Topic: Easter egg (Steganographic Transactions) (Read 1485 times)

SPOILER. Don't read this post if you don't want to know the answer.











These 4 transactions look like classic payments:
- several inputs controlled by a payer are merged
- an amount is sent to an address controlled by a payee
- change is sent to an address controlled by the payer

Actually, it's possible (likely ?) that these transactions were classic payments, but they might be something else: "steganographic transactions"

Let's see the 3rd transaction:
- The 1st output (19z5fD6LhhiRupqezw7vi3fuumt5jCS9LU - 0.01 BTC) seems deterministically linked* to the 2nd input (1P3RfYxRTkTLdwXAVYzh41sfyMgzppELZA - 0.01 BTC)
- The 2nd output seems deterministically linked* to the others inputs

It means that this transaction might be:
- a classic payment transaction built by a single user
- a manually crafted transaction merging a txo controlled by a user A (the 2nd input) with txos controlled by a user B (the others inputs). No payment is done. The transaction just sends the coins to others addresses controlled by the users.
- ... (more weird scenarii)

This second interpretation has some "fun" properties:
- detection of this pattern is quite hard for human eyes
- it breaks the "merged inputs" heuristic used by some tools in order to clusterize addresses in wallets


A few remarks:
- The 4th transaction is similar to the 3rd transaction (no fee)
- The 1st and 2nd transactions have the same property but they pay a fee and the pattern is even more difficult to detect.
  Example: In the 1st transaction, the 3rd input (14okJQwaHJ3xHBtdU3LxqUEuXcsHhz9gtE - 0.01301568 BTC) seems deterministically linked to the 1st output (1Njw6FuxuVk293LwYREHxvUVUhx5MfzJLf - 0.01251568 BTC)


It remains a "mystery" for the 3rd and 4th transactions:
If they're classic payments, I don't know why the wallet has added an additional input/output. Hypotheses:
- a feature of the wallet, ensuring that there's always a minimum of 2 outputs ?
- a bug in the algorithm selecting the inputs ?
- manually crafted transactions ?


I wouldn't be surprised if someone already discussed this pattern. On my side, I've spotted the transactions this morning, while doing some tests, and found it was a funny coincidence (because, you know...easter eggs).


*: "deterministically linked" means the input and the output are linked whatever the correct interpretation of the transaction. I wrote "seems" because, with some more advanced scenarii, this statement might be proven wrong.

It's not about the size.

Another hint: steganography (...but don't lose your time with a message hidden in the transactions)

I did not get the answer but I found something in common between https://blockchain.info/tx/01b5fc9c33633af82f01eaf2ef94cce21077066a01f05293a64f936ba75bb2a0

https://blockchain.info/tx/2ecc6a57dec613272adbd2bebc3a78259de1ecf964e099a3d5c2765785c606a0


The size is 978 bytes for both the transactions.

Another hint: it's not bad for privacy

It's not related to change addresses.

Another hint: the title of the post may help 

I dont want to search so long but maybe you mean that you can, with the use of change addresses, find out, with a high certainty, more addresses someone owns?

Change addresses are a risk to anonymity in my eyes.

Only guessing... 

Just a little game.

Will you find the common denominator of these transactions ?
https://blockchain.info/tx/01b5fc9c33633af82f01eaf2ef94cce21077066a01f05293a64f936ba75bb2a0
https://blockchain.info/tx/2ecc6a57dec613272adbd2bebc3a78259de1ecf964e099a3d5c2765785c606a0

No clue ? Two more examples:
https://blockchain.info/tx/1892c498a9af56157c50ce62ccfb462afe987f3f29d31c36ee3b37f7c688ca3e
https://blockchain.info/tx/b91719b0cf09a119ee052ecf93fb83128168f3f3f309a7d9f60514e7a6cccb7f

Hint: privacy, merged inputs

EDIT 07/03: Answer added into the title of the post