Chapter 31 Quiz

Multiple Choice

1. What is the fundamental difference between pseudonymity and anonymity in the context of Bitcoin?

a) Pseudonymity means using a fake name; anonymity means using no name b) Pseudonymity links actions to a consistent identifier without linking to a real identity; anonymity means the identity is completely unknown c) Pseudonymity is weaker because it requires internet access; anonymity works offline d) There is no meaningful difference; the terms are interchangeable

Answer: b) Pseudonymity links actions to a consistent identifier (a Bitcoin address) without directly linking to a real-world identity, while anonymity means the identity is completely unknown and unlinkable. The critical distinction is that if a pseudonym is ever linked to a real identity, the entire history of actions under that pseudonym is retroactively exposed.

2. Which of the following is the MOST significant way that Bitcoin addresses get linked to real-world identities?

a) IP address logging when transactions are broadcast b) Exchange KYC (Know Your Customer) requirements c) Social media posts containing addresses d) Merchant shipping records

Answer: b) Exchange KYC requirements are the single largest source of identity linkage. When users create accounts on regulated exchanges, they provide government ID, and every deposit and withdrawal address associated with their account is linked to their identity. This data is shared with law enforcement and serves as the anchor point for chain analysis.

3. The "common input ownership heuristic" used by chain analysis firms assumes that:

a) All outputs of a transaction belong to the same person b) All inputs of a transaction belong to the same entity c) Addresses that receive funds at the same time belong to the same person d) Addresses with similar balances belong to the same entity

Answer: b) The common input ownership heuristic assumes that all inputs to a single Bitcoin transaction belong to the same entity, because creating a multi-input transaction requires the private keys for all input addresses. This assumption holds for most ordinary transactions but fails for CoinJoin transactions and multi-signature wallets.

4. How does the "change output analysis" heuristic work?

a) It tracks how frequently an address changes its balance b) It identifies which output of a transaction is the payment and which is returned to the sender as change c) It monitors changes in transaction fees over time d) It analyzes how address ownership changes between entities

Answer: b) Bitcoin transactions typically consume entire UTXOs. If you spend 0.3 BTC from a 1.0 BTC UTXO, the transaction creates two outputs: 0.3 BTC to the recipient and ~0.7 BTC back to you as "change." By identifying the change output (using signals like round numbers, wallet fingerprinting, and fresh addresses), analysts can identify the sender's new address and continue tracing.

5. Which of the following correctly describes Monero's ring signature privacy mechanism?

a) Transactions are encrypted so only the sender and recipient can read them b) Each transaction input is mixed with decoy inputs, making it impossible to determine which is the real spender c) Transactions are sent through multiple intermediate nodes that each add a layer of encryption d) Transaction details are stored off-chain and only a hash is recorded on the blockchain

Answer: b) Monero's ring signatures mix the real transaction input with decoy inputs (currently 15 decoys for a ring size of 16). The ring signature cryptographically proves that one of the inputs is genuine without revealing which one. An observer sees 16 possible senders and cannot determine which is real.

6. What is the main weakness of Zcash's privacy model compared to Monero's?

a) Zcash's zk-SNARKs are mathematically weaker than ring signatures b) Zcash requires a trusted setup ceremony that could be compromised c) Zcash's privacy (shielded transactions) is optional, and most users do not use it d) Zcash transactions are slower than Monero transactions

Answer: c) Zcash's shielded transactions are optional, and historically over 85% of Zcash transactions use transparent addresses. This creates a small anonymity set for shielded users and makes the use of shielded transactions itself a potentially suspicious signal. Monero, by contrast, makes privacy mandatory for all transactions, ensuring a larger anonymity set and eliminating the suspicion signal.

7. How did Tornado Cash achieve mixing without custodying user funds?

a) By using a trusted third party to hold funds temporarily b) By using a smart contract where users deposited fixed amounts and later withdrew with a zero-knowledge proof c) By routing transactions through multiple blockchain networks d) By converting ETH to a privacy coin and back

Answer: b) Tornado Cash used a smart contract where users deposited fixed amounts of ETH along with a cryptographic commitment. To withdraw, users submitted a zero-knowledge proof demonstrating knowledge of a valid commitment without revealing which one. The smart contract was fully non-custodial — it held deposits and released them upon valid proof verification, with no central operator.

8. The OFAC sanctioning of Tornado Cash was unprecedented because:

a) It was the first time the US sanctioned a cryptocurrency b) It was the first time the US sanctioned an autonomous smart contract — code with no central operator or owner c) It was the first time the US sanctioned a privacy tool d) It was the first time the US sanctioned a non-US entity

Answer: b) OFAC had previously sanctioned people, companies, and even specific cryptocurrency addresses. But Tornado Cash was an autonomous smart contract running on Ethereum with no CEO, no board, no central operator, and no off switch. Sanctioning ownerless code raised fundamental questions about the scope of OFAC's authority and the nature of code as speech.

9. In the Van Loon v. Department of Treasury case, the Fifth Circuit Court of Appeals ruled that:

a) OFAC had no authority to sanction any cryptocurrency-related entity b) The Tornado Cash smart contracts were not "property" within the meaning of IEEPA because they were immutable, ownerless code c) Tornado Cash was a legitimate financial service that should be regulated rather than sanctioned d) The sanctions violated the First Amendment right to free speech

Answer: b) The Fifth Circuit found that the specific immutable smart contracts at issue were not "property" of any person within the meaning of the International Emergency Economic Powers Act (IEEPA), because no person owned or controlled them. This was a narrow ruling on statutory authority rather than a broad constitutional ruling.

10. China's digital yuan (e-CNY) uses the concept of "controllable anonymity," which means:

a) Users can choose their own level of anonymity for each transaction b) Small transactions have some privacy protections, but the central bank retains the ability to see all transactions and de-anonymize any user c) All transactions are anonymous unless the user opts into transparency d) Privacy is controlled by a decentralized network of validators

Answer: b) "Controllable anonymity" means that while small transactions may have limited privacy protections, the People's Bank of China retains full visibility into all transactions and the ability to de-anonymize any user when it determines there is a need. The "control" is held by the central bank, not the user.

11. Which of the following is NOT a valid argument for financial privacy?

a) Financial surveillance has historically been used by authoritarian governments to repress dissidents b) Privacy-preserving cryptocurrency makes tax evasion impossible to detect c) KYC/AML compliance costs billions of dollars per year and disproportionately burdens the poor d) Surveillance powers, once established, tend to expand beyond their original scope

Answer: b) This is actually an argument against financial privacy (that it would make tax enforcement harder), not an argument for it. The other three — authoritarian abuse, disproportionate compliance costs, and surveillance creep — are all well-documented arguments in favor of financial privacy.

12. The concept of "zero-knowledge compliance" refers to:

a) Complying with regulations without knowing which regulations apply b) Using zero-knowledge proofs to demonstrate regulatory compliance without revealing the underlying transaction data c) A system where regulators have zero knowledge of any cryptocurrency transactions d) Compliance programs that require zero investment in technology

Answer: b) Zero-knowledge compliance uses cryptographic proofs to allow users to demonstrate that their transactions satisfy regulatory requirements (e.g., not involving sanctioned entities, below reporting thresholds) without revealing the actual transaction details. This approach aims to balance privacy with legitimate regulatory needs.

13. The "proof of innocence" concept proposed after the Tornado Cash sanctions would allow users to:

a) Prove that they never used Tornado Cash b) Prove that their deposited funds did not originate from OFAC-sanctioned addresses, without revealing which address they deposited from c) Prove that they are not criminals d) Prove that Tornado Cash should not have been sanctioned

Answer: b) A proof of innocence protocol would generate a zero-knowledge proof demonstrating "my deposit came from an address that is not on this sanctions list" without revealing which address it came from. This would allow compliant users to use mixing protocols while satisfying sanctions requirements.

14. Which statement best characterizes the relationship between chain analysis and exchange KYC?

a) They are redundant — either one alone is sufficient for de-anonymization b) They work in tandem — KYC provides identity at on-ramps, and chain analysis traces funds between on-ramps c) Chain analysis has made KYC unnecessary d) KYC has made chain analysis unnecessary

Answer: b) Chain analysis can trace the flow of funds across the blockchain but cannot independently identify the real person behind an address. Exchange KYC links addresses to identities but only at the points where users interact with regulated services. Together, they form a comprehensive surveillance system: KYC provides the anchor points, and chain analysis connects the dots between them.

15. From a philosophical perspective, the chapter argues that the privacy-surveillance debate is best characterized as:

a) A clear case where privacy should always win b) A clear case where surveillance should always win c) A genuine tension between two real values, with no costless solution d) A manufactured controversy with an obvious correct answer

Answer: c) The chapter presents the debate as a genuine tension between two legitimate values — the right to financial privacy (which protects civil liberties and shields individuals from authoritarian control) and the need for financial surveillance (which enables the detection and prevention of serious crime). Both sides invoke real harms and real values, and every position on the spectrum sacrifices something of value.

Short Answer

16. Explain why Monero's mandatory privacy is considered a stronger privacy model than Zcash's optional privacy, even though Zcash's underlying cryptography (zk-SNARKs) may be mathematically stronger than ring signatures.

Model Answer: Mandatory privacy creates a larger anonymity set because every transaction contributes to the privacy of every other transaction. With optional privacy, the small number of users who opt into the privacy feature form a small anonymity set, and the mere act of choosing the privacy option becomes a suspicious signal that may attract scrutiny. Even if Zcash's zk-SNARKs provide stronger theoretical privacy for an individual shielded transaction, the practical privacy is undermined by the small number of users actually using shielded transactions. The lesson is that privacy is a collective property, not just an individual one — your privacy depends on how many other people are also being private.

17. A friend says, "The Tornado Cash case doesn't matter to me because I don't use mixers." Explain why the legal precedent set by the Tornado Cash sanctions could have broader implications beyond cryptocurrency mixing.

Model Answer: The Tornado Cash sanctions established the precedent that the US government can sanction autonomous, open-source code — software that has no owner, operator, or central point of control. If this precedent stands, it could be applied to other privacy-enhancing technologies: VPN software, Tor relay code, end-to-end encryption protocols, or any open-source tool that could be used for illicit purposes. The developer arrest further implies that writing code that is later used for illegal purposes could result in criminal liability, which would chill open-source development globally. The case also raised questions about whether code is speech protected by the First Amendment, a question with implications for all software, not just cryptocurrency mixing.

18. Describe two specific ways that a CBDC could be used for political repression by an authoritarian government, and explain why cryptocurrency (even with its limited privacy) provides a partial safeguard against these risks.

Model Answer: (1) Account freezing: A CBDC gives the government the ability to instantly freeze any individual's funds without needing a bank as intermediary. An authoritarian government could freeze the accounts of opposition leaders, journalists, or protest organizers, cutting them off from all economic activity. (2) Transaction monitoring: Complete visibility into all transactions would allow the government to identify anyone who donates to opposition groups, purchases banned materials, or financially supports disfavored organizations. Cryptocurrency, even pseudonymous Bitcoin, provides a partial safeguard because it operates outside government-controlled infrastructure — the government cannot freeze a Bitcoin wallet without the private key, and the decentralized network cannot be directed to censor specific transactions. Privacy coins like Monero provide stronger protection by hiding transaction details from all observers.

19. Explain the concept of "change output analysis" and describe two techniques that a privacy-conscious Bitcoin user could employ to defeat this heuristic.

Model Answer: Change output analysis identifies which output of a Bitcoin transaction is the payment and which is the "change" returned to the sender, thereby revealing the sender's new address. Analysts use signals like round-number amounts (the payment is likely the round number), wallet fingerprinting (the change output matches the sender's wallet format), and fresh addresses (change is sent to newly generated addresses). To defeat this: (1) Equal-output transactions: Create transactions where all outputs are the same amount (as in CoinJoin), making it impossible to distinguish payment from change. (2) Avoid round numbers: Never send round-number amounts; add random small amounts to payments so that no output is obviously the "payment" based on its value. Additional techniques include using different wallet software for change addresses and spending entire UTXOs without change when possible.