concepts for understanding Bitcoin on-chain privacy.

A

Address Reuse: Using the same Bitcoin address for multiple transactions. Creates deterministic links between all transactions involving that address, severely degrading privacy.

B

BIP47 (Reusable Payment Codes): A protocol that allows two parties to create a shared secret from which unique addresses are derived for each payment. Prevents address reuse without requiring out-of-band address exchange.
Bisq: A decentralized, non-custodial Bitcoin exchange operating as a peer-to-peer network with no central server. Bisq trades use 2-of-2 multisig escrow transactions on-chain and send trade fees to publicly known DAO addresses, making them identifiable by chain analysis. Unlike centralized exchanges, Bisq does not require identity verification.
Branch and Bound (BnB): A coin selection algorithm that searches for UTXO combinations that exactly match the payment amount plus fee, eliminating the need for a change output. By producing changeless transactions, BnB defeats change detection heuristics entirely. Bitcoin Core uses BnB as its default coin selection strategy.
Boltzmann Entropy: A measure of the number of possible interpretations of a Bitcoin transaction's inputs and outputs. Higher entropy means more ambiguity and better privacy. Named after physicist Ludwig Boltzmann.

C

Chain Analysis: The practice of tracing Bitcoin fund flows by applying heuristics to the public blockchain. Used by surveillance firms like Chainalysis and Elliptic to cluster addresses and deanonymize users.
Change Output: The output in a Bitcoin transaction that returns unspent funds to the sender. Identifying change outputs links the sender to future transactions. Change detection is a core chain analysis technique.
CPFP (Child Pays for Parent): A fee bumping technique where a new transaction (the child) spends an unconfirmed output at a high fee rate, incentivizing miners to confirm both transactions. Unlike RBF, CPFP does not modify the original transaction. However, CPFP requires spending an unconfirmed output as a child input, which reveals which output belongs to the bumper (typically the change). For privacy-sensitive transactions, setting an adequate initial fee is preferable to either fee bumping method.
Common Input Ownership Heuristic (CIOH): The assumption that all inputs in a transaction belong to the same entity. The foundational clustering heuristic used by chain surveillance firms. CoinJoin is the primary way to break this assumption.
Coin Control: A wallet feature that allows manual selection of specific UTXOs as inputs for a transaction, rather than relying on the wallet's automatic selection algorithm. Essential for privacy because it prevents accidentally co-spending UTXOs from different sources, which would link them via the Common Input Ownership Heuristic.
CoinJoin: A technique where multiple users combine their transactions into one, breaking the common-input-ownership assumption. Implementations include Whirlpool (5 equal outputs) and WabiSabi (variable amounts, 20+ participants).
Consolidation (UTXO Consolidation): A transaction that combines multiple UTXOs into fewer outputs (usually one), typically to reduce future transaction fees. Creates zero entropy and links all input addresses together via the Common Input Ownership Heuristic. For privacy, only consolidate UTXOs that are already linked, or run them through a CoinJoin first.

D

Dust Attack: Sending tiny amounts of Bitcoin (dust) to target addresses. If the recipient spends the dust alongside other UTXOs, the attacker can link those addresses together, mapping the victim's wallet.

H

HD Wallet: A Hierarchical Deterministic wallet that generates a new address for each transaction from a single seed phrase. Avoids address reuse by default. Defined in BIP32/BIP44.
Heuristic: A rule-of-thumb used to infer information about a Bitcoin transaction. am-i.exposed applies 30 heuristics to estimate what surveillance firms can deduce about any transaction or address.
Hodl Hodl: A non-custodial, peer-to-peer Bitcoin trading platform that uses 2-of-3 multisig escrow with the platform as a key-holding arbitrator. The platform never takes custody of funds. Trades create P2SH or P2WSH multisig outputs on-chain, with the multisig structure revealed when the escrow is spent.

J

JoinMarket: A decentralized CoinJoin implementation using a maker-taker model. Makers offer liquidity and earn fees; takers pay for privacy. Creates transactions with varied input/output counts.

M

Mempool: The set of unconfirmed Bitcoin transactions waiting to be included in a block. am-i.exposed fetches blockchain data from the mempool.space API (or a self-hosted instance).
Multisig (Multi-Signature): A spending condition requiring M of N private keys to authorize a transaction (e.g., 2-of-3). Used for shared custody, escrow, and enhanced security. Legacy bare multisig is visible on-chain before spending. P2SH/P2WSH multisig reveals the structure only when spent. Taproot multisig using MuSig2 is indistinguishable from a single-signature spend on-chain.

O

OP_RETURN: A Bitcoin script opcode that embeds arbitrary data in the blockchain. Can leak metadata like timestamps, protocol identifiers, or messages that fingerprint the transaction.

P

PayJoin (P2EP): A transaction where both sender and recipient contribute inputs, breaking the Common Input Ownership Heuristic. Appears identical to a normal transaction on-chain - an observer cannot determine that two parties participated. Also called Pay-to-Endpoint (P2EP) or Stowaway (in Ashigaru). PayJoin V2 (BIP-77) operates asynchronously without requiring the recipient to run a server.
PayJoin v2 (BIP77): The asynchronous, serverless version of the PayJoin protocol defined in BIP77. Unlike PayJoin v1 which required the receiver to run a server and respond in real time, v2 uses a relay directory so sender and receiver do not need to be online simultaneously. Both parties contribute inputs, breaking the Common Input Ownership Heuristic while producing a transaction indistinguishable from a normal payment.
PayNym: A user-friendly identity layer built on BIP47 reusable payment codes. Allows receiving Bitcoin without revealing addresses publicly. Used by Samourai and Sparrow wallets.
Peel Chain: A pattern where a large UTXO is repeatedly spent, peeling off small payments and returning the remainder as change. Creates a traceable chain of decreasing outputs (e.g. 2.0 BTC -> pay 0.1, change 1.9 -> pay 0.2, change 1.7). Chain analysts use this to track funds across many transactions.
Privacy Score: A 0-100 rating computed by am-i.exposed based on 30 heuristics. Starts at 70, adjusted by findings. Only CoinJoin, Taproot, and high entropy can raise it. Grades: A+ (90-100), B (75-89), C (50-74), D (25-49), F (0-24).

R

Round Amount Detection: A heuristic that identifies round-number outputs (e.g., 0.1 BTC, 1,000,000 sats) as likely payments, with the non-round output being change. Reveals spending patterns.

S

Script Type: The address format used in a transaction (P2PKH, P2SH, P2WPKH, P2TR). Mixing script types in inputs or outputs can fingerprint change outputs since the change usually matches the sender's address type.
Self-send (Self-transfer): A transaction where one or more outputs return to an address that was also an input. This trivially identifies the change output, revealing the sender's remaining balance and the exact payment amount. HD wallets avoid this by generating a fresh change address for every transaction.
Silent Payments (BIP352): A protocol that allows a recipient to publish a single static payment address from which senders derive unique, unlinkable Taproot (P2TR) outputs for each payment. Unlike BIP47, Silent Payments require no on-chain notification transaction. The recipient scans the blockchain using the sender's input public keys to detect payments. Supported by Bitcoin Core 28+, Cake Wallet, and Silentium.
Stonewall: A steganographic transaction format from Samourai Wallet (now Ashigaru) that mimics a CoinJoin. Has 2-4 inputs and exactly 4 outputs: 2 equal-valued outputs (one real payment, one decoy) and 2 change outputs. Solo Stonewall uses only the sender's UTXOs. STONEWALLx2 involves a collaborator contributing inputs, making it indistinguishable from a genuine 2-party CoinJoin.
Submarine Swap: A trustless atomic exchange between on-chain Bitcoin and Lightning Network payments using Hash Time-Locked Contracts (HTLCs). Allows moving funds between layers without a trusted intermediary. Boltz Exchange is the primary non-custodial provider. Useful for breaking the on-chain trail by converting on-chain UTXOs to Lightning and back.
Sweep: A transaction that sends the entire balance of one or more addresses to a single output with no change. Common when migrating wallets or claiming funds. A single-input sweep (1-in-1-out) has zero entropy. A multi-input sweep additionally links all input addresses via the Common Input Ownership Heuristic. Provides zero unlinkability.

T

Taproot: A Bitcoin upgrade (activated November 2021) that makes complex spending conditions look like simple ones on-chain. Improves privacy by making multisig, timelocks, and scripts indistinguishable from regular payments.
Taproot Channels: Lightning Network channels that use Taproot (P2TR) outputs with MuSig2 key aggregation for the 2-of-2 funding multisig. Unlike legacy P2WSH channels, Taproot channel opens and cooperative closes are indistinguishable from regular single-signature Taproot spends on-chain, eliminating the Lightning channel fingerprint. Supported by LND (simple-taproot-channels) and Core Lightning (CLN).
Tor: An anonymity network that routes internet traffic through multiple relays. am-i.exposed auto-detects Tor Browser and routes API requests through the mempool.space .onion endpoint to hide which addresses are being queried.

U

UTXO: Unspent Transaction Output - the fundamental unit of Bitcoin. Each UTXO is a discrete chunk of bitcoin that can be spent as an input in a future transaction. Managing UTXOs carefully is key to maintaining privacy.

W

Wallet Fingerprint: Distinctive patterns left by wallet software - transaction version, locktime, sequence numbers, signature encoding - that reveal which wallet created a transaction.
Whirlpool: A CoinJoin implementation by Samourai Wallet that creates transactions with exactly 5 equal outputs at fixed denominations (0.5, 0.05, 0.01, 0.001 BTC), achieving high entropy and strong privacy.
WabiSabi: A CoinJoin protocol used by Wasabi Wallet that allows variable-amount outputs using cryptographic credentials. Supports 20+ participants per round with flexible denomination selection.

Ready to analyze a transaction? See these concepts in action.

Methodology Scan now