Chapter 31 Exercises

Conceptual Understanding

Exercise 31.1: Pseudonymity vs. Anonymity

A friend tells you, "I don't need to worry about privacy — Bitcoin is anonymous." Write a 300-word explanation of why this statement is incorrect. Your explanation should: - Define the difference between pseudonymity and anonymity - Give a concrete example of how a pseudonymous Bitcoin user can be identified - Explain why the permanent nature of the blockchain makes this problem worse than it might initially appear

Exercise 31.2: The Transparency Spectrum

Create a table comparing the privacy properties of the following payment methods across these dimensions: (a) transaction amount visible to third parties, (b) identity of sender visible to third parties, (c) identity of recipient visible to third parties, (d) transaction history permanently recorded, (e) government can access records with legal process.

Payment methods to compare: 1. Physical cash 2. Credit card 3. Bank wire transfer 4. Bitcoin 5. Monero 6. Zcash (shielded transaction) 7. A hypothetical CBDC with "controllable anonymity"

Exercise 31.3: Chain Analysis Heuristics

For each of the following scenarios, identify which chain analysis heuristic(s) could be used to de-anonymize the user, and explain how:

a) Alice uses the same Bitcoin address for all her transactions over a six-month period.

b) Bob creates a transaction with three inputs from different addresses, sending 0.5 BTC to a merchant.

c) Carol sends 1.0 BTC from her address. The transaction has two outputs: 0.37 BTC to one address and 0.6295 BTC to another (with 0.0005 BTC as the transaction fee).

d) Dave withdraws Bitcoin from Coinbase to a personal wallet, then immediately sends it to another address.

e) Eve consistently makes Bitcoin transactions between 9 AM and 5 PM Eastern Time on weekdays.

Exercise 31.4: Ring Signatures Conceptual

Explain how Monero's ring signatures protect sender privacy using the following analogy: Ten people are sitting around a table, and one of them wrote a message. A ring signature proves that someone at the table wrote the message without revealing who.

Now extend the analogy to address the following: - What determines the "ring size" (how many people are at the table)? - What happens if the ring size is 1 (only one person)? - Why is mandatory ring signatures (Monero's approach) more privacy-preserving than optional ring signatures? - What is the theoretical weakness if an attacker controls multiple "people at the table" (decoy outputs)?

Exercise 31.5: zk-SNARKs Intuition

Without using any mathematical notation, explain the concept of a zk-SNARK to a non-technical person using the following analogy:

Imagine you want to prove to a friend that you know the solution to a Sudoku puzzle without revealing the solution. Describe how you might do this, and then connect the analogy to how Zcash uses zk-SNARKs to verify transactions without revealing transaction details.

Your answer should address: What is being proved? What is kept secret? Who is the prover? Who is the verifier? Why is this useful for financial privacy?

Technical Analysis

Exercise 31.6: Transaction Graph Analysis

Consider the following simplified Bitcoin transaction graph:

Address A (Coinbase withdrawal, identified as Alice)
    --> 0.5 BTC to Address B
    --> 0.3 BTC to Address C (change)

Address B
    --> 0.5 BTC to Address D (known exchange deposit address)

Address C
    --> 0.3 BTC to Address E

Address F (unknown origin)
    --> 0.2 BTC to Address E

Address E (has inputs from C and F)
    --> 0.48 BTC to Address G
    --> 0.0195 BTC to Address H (change)

Answer the following: a) Which addresses can be definitively linked to Alice? Explain using specific heuristics. b) Can Address F be linked to Alice? Why or why not? c) What does the common-input-ownership heuristic tell us about the transaction spending from Address E? d) If Address D is a known Binance deposit address, what additional information does this provide? e) A chain analysis firm flags this set of transactions. What confidence level (high, medium, low) would they assign to linking each address to Alice?

Exercise 31.7: Mixing Effectiveness

A user deposits 1.0 ETH into a Tornado Cash-like mixing pool. The pool currently contains deposits from 99 other users, all of exactly 1.0 ETH.

a) What is the user's anonymity set immediately after depositing? b) The user withdraws 1.0 ETH to a new address exactly 30 seconds after depositing. How does this affect their effective anonymity? What information has the timing leaked? c) Of the 100 depositors, 3 (including our user) deposited from addresses linked to a known exchange. An adversary knows this. How does the anonymity set change for these 3 users? d) Propose three behavioral best practices that a user should follow to maximize their anonymity when using a mixing service.

Exercise 31.8: Privacy Coin Comparison

You are advising a human rights organization that needs to receive donations from people living under an authoritarian regime. The donors' identities must be protected at all costs — discovery could mean imprisonment or worse.

Compare the suitability of the following options, considering both privacy strength and practical usability: 1. Bitcoin with CoinJoin mixing 2. Monero 3. Zcash (shielded transactions) 4. Receiving donations in stablecoins through a VPN

For each option, identify: (a) the primary privacy mechanism, (b) the main vulnerability that could compromise donor identity, (c) practical challenges the organization would face in using it, and (d) your recommendation with justification.

Critical Thinking and Policy Analysis

Exercise 31.9: The Tornado Cash Dilemma

The US Treasury has sanctioned Tornado Cash. You are a policy advisor who must brief a Congressional committee on whether this action was appropriate. Prepare two arguments:

Argument A: The sanctions were appropriate and should be upheld. - Cite at least three specific facts about how Tornado Cash was used for illicit purposes - Address the concern about open-source code being sanctioned - Propose how similar protocols should be regulated going forward

Argument B: The sanctions were inappropriate and should be reversed. - Cite at least three specific legal or constitutional concerns - Address the concern about North Korean fund laundering - Propose alternative approaches to address illicit use without sanctioning the code itself

After presenting both arguments, write a one-paragraph personal assessment that acknowledges the strongest point from each side.

Exercise 31.10: CBDC Privacy Design

You have been hired by a democratic government to design the privacy architecture for a new CBDC. Your design must balance four requirements:

  1. User privacy: Ordinary transactions should not be visible to the government
  2. Law enforcement access: With a court order, specific users' transactions should be discoverable
  3. AML compliance: Transactions above a threshold should be reportable
  4. Sanctions enforcement: Payments to sanctioned entities should be blockable

Design a privacy architecture that addresses all four requirements. Your design should specify: - What information is encrypted by default - Who holds the decryption keys - Under what circumstances decryption can occur - What technical mechanism enforces the threshold reporting - How sanctioned addresses are blocked without revealing all transaction data

Identify at least two fundamental tensions or tradeoffs in your design that cannot be fully resolved.

Exercise 31.11: Developer Liability

Alexey Pertsev was convicted of money laundering for his role in developing Tornado Cash. Consider the following analogies and evaluate whether each is a valid comparison:

a) A locksmith who manufactures lock-picking tools that are used by burglars b) A gun manufacturer whose products are used in crimes c) An encryption software developer whose product is used by terrorists to communicate d) A car manufacturer whose vehicles exceed the speed limit e) A social media platform developer whose platform is used to plan a crime

For each analogy, identify: (1) how it is similar to the Tornado Cash case, (2) how it is different, and (3) whether existing legal doctrine holds the creator liable. Then write your own position on where the line should be drawn for developer liability for privacy tools.

Exercise 31.12: The Philosophical Spectrum

This chapter presented four positions on the "should money be private?" spectrum: 1. Total transparency 2. Regulated transparency (status quo) 3. Privacy with exceptions 4. Total privacy

Write a 500-word essay arguing for the position you find most compelling. Your essay must: - Acknowledge the strongest argument against your position - Explain why you find that argument ultimately unpersuasive - Identify a specific real-world scenario where your position would produce a bad outcome, and explain why you still hold the position despite this

Applied Exercises

Exercise 31.13: Operational Security Audit

A journalist is investigating corruption in a country with an authoritarian government. They plan to receive a cryptocurrency payment from a source inside the country. Audit the journalist's proposed plan and identify every privacy vulnerability:

  1. Source buys Bitcoin on a local exchange using their bank account
  2. Source sends Bitcoin to the journalist's published donation address
  3. Journalist receives Bitcoin in a mobile wallet connected to their home WiFi
  4. Journalist converts Bitcoin to local currency on a different exchange

Rewrite the plan with improved operational security, explaining each change.

Exercise 31.14: Code Analysis

Review the transaction_tracing.py code provided with this chapter. Then answer: a) What are the three clustering heuristics implemented in the code? b) How does the code identify change outputs? What assumptions does this make? c) Run the code and describe the transaction graph it generates. Which addresses are clustered together? d) Modify the code to add a "temporal analysis" heuristic that flags transactions occurring within 60 seconds of each other as likely related. Describe what additional clusters this reveals.

Exercise 31.15: Privacy Comparison Tool

Review the privacy_comparison.py code provided with this chapter. Then answer: a) What dimensions does the code use to compare privacy across different cryptocurrencies? b) According to the code's scoring model, which cryptocurrency provides the strongest overall privacy? Do you agree with the scoring? c) Modify the code to add a "regulatory risk" dimension that scores how likely each cryptocurrency is to face exchange delistings or regulatory restrictions. d) Add a new cryptocurrency to the comparison (e.g., Dash, Litecoin with MimbleWimble, or Secret Network) and justify your scoring.

Research and Discussion

Exercise 31.16: Current Events

Research the current status of one of the following and write a one-page briefing: a) The Van Loon v. Department of Treasury case (Tornado Cash sanctions challenge) b) Roman Storm's trial and its outcome c) The status of Monero on major exchanges (which have delisted it, which still list it, and why) d) The latest developments in the European Central Bank's digital euro privacy design

Exercise 31.17: Debate Preparation

Prepare for a structured in-class debate on the proposition: "Resolved: Privacy coins should be banned in all democratic countries."

Prepare both an affirmative case (arguing for the ban) and a negative case (arguing against). Each case should include: - An opening statement (2 minutes) - Three main arguments with supporting evidence - Anticipated rebuttals to the strongest opposing arguments - A closing statement that acknowledges the complexity of the issue

Exercise 31.18: Comparative Analysis

Compare the approaches to cryptocurrency privacy regulation in three jurisdictions: 1. The United States (OFAC sanctions, FinCEN guidance) 2. The European Union (MiCA regulation, GDPR's "right to be forgotten" vs. blockchain immutability) 3. Japan (FSA approach to privacy coins)

For each jurisdiction, identify: (a) the legal framework governing privacy coins, (b) whether privacy coins are legal to trade, (c) how the jurisdiction balances privacy rights with AML enforcement, and (d) any notable enforcement actions.