Common-Input-Ownership Heuristic

Privacy-enhancing protocols like CoinJoin are designed to break the heuristic by combining inputs from multiple, unrelated users into a single transaction. This creates a false positive for common ownership, as the transaction's inputs are controlled by distinct entities who have coordinated only for privacy. Analysts must use clustering algorithms to identify and filter out these mixed transactions.

The heuristic fails for multi-signature (multisig) wallets and custodial services. A single transaction may require signatures from keys held by different individuals or institutions (e.g., a 2-of-3 multisig). While the inputs share a common script (the multisig address), they do not share a common owner. This is a critical exception for analyzing exchange or DAO treasury activity.

Sophisticated users can manually create transactions that violate the heuristic's core assumption. By carefully constructing a transaction where one input is spent to an output they control (change) and another input is from a completely different source they also control, they can create a link that appears to be a change address but is actually a deliberate attempt to trick clustering algorithms and poison the data set.

The heuristic operates on the transaction graph, not the script evaluation. With P2SH and SegWit (P2WSH, P2TR), the spending condition (the script) is revealed only when the output is spent. This means two inputs that satisfy the same complex script (e.g., a timelock) will appear linked by the heuristic, even if the keys required to sign are entirely different, leading to potential misclustering.

The heuristic's reliability decreases with the number of inputs in a transaction. A transaction with 2 inputs has a high probability of common ownership. A transaction with 50+ inputs (e.g., from a coin mixing round or a large exchange batch) has a much higher chance of containing inputs from unrelated parties, increasing the rate of false positives in entity clustering. Analysts often set input-count thresholds to improve accuracy.

The Common-Input-Ownership Heuristic is a blockchain analysis assumption that all inputs to a transaction are controlled by the same entity. It underpins most address clustering techniques, where multiple addresses are grouped into a single user profile or wallet. This heuristic is based on the requirement that a spender must possess the private keys for all inputs to create a valid cryptographic signature.

This heuristic creates a significant privacy leak by linking previously unlinked addresses. For example, if Alice uses UTXOs from addresses A, B, and C in one transaction, an analyst will cluster A, B, and C as belonging to 'User 1'. This can deanonymize users by connecting their pseudonymous addresses across different services or contexts, building a comprehensive financial graph.

Several other methods disrupt address clustering:

• PayJoin (P2EP): A transaction where the sender and receiver both provide an input, invalidating the single-owner assumption.
• Input/Output Splitting: Using many small inputs or creating many outputs to increase combinatorial complexity for analysts.
• Decoy Inputs (Dummy UTXOs): Including inputs that are not truly spent, adding noise to the transaction graph.

Sophisticated chain analysis firms use auxiliary data (exchange KYC, IP addresses, timing analysis) and probabilistic models to challenge privacy techniques. They may assign likelihood scores to clusters rather than binary ownership. The heuristic remains a powerful, if imperfect, tool, and complete privacy requires a combination of techniques and careful transaction graph hygiene.

The heuristic is specific to UTXO-based blockchains like Bitcoin and Litecoin. In the account-based model (e.g., Ethereum), the concept of linking inputs does not apply directly; instead, analysis focuses on internal transactions, smart contract interactions, and fund flow between externally owned accounts (EOAs). Understanding the underlying ledger model is crucial for privacy strategy.

The Unspent Transaction Output (UTXO) model is the accounting system used by Bitcoin and Cardano, where the Common-Input-Ownership Heuristic is applied. In this model:

• Coins exist as discrete, unspent outputs from previous transactions.
• A transaction spends one or more UTXOs as inputs and creates new UTXOs as outputs.
• The heuristic assumes all inputs to a transaction are controlled by a single entity, as they must all be signed to authorize the spend.

Address clustering is the analytical process of grouping multiple blockchain addresses believed to belong to the same entity. The Common-Input-Ownership Heuristic is the primary rule for creating these clusters.

• If multiple addresses are used as inputs to a single transaction, they are clustered together.
• This technique is used by chain analysis firms, researchers, and compliance tools to map wallet activity and estimate entity balances, though it is not foolproof.

CoinJoin is a privacy-enhancing transaction protocol designed explicitly to break the Common-Input-Ownership Heuristic. It allows multiple users to combine their transaction inputs into a single, larger transaction.

• The key feature is that each user signs only their own input(s), not all inputs.
• This creates ambiguity for analysts, as the heuristic incorrectly clusters the inputs of all participants together, providing plausible deniability and enhancing financial privacy.

A change address is a new output in a transaction that sends 'change' back to the spender. Identifying it is a related analytical challenge.

• In a typical transaction, one output goes to the recipient and another (the change) goes back to a new address controlled by the sender.
• Analysts use patterns (e.g., a new output with a value not matching a common payment amount) to guess which output is the change, further refining address clusters. Misidentification can break clustering accuracy.

The Common-Input-Ownership Heuristic is a probabilistic assumption, not a cryptographic guarantee. It can produce false positives in several scenarios:

• Multi-signature wallets: Inputs may be controlled by different parties.
• CoinJoin and privacy protocols: Deliberately break the heuristic.
• Exchange batch processing: An exchange may combine user funds into a single transaction for efficiency, clustering all customer addresses.
• Custodial services: A service may sign transactions on behalf of many users from pooled UTXOs.

Entity resolution is the broader goal of blockchain analysis that uses the Common-Input-Ownership Heuristic as one of several rules. It involves combining multiple heuristics and external data to map addresses to real-world entities (e.g., exchanges, mining pools, services).

• Other heuristics include change address detection and peeling chain analysis.
• The process is iterative, building a graph of addresses and transactions to infer ownership and behavior at scale for compliance, research, and intelligence.