A financial flow (transaction graph) analysis aims to track a single entity’s spending over multiple transactions. By naively mapping the flow relationship of bitcoins, analysts can miss obvious signs of coins changing hands.
Additional information known as wallet or software “fingerprinting” can be used to help determine when bitcoins are spent by a different software. Spending by wallets with a new fingerprint is a heuristic for coins changing ownership. The latest OXT transaction graph update visually encodes changes in wallet fingerprints on the graph to improve analysis accuracy.
Entity Tracking Recap — Change Detection
To track an entity, “change detection” heuristics are used to determine which transaction outputs are payments and which outputs are “change” returned to the original spender. The analyst evaluates the full transaction details including the input and output amounts, script types, output positions, and more. If one or more change heuristics can be applied, the analyst continues tracking the spender to the next transaction. We previously presented several change detection heuristics in these posts and Youtube playlist.
Applying these simple heuristics in combination can be extremely accurate. Academic researchers are looking to thoroughly establish the accuracy of change detection heuristics using machine learning algorithms as presented here and here.
The results of these papers indicates that including wallet fingerprinting such as different script types, version numbers, and lock times encountered during a transaction graph analysis can be used to improve tracking.
OXT’s New Fingerprint Mode
OXT’s transaction graph is a directed acyclic graph. Nodes on the graph represent transactions. Edges (lines) map the relationships between nodes. To provide maximum detail and minimize cognitive load on the analyst, OXT’s new Fingerprint Mode encodes the various transaction and TXO data in different ways.
Transaction details are encoded by varying node shapes and shading. TXO details are encoded by varying edge linetype and color.
The end result makes change detection easier for analysts and visually displays different fingerprints to transaction graph observers without the observer needing to know what these differences are.
With this new data visualizer, bitcoin users can keep pace with the advances in academic research and evaluate the impacts of using wallets that do not support anti-fingerprinting defaults.
Menus and Buttons
A summary of the buttons on the transaction graph tool bars is presented below.
Quick access menus for transactions, TXOs, and comments are presented below. These are accessed via right-clicking the desired object.
Fingerprint Mode Legend
Transaction Version Number Encoded via Node Color
dark grey = version no. 1
light grey = version no. 2
Transaction Locktime Encoded via Node Shape
circle = 0
square = block height
hexagon = timestamp
TXO “Script Hash” Type via Edge Dashing
one interspace = P2SH
two interspaces = P2WSH
three interspaces = P2TR
no dashes = non script hash scripts (unnested P2PKH, P2WPKH, raw multisig, etc)
TXO Script Type via Edge Coloring
green = P2PK/P2PKH
orange = multisig
yellow = OP_Return
light-blue = P2WPKH/P2SH
pink = non-standard
- Search Bar: auto-completes possible addresses with additional unique address characters
- Mouse hover over transactions now includes version number and locktime
- Transaction Details Window includes txid copy button
- Transaction Details Window includes expand all inputs or outputs buttons
- When expanding a single TXO from the transaction details window, the selected TXO is automatically made active
Enjoy the update. Comments and feedback are welcome.